Reading your Facebook messages stealthy

Hello everyone. I am back with a new handy trick today. As you can guess from the title itself this will allow you to see Facebook messages without getting flagged as seen. It may sound creepy but it might save your ass and you will thank me one day. This post is gonna be long. So, take a break, grab a cup of coffee and get ready!

Facebook Seen Image

You might be wondering that there are many applications out there that can do the same job. But if you are concerned about your privacy then you should not trust third party applications. I will show you the most possible ethical method to do something beneficial.

Lets discuss the cases.

Case 1: (You are not on Facebook messenger but your friend is)

In this case there is a bug. Whenever your friend sends you a message from messenger it automatically sets the status of the message as seen. I have reported it multiple times to Facebook but they haven’t resolved it yet. So there is nothing use of the trick as the status of the message will always be flagged as seen. To be safe better get messenger for your smart phone.

Case 2: (Rest possible combinations 😀 )

There are two ways in which we can access the data of Facebook. First one is the sweet normal way which provides a graphical user interface (GUI). The other one is through API (Application Programming Interface) that Facebook provides.

So, what is this API? It is nothing but a set of methods by which you can access the data (well limited data) of the system. Most of the popular systems provide API so that their data can be accessed more flexibly.

Facebook provides the Graph API. There are multiple nodes to which you can request for data. You can find the list of all nodes in the documentation provided by Facebook. Over the years there has been multiple versions of this API, the latest one being v2.5 as of now. To make you understand how this graph API works lets try an exercise to retrieve your basic information.

First Log In to Facebook. Then go to the Graph API explorer. You will see a console in which you can submit queries. By default you will see the input field contains “me?fields=id,name ” written. Just press the submit button and you will see a result in JSON (JavaScript Object Notation) format. JSON is a light-weight self describing data interchange format. There will be key value pairs like that in an object. You will get data of the id and name field of the node named me. You can also retrieve the information from following url

https://graph.facebook.com/me?access_token=YOUR_ACCESS_TOKEN

To get the access token click Get Token then Get User Access Token. Then a pop up will show where you have to click on the Get Access Token button. This grants us with the basic permission. Replace YOUR_ACCESS_TOKEN with access token in the graph API explorer. The access token is a random variable length long (~220 chars) string that is used for authorized API queries. It expires every hour and you have to regenerate it for API access. So now you can see the JSON response on the browser.

Note: A JSON response is not as pretty as it looks like. Generally you have to use a JSON formatting tool to achieve that. One handy tool that I have come across is the JSONView extension. It formats the JSON response there itself in the browser. It is available for Firefox as well as for Chrome(unofficial).

Now that you have became friends with the API lets access our inbox messages. To do so you have to query the inbox node. For this request, you need change the version number from v2.5 to v2.3. The inbox node query is no longer supported from v2.4 onward. Then you need to get the read_mailbox permissions. To do so click the Get Token button then Get User Access Token. A popup window will show up. Then check the read_mailbox option from the Extended Permissions tab. Lastly click Get Access Token button. The series of screenshots below will describe the process in case you are having any trouble.

api1

api2

api3

And the request URL will be

https://graph.facebook.com/me/inbox?access_token=YOUR_ACCESS_TOKEN

And you will see the conversations with your friends in JSON format. Let me guide you with the structure of the JSON response that you will get. On the top level there will be an array named data that will contain the objects for each thread of the messages. Search for a key named message and you will get the conversation located on every message key of the object array. Initially it will display the last 25 conversations and there will be a node named paging for the link to the older conversations. In this way you can access the whole conversation and if there are any unread messages it will also be shown here and those messages will not be flagged as seen.

I had reported this thing to Facebook and this was their reply:

fbReply

So, I thought why not make a tutorial for this. They have removed this feature in later versions but the brighter side is v2.3 is still available till July 8, 2017. So till then you can exploit this feature.

I have made a simple web interface named LAST 25 which will display the last 25 messages of the the last 25 friends contacted. You can find the source in my GitHub profile. Consider it as a Christmas gift from me. Just replace YOUR_ACCESS_TOKEN with the access token that you got from Graph API Explorer. I could have made a Facebook app for this but then you would have to log In to Facebook with your credentials and you would think twice before entering your password and judge me. So better make things clear. 😀

Now time for assumptions.

  1. You should be logged into Facebook.
  2. It will only display text messages. Other things like images, attachments  and stickers will be not displayed.
  3. It is for long messages. For Short messages you can peek from your notification bar in your smart phone.
  4. You should not query too frequently. I think there is a limit of  200 requests in a 60 minute window. After that they will block the request for a certain amount of time.

Thanks for your time. Merry Christmas!