{"id":57,"date":"2015-12-25T05:12:14","date_gmt":"2015-12-24T23:42:14","guid":{"rendered":"http:\/\/www.ankurdebnath.in\/blog\/?p=57"},"modified":"2017-06-01T22:33:32","modified_gmt":"2017-06-01T17:03:32","slug":"reading-your-facebook-messages-stealthy","status":"publish","type":"post","link":"https:\/\/www.ankurdebnath.in\/blog\/2015\/12\/25\/reading-your-facebook-messages-stealthy\/","title":{"rendered":"Reading your Facebook messages stealthy"},"content":{"rendered":"

Hello everyone. I am back with a new handy\u00a0trick today. As you can guess from the title itself this\u00a0will allow you to see Facebook messages without getting flagged as seen. It may sound creepy but\u00a0it might save your ass and you will thank me\u00a0one day. This post is gonna be long. So, take a break, grab a cup of coffee\u00a0and get ready!<\/p>\n

<\/p>\n

\"Facebook<\/p>\n

You might be wondering that there are many applications out there that can do the same job. But if you are concerned about your privacy then you should not trust third party applications. I will show you the most possible ethical method to do something\u00a0beneficial.<\/p>\n

Lets discuss the cases.<\/p>\n

Case 1:<\/strong><\/span>\u00a0(You are not on\u00a0Facebook messenger but your friend is)<\/p>\n

In this case there is a bug. Whenever your friend sends you a message from messenger it automatically sets the status of the message as seen. I have reported it multiple times to Facebook but they haven’t resolved it yet. So there is nothing use of the trick as the status of the message will always be flagged as seen. To be safe better get messenger for your smart phone.<\/p>\n

Case 2:<\/strong><\/span> (Rest possible combinations \ud83d\ude00 )<\/p>\n

There are two ways in which we can access the data of Facebook. First one is the sweet normal way which provides a graphical user interface (GUI). The other one is through\u00a0API (Application Programming Interface) that Facebook provides.<\/p>\n

So, what is this API? It is nothing but a set of methods by which you can access the data (well limited data) of the system. Most of the popular systems provide API so that their data can be accessed more flexibly.<\/p>\n

Facebook provides the Graph API. There are multiple nodes to which you can request for data. You can find the list of all nodes in the documentation<\/a><\/span> provided by Facebook. Over the years there has been multiple versions of this API, the latest one being v2.5 as of now. To make you understand how this graph API works lets try an\u00a0exercise to retrieve your basic information.<\/p>\n

First Log In to Facebook. Then go to the Graph API explorer<\/a><\/span>. You will see a console in which you can submit queries. By default you will see the input field contains “me?fields=id,name<\/code><\/span>\u00a0” written. Just press the submit button and you will see a result in JSON (JavaScript Object Notation) format. JSON is a light-weight self describing data interchange format. There will be key value pairs like that in an object. You will get data of the id and name field of the node named me.\u00a0<\/strong>You can also retrieve the information from\u00a0following url<\/p>\n

https:\/\/graph.facebook.com\/me?access_token=YOUR_ACCESS_TOKEN<\/code><\/p>\n

To get the access token click Get Token<\/strong> then Get User Access Token<\/strong>. Then a pop up will show where you have to click on the Get Access Token<\/strong> button. This grants us with the basic permission.\u00a0Replace YOUR_ACCESS_TOKEN with access token in the graph API explorer. The access token is a random variable length long (~220 chars) string that is used for authorized\u00a0API queries. It expires\u00a0every hour and you have to regenerate it for API access. So now you can see the JSON response on the browser.<\/p>\n

Note:<\/strong> A JSON response is not as pretty as it looks like. Generally you have to use a JSON formatting tool to achieve that. One handy tool\u00a0that I have come across is the JSONView<\/a><\/span> extension. It formats the JSON\u00a0response there itself in the browser. It is available for Firefox<\/a><\/span> as well as for\u00a0Chrome<\/a><\/span>(unofficial).<\/p>\n

Now that you have became friends with\u00a0the API lets access our inbox messages. To do so you\u00a0have to query the inbox node. For this request, you\u00a0need change the version number from v2.5 to v2.3. The inbox node query is no longer supported from v2.4 onward. Then you need to get the read_mailbox<\/strong> permissions. To do so click the Get Token\u00a0<\/strong>button then Get\u00a0User Access Token<\/strong>. A popup window will show up. Then check the read_mailbox\u00a0<\/strong>option from the Extended Permissions\u00a0<\/strong>tab.\u00a0Lastly click Get Access Token <\/strong>button. The series of screenshots below will describe the process in case you are having any trouble.<\/p>\n

\"api1\"<\/p>\n

\"api2\"<\/p>\n

\"api3\"<\/p>\n

And the request URL will be<\/p>\n

https:\/\/graph.facebook.com\/me\/inbox?access_token=YOUR_ACCESS_TOKEN<\/code><\/p>\n

And you will see the conversations with\u00a0your friends in JSON format. Let me guide you with the structure of the JSON response that you will get. On the top level there will be an array named\u00a0data\u00a0<\/strong>that will contain the objects for each thread of the messages. Search for a key named message\u00a0<\/strong>and you will get the conversation located on every message\u00a0<\/strong>key of the object array. Initially it will display the last 25 conversations and there will be a node named\u00a0paging\u00a0<\/strong>for the link to the older conversations. In this way you can access the whole conversation and if there are any unread messages it will also be shown here and those messages will not be flagged as seen.<\/p>\n

I had reported this thing\u00a0to Facebook and this was their reply:<\/p>\n

\"fbReply\"<\/p>\n

So, I thought why not make a tutorial for this. They have removed this feature in later versions but the brighter side is v2.3 is still available till\u00a0July 8, 2017<\/strong>. So till then you can exploit this feature.<\/p>\n

I have made a simple web interface named LAST 25 which will display the last 25 messages of the the last 25 friends contacted. You can find the source<\/a><\/span> in my GitHub profile<\/a><\/span>. Consider it as a Christmas gift from me. Just replace YOUR_ACCESS_TOKEN with the access token that you got from Graph API Explorer. I could have made a Facebook app for this but then you would have to log In to Facebook with your\u00a0credentials\u00a0and you would think twice before entering your password and judge me. So better make things clear. \ud83d\ude00<\/p>\n

Now time for assumptions.<\/p>\n

    \n
  1. You should be logged into Facebook.<\/li>\n
  2. It will only display text messages. Other things like images, attachments \u00a0and stickers will be not displayed.<\/li>\n
  3. It is for long messages. For Short messages you can peek\u00a0from your notification bar in your smart phone.<\/li>\n
  4. You should not query too frequently. I think there is a limit of \u00a0200 requests in a\u00a060 minute window. After that they will block the request for a certain amount of time.<\/li>\n<\/ol>\n

    Thanks for your time. Merry Christmas!<\/p>\n","protected":false},"excerpt":{"rendered":"

    Hello everyone. I am back with a new handy\u00a0trick today. As you can guess from the title itself this\u00a0will allow you to see Facebook messages without getting flagged as seen. It may sound creepy but\u00a0it might save your ass and you will thank me\u00a0one day. This post is gonna be long. So, take a break, […]<\/p>\n","protected":false},"author":1,"featured_media":58,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":""},"categories":[6],"tags":[],"jetpack_featured_media_url":"https:\/\/i1.wp.com\/www.ankurdebnath.in\/blog\/wp-content\/uploads\/2015\/12\/facebookSeen.jpg?fit=586%2C440&ssl=1","jetpack_sharing_enabled":true,"amp_validity":null,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ankurdebnath.in\/blog\/wp-json\/wp\/v2\/posts\/57"}],"collection":[{"href":"https:\/\/www.ankurdebnath.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ankurdebnath.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ankurdebnath.in\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ankurdebnath.in\/blog\/wp-json\/wp\/v2\/comments?post=57"}],"version-history":[{"count":25,"href":"https:\/\/www.ankurdebnath.in\/blog\/wp-json\/wp\/v2\/posts\/57\/revisions"}],"predecessor-version":[{"id":146,"href":"https:\/\/www.ankurdebnath.in\/blog\/wp-json\/wp\/v2\/posts\/57\/revisions\/146"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ankurdebnath.in\/blog\/wp-json\/wp\/v2\/media\/58"}],"wp:attachment":[{"href":"https:\/\/www.ankurdebnath.in\/blog\/wp-json\/wp\/v2\/media?parent=57"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ankurdebnath.in\/blog\/wp-json\/wp\/v2\/categories?post=57"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ankurdebnath.in\/blog\/wp-json\/wp\/v2\/tags?post=57"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}