Last Sunday, I was testing for Instagram stories.
With two devices one with the Android phone and other was the desktop with Windows OS.
User A is on Android Device and User B on Windows.
Who could reply to your stories has 3 options:
I turned on Web proxy.
I opened up the story of the User A who had just posted.
Now I start replying to his story and eventually turned on the proxy.
I clicked on the Send button.
I also started to reply to the stories of few celebrities of India, but all good comments.😂
There was a POST HTTP Request that was sent from my browser to the Instagram Servers:
POST direct/***//**/send
Cookie: ajdslfkjalksdjfl;jasldjflajsdf
X-INSTAGRAM-Header: qlwejrjqwejjqw
X-CSRF:aljslkjflk;ajsldfj
text="USER"&repliedToMedia=[STORY_ID]
Now I sent this to repeater.
Now with User A's account I changed the settings to "No one can reply"
From User B I replayed the request in the Brup Repeater
The response was 400 Bad Request
At this time User A wasn't following User B and only User B is a follower of him and can see all the media.
Well, I changed the settings to People you Follow Back
Now also the same 400 Bad Request
Well done, that was good part of security.
Now I blocked User B.
Then the response was different it was 403 Forbidden
I didn't report to Facebook obviously since the security is perfect.
That's all folks have a good day..
With two devices one with the Android phone and other was the desktop with Windows OS.
User A is on Android Device and User B on Windows.
Scenario 1:
Story settings of User A.Who could reply to your stories has 3 options:
- Your followers.
- People you follow back
- No one can reply
I turned on Web proxy.
I opened up the story of the User A who had just posted.
Now I start replying to his story and eventually turned on the proxy.
I clicked on the Send button.
I also started to reply to the stories of few celebrities of India, but all good comments.😂
There was a POST HTTP Request that was sent from my browser to the Instagram Servers:
POST direct/***//**/send
Cookie: ajdslfkjalksdjfl;jasldjflajsdf
X-INSTAGRAM-Header: qlwejrjqwejjqw
X-CSRF:aljslkjflk;ajsldfj
text="USER"&repliedToMedia=[STORY_ID]
Now I sent this to repeater.
Now with User A's account I changed the settings to "No one can reply"
From User B I replayed the request in the Brup Repeater
The response was 400 Bad Request
At this time User A wasn't following User B and only User B is a follower of him and can see all the media.
Well, I changed the settings to People you Follow Back
Now also the same 400 Bad Request
Well done, that was good part of security.
Now I blocked User B.
Then the response was different it was 403 Forbidden
I didn't report to Facebook obviously since the security is perfect.
That's all folks have a good day..
Comments
Post a Comment