Hacking Facebook the Hard Way

Join Unofficial Facebook Bug Bounty Group

https://www.facebook.com/groups/bugbountygroup/

Asset

• Facebook Whitehat Information https://www.facebook.com/whitehat/info/
• Facebook APKs - APKMirror https://apkmirror.com/apk/facebook-2/
• Facebook on the App Store https://itunes.apple.com/us/developer/facebook-inc/id284882218
• Over 41 Facebook Products & Services https://www.minterest.com/list-of-all-facebook-products-and-services/
• List of mergers and acquisitions by Facebook https://en.wikipedia.org/wiki/List_of_mergers_and_acquisitions_by_Facebook

How to Find New Features

• Facebook Newsroom https://newsroom.fb.com/
• Jane Manchun Wong https://twitter.com/wongmjane
• Matt Navarra https://twitter.com/MattNavarra
• News for Developers https://developers.facebook.com/blog
• HH Facebook Changelog / Interface Microagressions https://www.facebook.com/groups/whobrokethebuild/

Core Testing Methodologies

• A Facebook GraphQL crash course https://www.facebook.com/notes/phwd/a-facebook-graphql-crash-course/1189337427822946/
• Guide to approaching API bugs https://www.facebook.com/notes/phwd/facebook-api-bug-bounties-the-basic-sauce/818002471623112
• Unofficial Map of where to find Facebook Bounties https://www.facebook.com/notes/phwd/facebook-bug-bounties-the-unofficial-treasure-map/1020506894706001

SSL Pinning Bypass

• OneForAllFacebook https://github.com/phwd/OneForAllFacebook
• Bypass Facebook SSL Certificate Pinning for iOS https://www.facebook.com/watch/?v=1466262083463811
• Security Testing for Mobile Apps Made Easy https://www.facebook.com/notes/facebook-bug-bounty/security-testing-for-mobile-apps-made-easy/2528930930454451/
• Testing Facebook Mobile Application on Nox Player https://www.youtube.com/watch?v=BuQJuD2W6wg

Write-ups

• List of Facebook Bug Bounties https://philippeharewood.com/facebookbugbounties.txt
• 2017-2018 Facebook Write-ups https://github.com/1hack0/Facebook-Bug-Bounty-Write-ups
• 2019 Facebook Write-ups https://airtable.com/shrjEc0BV0VXpmEqN

Recommended Blogs

• Youssef Sammouda https://ysamm.com
• Bugreader https://bugreader.com
• Philippe Harewood https://philippeharewood.com
• Josip Franjković https://www.josipfranjkovic.com