eZinefacebook group hackingfacebook hackingfacebook vulnerabilitypenetration testingUNKL4B

Monitoring Closed Groups on Facebook

Become a Patron!


Did you care custodiet ipsos custodes?

I thought a lot if I would write this post or not, but anyway, I want to talk a little about monitoring.
In many jobs it is necessary to gather information, monitor and have the strategy of how to act with a specific target, I already have a certain experience with crawlers, even though it is still small and I lack much to really say that I know about it, taking advantage of this I I joined the util with the nice.

We live in a time when information is worth a lot of money, companies can predict attacks or even fraud on account of relevant information.

Based on a work I was doing I needed to monitor some actions to protect my client, I realized that the main means of communication was closed facebook groups, so I looked for tools in which I could monitor such groups closed to the public on facebook, I did not succeed in finding a tool that did this and went after developing something to do the monitoring.

I’ll try to figure out how to create a basic script so you can monitor this type of action, just to get a sense of how I did it.

Some pros and cons of the script:


  • You will have recent posts from groups
  • Can you predict a coordinated action
  • You can use the data obtained for your intelligence center to improve the scope of monitoring


  • Facebook does not have many resources for this type of monitoring
  • Works as a “gambiarra” of codes
  • Brief this feature will become obsolete
  • (IMPORTANT) You must be within the group in which you want to monitor

Based on the cons, you can see that the script is not recommended for a product, but for a brief monitoring.

Well, leaving the scrolling aside, let’s jump to the code itself.

Facebook in the developer area has a feature called Graph that can be better understood here (https://developers.facebook.com/docs/graph-api).

With facebook’s graphs, we’ve been able to read through their APIs through post APIs and post them, knowing this, I’ve been researching a way to read facebook group content, I’ve discovered that you can read community postings closed only on APIs v2.1 to v2.3, currently the facebook api is in v2.8, so I could not do the search without generating a token, I had to do a “gambiarra” using selenium.

Generating Facebook API access token

Before generating the token, we have to understand what we are going to research and how to search, facebook provides via GET to api, a simple query consists of the following way:


The result comes as follows in json (in this query above):

id: "117488975323006",
name: "Danilo Vaz"

Beauty, understanding this, let’s now create our token manually and then we put together a script that generates the token.

Open the browser on the page: https://developers.facebook.com/tools/explorer


Note that the token is indicated as “Access token“. Okay, see also below that indicates the API used, in this case the 2.8.

To do what we want we have to generate the token in the API 2.3, last API with the resource that we will use.

Click “Get Token”

enter image description here

Will open a window like the window below, then click the upper right corner and select the API 2.3.

enter image description here

Now let’s select the item “user_groups“Highlighted in the image below:

Click in “Get Access Token“Which will generate the token we need. Now if you re-query a private group it will return the group’s posts.

Putting it into practice with python

Now that we understand how to generate a token and extract the posts, we will see the code to accomplish this.

I made a commit with a basic script to understand.


I separated it into 4 scripts:

  • facebook.py – central script, it concentrates the code to generate the token that we saw above and accomplishes the get of the posts in the groups.
  • banco.py – does the insert and creates the bank where we will store the posts that we collect
  • genlog.py – generates logs of errors that can give, it stores a txt with the date of the log event in the logs /
  • realt.py – it generates an HTML page with the posts, frankly, I did not need it, but I found it interesting to show the results in a simplified way

I’ll explain some parts of the script that I find interesting, the rest, I think it’s easy to understand, it’s worth looking at the code and studying it if you want to learn.

Generating token with python

To generate the token I used selenium, basically it simulates a browser and performs the human processes that we did manually to generate it automatically.

Another detail, I used an own lib to run the query on facebook, I found it simpler to do that than to write the code doing GET in api. The lib is the facepy, it is very easy to use it.

Returning to the selenium, I will skip the part of how to download it, I believe that you should know how to do it, something else, just look at the source.

Between lines 107 and 146 is the class responsible for generating the token, when instanciating the selenium browser I needed to access the login page that redirected to the DEV part of facebook, for this I did as follows:

gen_browser = self.browser ()
gen_browser.get ('https://www.facebook.com/login/?next=https%3A%2F%2Fdevelopers.facebook.com%2Ftools%2Fexplorer')

Notice the URL used, it redirects directly to the facebook tool explorer, but before that, we need to login to facebook, on lines 111 to 115 I search for the id of the HTML tag, it was not very difficult to find, looking at the code source easily you think.

set_email = gen_browser.find_element_by_id ('email')
set_email.send_keys (self.user_mail)
set_password = gen_browser.find_element_by_id ('pass')
set_senha.send_keys (self.user_pass)
set_senha.send_keys (Keys.RETURN)

First I create the variable “set_email” with the element whose ID is ’email’, this is the text-box where we insert our email or telephone to login, in the line below, I send to the field as the parameter passed to script with the ‘-u’ nomenclature of user, it reads and types in the field.

I did the same process for the password, after typing, I sent an ENTER to the page, logging in and redirecting myself to the dev page.

If you look at line 116 will see that I put a wait of 10 seconds, this helps in the loading time of the page, if the internet is a bit slow, give the time to load all the next elements of the page to be used.

From line 117 I do the same process of login, however taking the ID of all the elements that we click and select in the manual process.

get_token = gen_browser.find_elements_by_class_name ('_ 55pe')
get_token[1].click ()
print ("[+] Step 1/6 completed! ")
self-congratulation (5)
get_useracc = gen_browser.find_element_by_class_name ('_ 2nax')
get_useracc.click ()
print ("[+] Step 2/6 completed! ")
self catering (3)
get_versao = gen_browser.find_elements_by_class_name ('_ 55pe')
get_versao[len(get_versao)-1].click ()
print ("[+] Step 3/6 completed! ")
self catering (3)
set_versao = gen_browser.find_element_by_link_text ('v2.3')
set_versao.click ()
print ("[+] Step 4/6 completed! ")
self-congratulation (2)
set_user_group = gen_browser.find_element_by_name ('user_groups')
set_user_group.click ()
gen_token = gen_browser.find_elements_by_class_name ('_ 4jy0')
gen_token[len(gen_token)-3].click ()
print ("[+] Step 5/6 completed! ")
self-congratulation (2)
token = gen_browser.find_elements_by_class_name ('_ 58al')
access_token = token[1].get_attribute ('value')
self.timestamp1 = datetime.datetime.now ()
gen_browser.close ()
print ("[+] Step 6/6 completed! ")
print (" n[+] Consulting groups ... ")
print (" n[+] Token:% s "% access_token)
return access_token

Basically this is how I generate the token, since I can not use it in the normal API process, I had to do this “gambiarra”.

After this process is just JSON parser, I believe you will be able to easily understand the code.

Another point, I have separated the configs folder / to put the groups in which I want to monitor, for example:

Inside the folder has a file named ‘config.json’, its structure is as follows:


In each ID is placed the ID of the private group in which the user that you will use to monitor has access, as said at the beginning of the article, you need to be inside the group to monitor, as Snowden said, “When you are inside yourself assumes that it is part of the system. ”

To use the script is simple, the syntax is as follows:

~ $> python facebook.py -u "user" -p "password"

Follow the script prints by running:

script exec

Basically that’s it, I wanted to show that it’s possible to create closed facebook group monitoring, although it’s a generic medium, it’s possible.

This same logic works for open groups too, just put the group ID in the configuration file.

Source by [UNKl4B]

Show More

Leave a Reply

Back to top button