It is obvious that you must become friends with someone to view their Facebook profile. Three Facebook flaws will teach us how to make friends with anyone together. There are three steps to this process to view someone's Facebook profile without being friends:

1. We will exploit the person's profile through a little-known Facebook vulnerability;

2. We will become friends with her, thanks to a rather violent (but effective) social-engineering technique;

3. We will exploit the second vulnerability on Facebook to avoid detection and removal;

You are solely responsible for what you do with it, and it is neither necessarily legal nor particularly ethical.

Generally speaking, you can view a person's Facebook profile without becoming friends.

In 99% of instances, pretending to be one of your target's closest Facebook friends will be sufficient to get you accepted on his profile. Create a false Facebook account using a friend's name and profile picture, then invite them using that account.

My targets have always accepted my “pirate” friend requests because:

Either she thinks it's their friend who is recreating a Facebook account for one reason or another;

Either she thinks it's a scam but out of curiosity, she accepts the invitation to find out more;

There is almost no chance that you will fail. The delicacy of this social engineering attack, however, lies in the exploitation of 2 intriguing Facebook security holes.

1. Analyze profile and friends list.

To find your target's “best Facebook friend” you have two solutions:

Either you know your target well, and you naturally know one of his very good friends;

Either you use the flaw that I will explain to you;

This error involves making an entirely false Facebook profile (another profile), as dubious as possible. Do not post profile pictures followed by an odd name (even "oizefeizjfoz" will do). Send only one friend request to your target, and don't like any other pages or join any other groups.

Your target will always reject your friend request because they will think you are spam. Exactly what we want is this. There will be a “people you may know” insert on your Facebook page as soon as you send the invitation.

The people featured in this insert are none other than your target's closest Facebook friends, who have just let you down. Facebook will automatically link the two of you and display all of her friends in the “you probably know…” box. Go to step 2 after selecting one at random.

2. Create a fake profile based on your target's real friend

After getting to know one of their closest friends (either naturally or by exploiting the previous security flaw), all you have to do is make a new account with that person's name and profile picture.

I'll be blunt: It's identity theft, and at this point, you are solely responsible for your actions. However, we won't harm anyone by using this fictitious profile. Never communicate with anyone on Facebook Messenger or in a chat room using this fake profile. A grave violation of fundamental rights has occurred here.

Add your target as a friend after creating your real-fake profile. Go to step 3 as soon as she accepts you.

3. Clean and freeze your fake account

First, you can be sure that the target will message you on Facebook. Never respond. To speak on behalf of another person while assuming their identity would be very unhealthy.

However, you should first update your profile picture and name. You will stop impersonating people in this manner. Remove your profile picture and enter a random name; the rest don't care.

Problem: Your intended audience will likely learn about your plan and delete you from Facebook. Let's use a second Facebook vulnerability to prevent this. Go to your real-fake Facebook profile's “security options” tab and select “deactivate your account” from the list of options at the bottom.

An account that has been deactivated still has full access, but completely vanishes from the radar. You will undoubtedly be removed from your target's list of friends. You will have vanished, and she won't be able to remove you from her Facebook profile.

The most intriguing fact is that, unless you don't use your Facebook account at all for four weeks, you can only temporarily deactivate it. Your account will automatically be restored after you log in once more. To access your target's information, you must periodically reactivate your account (wall, photos, etc.). You deactivate your account once you are finished with your brief spying.

During the precise period that you reactivated your account, your target is unlikely to look for you in their friend list. Otherwise, it would be extremely unlucky…

Please don't hesitate to email me if you have any questions or comments.