This very short tutorial will explain my way of creating Facebook open redirect links. s some of you may know, Facebook open redirects are rare and hard to make due to the LinkShin (l.php)
This method however, is easy and Facebook the selves don't think this is a vulnerability: "This is not a vulnerability in our opinion." Note the "in our opinion" - to me this is a vulnerability.
This open redirect will work as long as your are friends with the person you are sending the link to.
Step 1 :-
First Visit to this link over to http://facebook.com/help/cookies
The page will look like :-
Step 2 :-
Then view the page source and search for h=
Step 3 :-
copy the security code after the h= and before the &s=. It will look like this h=XXXXXXXXX You have to copy only XXXXXXXXX
Step 4 :-
Now simply create the URL like http://facebook.com/l.php?u=http://best4hack.com/&h=XXXXXXXXX
Step 5 :-
Give this link to your victim he or she will get the redirect to be open (without "leaving facebook" warning)
As said earlier you can only get the redirect to be open (without "leaving facebook" warning) if you're sending this link to a friend.
It is possible to create the link before adding the victim as a friend. But there does have to be that "relationship" between accounts.