How I bypassed Facebook’s Linkshim Protection.

Greetings Everyone!

Hope You All are Doing Great. This is a Writeup on How I Bypassed the Linkshim Protection of Facebook.

What is LinkShim?

How Does it Work?

That was a Brief detail about Link Shim. 
So Link Shim is basically a Tool or a System which is used for Redirection Purposes and takes 2 Parameters as Mentioned above which are:

  1. The Redirect URL (Domain where you’re Going to be Redirected).
  2. A Specific Hash (A Hash Generated for a specific domain you’re trying to visit).

But if you wanna read more about Linkshim, Here’s a Detailed writeup on it.

So when I was testing it, something that caught my attention was that the Server wasn’t Validating the Hash. I managed to change the URL to another site without changing the Hash and it Worked.

For example:

The Url was something like:

https://l.facebook.com/l.php?u=https%3A%2F%2Fwww.bigcommerce.com&h=ATPag133QUFJFGXZzOJXVWi6rY49jEU1x8se_tmQiZE7xM3hvkkEEB_vgz1K8GXDMx9JtiBVPf0Xqj2i2cS2znvCgHxRkiIAQctwahxJDNXCYLUxfH8lxBJgIZ0h6-EprCO-RA

I have shortened the URL so that you could understand it better.

Now u is the Domain and h is the Hash.
So what I did, I simply changed the u (Domain) to another Domain without changing the Hash and It just Got Redirected.

Here’s a Video on it:

So I didn’t waste my Time and Reported it to Facebook and Got this Reply.

So that was a False Positive. No Problem.

But wait they said that Feel Free to test Linkshim against a URL belonging to a known malicious website, such as http://evilzone.org.

Now this was a Challenge. I did the whole process again and pasted the Malicious URL as Following:

https://l.facebook.com/l.php?u=http://evilzone.org&h=ATPag133QUFJFGXZzOJXVWi6rY49jEU1x8se_tmQiZE7xM3hvkkEEB_vgz1K8GXDMx9JtiBVPf0Xqj2i2cS2znvCgHxRkiIAQctwahxJDNXCYLUxfH8lxBJgIZ0h6-EprCO-RA

But Unfortunately, I got this:

So that was the issue. I tried different methods to Bypass this But all in Vain.
And Suddenly One of My recent Bypasses Came into My Mind.
I gave it a Try and Fortunatley it Worked and the Linkshim was Bypassed.

Here’s the Bypass:

I went to goo.gl and shortened the URL which was evilzone.org and got something like https://goo.gl/7bXgxB. When I implemented it on the Vulnerable URL I was able to redirect to the Evilzone.org.

Here’s a Video On it:

I was Like:

I was Very Happy But Unfortunatley Redirects are Not Accepted By Facebook.

I Hope you Enjoyed the Writeup. If I’ve made a Mistake Somewhere Kindly Rectify it.

Special Thanks to All the Leets who Shares

Best Regards,
Anees Khan