This is a POC - DO NOT use it for a production environment Info credits goes to thecker at Github Today
Checking this POC code against facebook's proxygen-bolt ->
https://github.com/lhecker/libnodeccDo not use libnodecc in a developer's production environment, just for research experiments only.
See:
https://urlscan.io/result/3b26405e-cc14-49fb-ba92-e2e2f8be0368/jsonview/and
https://urlquery.net/report/c85aceb0-5456-4363-ad7f-b9bb3e960636proxygen-bolt unrecognized despite returning data
There always should be room for PHP (in)security testing: Security Checks for -static.xx.fbcdn.net
Verdict of insecurity:(2) Susceptible to man-in-the-middle attacks
HSTS header does not contain includeSubDomains
HSTS header not prepared for preload list inclusion
Vulnerable to cross-site attacks
HttpOnly cookies not used
error to go onto
-static.xx.fbcdn.net/rsrc.php/v3iCvN4/yt/l/DE/iNEySX6agJT.js benign
info: [decodingLevel=0] found JavaScript
error: undefined variable __d
error: undefined function __d
nested undefined variable error, when you try to grab, but you do not see what is run...(pol).
polonus (volunteer website security analyst and website error-hunter)