Why? Because I desire to post videos to my business's "page", and apparently "normal" apps can't do that. The official Facebook app has permissions that you apparently cannot give to yourself.
It used to be possible to impersonate the Facebook iPhone app when accessing it via the graph API by generating an OAuth token using that app's ID (6628568379) and secret (c1e620fa708a1d5696fb991c1bde5662).
After working for years, that token stopped working last week: now those sessions say "the user has changed the password", which is... a weird error. So I tried to regenerate it the way I had in the past, by loading this in a logged-in browser:
That ought to redirect to a URL with an access_token= on it, but now it says "does not look like a valid app ID."
So maybe the app ID of the current iPhone app is different? But "https://
And if I run the FB iPhone app through mitmproxy, I can't log in, so I can't sniff it. Maybe it's doing cert pinning. Who knows.
Any suggestions on how to re-crack this bastard?