Facebook have implemented a white hat secuirty testing setting that allows its users to test security over various Facebook services.
[hide]
[size=large][font=CustomSerif, Georgia, Cambria,]Facebook will knowingly break its Certificate Pinning mechanism for its users that use white hat settings. Pinning is used to improve security of a website that uses SSL. Pinning allows websites to allow or disallow a user by searching for a specific cryptographic identity. SSL Certificate Pinning techniques are often used to defend against sniffing attacks.[/font][/size]
[font=CustomSerif, Georgia, Cambria,] [/font]
[font=CustomSerif, Georgia, Cambria,]Whitehat Settings can be enabled by going to Facebook’s main app however Facebook Messenger instant messaging client and Instagram app is only supported for Android.[/font]
[font=CustomSerif, Georgia, Cambria,] [/font]
[font=CustomSerif, Georgia, Cambria,]Facebook White hat settings has built-in proxy for that can be used for API interactions. Facebook White Hat settings have included a feature that can disable TLS 1.3 support.[/font]
[font=CustomSerif, Georgia, Cambria,] [/font]
[font=CustomSerif, Georgia, Cambria,]To enable Facebook White Hat researcher settings go to[/font]
[font=CustomSerif, Georgia, Cambria,] [/font]
[size=large][font=CustomSerif, Georgia, Cambria,]https://www.facebook.com/whitehat/researcher-settings/[/font][/size]
[size=large]
[/size]
[size=large][size=large][font=CustomSerif, Georgia, Cambria,]Image shows Facebook White Hat Researcher settings.[/font][/size][/size]
[font=CustomSerif, Georgia, Cambria,] [/font]
[font=CustomSerif, Georgia, Cambria,]Once white hat researcher settings are enabled, a Whitehat Settings button will show up in each of the applications selected.[/font]
[font=CustomSerif, Georgia, Cambria,]From the white hat researcher settings we can enable user installed CAs for your Facebook account and Facebook white hat test account.[/font]
[font=CustomSerif, Georgia, Cambria,] [/font]
[size=large][size=large][font=CustomSerif, Georgia, Cambria,]Facebook Android App White Hat Settings can be found under Settings & Privacy.[/font][/size][/size]
[size=large][size=large][font=CustomSerif, Georgia, Cambria,]
[/font][/size][/size]
[size=large][size=large][font=CustomSerif, Georgia, Cambria,]
[/font][/size][/size]
[size=large][size=large][font=CustomSerif, Georgia, Cambria,][size=large][font=CustomSerif, Georgia, Cambria,]Facebook Messenger App White Hat Settings can be found by clicking on your display picture and scrolling down to Internal.[/font][/font][/size][/size][/size]
[size=large][size=large][font=CustomSerif, Georgia, Cambria,][size=large][font=CustomSerif, Georgia, Cambria,]
[/font][/font][/size][/size][/size]
[size=large][size=large][font=CustomSerif, Georgia, Cambria,][size=large][font=CustomSerif, Georgia, Cambria,]
[/font][/font][/size][/size][/size]
[size=large][size=large][font=CustomSerif, Georgia, Cambria,][size=large][font=CustomSerif, Georgia, Cambria,][size=large][font=CustomSerif, Georgia, Cambria,]It’s easy and best practice to turn White Hat Researcher settings off when we are not testing any Facebook applications.[/font][/font][/size][/font][/size][/size][/size]
[color=rgba(0, 0, 0, 0.8)][size=large][color=rgba(0, 0, 0, 0.8)][size=large][font=CustomSerif, Georgia, Cambria,][color=rgba(0, 0, 0, 0.8)][size=large][font=CustomSerif, Georgia, Cambria,][color=rgba(0, 0, 0, 0.8)][size=large][font=CustomSerif, Georgia, Cambria,][/hide][/font][/font][/size][/color][/font][/size][/color][/size][/color][/size][/color]