Link Search Menu Expand Document
CS 161 Labs

BeReal

Difficulty: Hard

In this question, we’re going to simulate a real-life attack on a social media platform (BeReal).

API Endpoint 

https://generic.cs161.org/api/bereal/getFriendSuggestions

This endpoint takes in a JSON payload that’s structured as follows:

{
    "toInclude": [
        "username1",
        "username2"
    ], "toExclude": [
        "username3"
    ]
}

Given a list of your friends, this endpoint tells you who your friends are friends with, sorted by the number of mutual friends you have with each of your friends’ friends.

Example

We’ve already translated this request into Python syntax for you below! You’ll need to attach a valid authentication token from your server login, though. You should be able to grab the token from any request the site makes when you’re signed in.

import requests

cookies = {
    'jwt': '<redacted>'
}

headers = {
    'Accept': '*/*',
    'x-access-token': '<redacted>',
}

json_data = {
    'toInclude': [
        'alice',
    ],
    'toExclude': [
        'mallory',
    ],
}

response = requests.post('https://generic.cs161.org/api/bereal/getFriendSuggestions', headers=headers, json=json_data, cookies=cookies, verify=False)

Given this information, answer the following questions:

Task Questions

  1. How many users are in the BeReal network? (Hint: curiousPie0 is a user of the network, and the network is fully connected.)

Hint: it may be helpful to look at the structure of an existing authenticated network request by copying it as a cURL command and then converting it into Python requests syntax by pasting it into here. This may help you figure out what to set the jwt and x-access-token to.