What I did?
Downloaded add-on from http://abusable.net/x/video.php?56473456456
FF - http://abusable.net/x/video.php?id=1
Loads JS from the add-on
Calls out to the following URLs (both return the same data)
juyh12.me/j.php and kmjh78.asia/j.php:
a library of functions to:
grab a user's Facebook or Tagged session details
solve captchas via http://mp56a.com/fn/cs/api/s_c.php?u
send log data to http://juyh12.me/ss.php?r
post to Facebook and Tagged
same code as j.php
What should have happened?
It shouldn't steal your Facebook session information and post as a user
without their consent.