

Reverse-engineering the Google +1 button using Firebug - uberstart
http://randomistas.tekeu.com/2011/07/04/reverse-engineering-the-google-1-button-using-firebug/

======
jgrahamc
I'm not how this is 'reverse engineering' and there's no indication that
faking the JSON actually causing the +1 to be activated. Looking in the Safari
debugger it looks like there's a bunch of other stuff going on when the +1
button is pressed. There are a load of extra headers in the HTTP request:

    
    
      Origin: https://clients6.google.com
      Origintoken: APfa0boTRJ3fof-lEyAVjVQzO_sSMz5frFmbeeMTJ2nASXJBVUX7PDb2dnWA3pGrlmuefwvwXuC9l2
      Clientdetails: appVersion=5.0%20(Macintosh%3B%20U%3B%20Intel%20Mac%20OS%20X%2010_5_8%3B%20en-
      us)%20AppleWebKit%2F533.21.1%20(KHTML%2C%20like%20Gecko)%20Version%2F5.0.5%20Safari%2F533.21
      .1&platform=MacIntel&userAgent=Mozilla%2F5.0%20(Macintosh%3B%20U%3B%20Intel%20Mac%20OS%20X%2
    
      010_5_8%3B%20en-us)%20AppleWebKit%2F533.21.1%20(KHTML%2C%20like%20Gecko)%20Version%2F5.0.5%20Safari%2F533.21
      .1
      X-Javascript-User-Agent: google-api-javascript-client/1.0.0-alpha
      X-Origin: https://plusone.google.com
      X-Referer: https://plusone.google.com/u/0/_/+1/button?hl=en-US&jsh=h%3Brt%2F225303364-  
      e72328d15
    

And in the response he gets there seem to be a bunch of missing fields (on my
machine there's the title and information about my logged in Google Account)
and there's also the count of +1s on that page. He seems to be getting a 0
return. Wouldn't be much surprise if this is Google's way of showing that it
ignored the request.

~~~
yaix
The article did not talk about a click but only about the display. They are
only trying to access the displayed click count number directly via PHP.

------
pilif
Considering this rpc key parameter, I really wonder how long this is going to
work and I'd say this is a bug on googles side that it even worked.

I checked their embed page (<http://www.google.com/webmasters/+1/button/>) and
I don't see that it requires any API key what so ever, so I assume this
rpc_key thing is something private to the API and fetched as the button-JS
communicates with the server.

These keys are probably issued with limited time validity, so possibly the
script of the OP has already stopped working (I haven't tried yet).

We DO need a real API for this though - if we webmasters do Google a favor and
add the plus one buttons, the least they could do is give us a means of
finding out how many time the button has actually been used.

Otherwise, this is a bit one sided: We lend Google space, we do the work of
adding the button, but we get nothing in return.

~~~
personalcompute
> Otherwise, this is a bit one sided: We lend Google space, we do the work of
> adding the button, but we get nothing in return.

You get the whole purpose of the button for you in the first place, users
encouraged to share your content.

------
mkr-hn
I tried cracking open the button to customize it, but I lack the skills to go
all the way. I'd rather lobby Google to make a real API for it anyway.

------
jeggers5
That's pretty awesome, I wonder if it's rate limited at all?

I think they may have thought people might try this. Very cool though.

------
ivanbernat
Firebug. I remember using it for the first time - felt like I was born again.

------
bryanhun
Nice work! Thanks for posting.. I will add this to my Trendn App.

------
ddemchuk
I did this about a day after they officially launched +1 with Ruby for my own
app. I scrape probably 2-4000 urls a day, it works fine.

Most badges or like buttons can be reverse engineered like this, it's not too
hard.

