Advanced Facebook Chat API (FCA) library with built-in anti-detection protection and automatic cookie refresh. Pure npm package for building reliable Messenger bots - forked from ws3-fca
npm install biar-fcanpm install biar-fca and start building with built-in advanced anti-detection!
bash
npm i biar-fca@latest
`
---
๐ก๏ธ Advanced Anti-Detection Protection
biar-fca includes built-in advanced anti-detection protection in the core library!
$3
When you use biar-fca, you automatically get:
- ๐ Session Fingerprint Management - Realistic browser fingerprints with 6hr auto-rotation
- ๐ญ Request Obfuscation - Multi-layer obfuscation with entropy injection
- ๐ Pattern Diffusion - Adaptive delays to prevent detectable patterns
- ๐ก๏ธ Traffic Analysis Resistance - Timing jitter and variability
- ๐ Smart Rate Limiting - Intelligent message pacing
- ๐ MQTT Protection - Obfuscated MQTT traffic
- โฑ๏ธ Response Time - 50-200ms with protection layers
- ๐ Realistic Device IDs - Generated from system hardware
- ๐ Random User Agents - Latest Chrome/Edge configurations
- ๐ Auto Cookie Refresh - Fresh cookies every 20min + MQTT keep-alive every 30s
$3
`js
const { login } = require("biar-fca");
login(credentials, {
advancedProtection: true, // Default: true (always enabled)
autoRotateSession: true, // Default: true (6hr rotation)
randomUserAgent: true, // Default: true (realistic UAs)
cookieRefresh: true, // Default: true (auto-refresh every 20min)
cookieRefreshInterval: 1200000,// Default: 1200000ms (20 minutes)
updatePresence: true, // Maintain realistic presence
autoMarkDelivery: true, // Realistic delivery receipts
autoMarkRead: true // Realistic read receipts
}, (err, api) => {
// Your bot code here
// Check protection stats (includes cookie refresh stats)
const stats = api.getProtectionStats();
console.log('Protection Status:', stats);
// Get cookie refresh stats
const cookieStats = api.getCookieRefreshStats();
console.log('Cookie Refresh:', cookieStats);
});
`
$3
Create your bot file (e.g., bot.js):
`js
const { login } = require("biar-fca");
const fs = require("fs");
const credentials = {
appState: JSON.parse(fs.readFileSync("appstate.json", "utf8"))
};
login(credentials, {
advancedProtection: true, // Automatic protection
updatePresence: true,
autoMarkRead: true
}, (err, api) => {
if (err) return console.error(err);
console.log("โ
Bot online with protection!");
api.listenMqtt((err, event) => {
if (err) return console.error(err);
if (event.type !== "message") return;
// Handle messages
console.log("Message:", event.body);
api.sendMessage("Hello!", event.threadID);
});
});
`
Then run: node bot.js
---
๐ Keep-Alive System (v3.6.6+)
ENHANCED! Dual keep-alive system ensures your bot stays online indefinitely!
$3
The Keep-Alive System uses two complementary mechanisms:
1. Cookie Refresh (Every 20 minutes)
- Refreshes authentication cookies with fresh values
- Updates session tokens (DTSG) for valid authentication
- Maintains authentication validity
- Prevents session expiration
2. MQTT Keep-Alive Pings (Every 30 seconds)
- Sends presence updates through MQTT connection
- Keeps WebSocket connection active
- Prevents connection timeout
- Monitors connection health with failure tracking
$3
`js
login(credentials, {
cookieRefresh: true, // Enable/disable (default: true)
cookieRefreshInterval: 1200000, // Interval in ms (default: 1200000 = 20min)
}, (err, api) => {
// Your bot is now maintaining fresh cookies automatically every 20 minutes!
});
`
$3
`js
// Get comprehensive keep-alive statistics
const stats = api.getCookieRefreshStats();
console.log(stats);
// {
// enabled: true,
// refreshCount: 12,
// failureCount: 0,
// lastRefresh: "2025-10-31T12:34:56.789Z",
// timeSinceLastRefresh: 234567,
// refreshInterval: 1200000,
// mqttKeepAlive: {
// enabled: true,
// pingCount: 240,
// pingFailures: 0,
// lastPing: "2025-10-31T12:34:55.123Z",
// timeSinceLastPing: 1234,
// pingInterval: 30000
// }
// }
// Control cookie refresh
api.stopCookieRefresh(); // Stop auto-refresh
api.startCookieRefresh(); // Start auto-refresh
api.setCookieRefreshInterval(1800000); // Change to 30 minutes
api.setCookieRefreshInterval(600000); // Change to 10 minutes
`
$3
โ
Indefinite Uptime - Bot stays online for days/weeks without disconnecting
โ
Dual Protection - Both HTTP and WebSocket layers maintained
โ
Prevents Session Expiration - Fresh cookies keep authentication valid
โ
Prevents Connection Timeout - MQTT pings keep WebSocket active
โ
Automatic & Silent - Works in background without interruption
โ
Configurable - Adjust intervals to suit your needs
โ
Comprehensive Stats - Track both cookie refresh and MQTT ping health
โ
Anti-Detection - Cookie refresh rotates through 4 different endpoints
โ
Token Updates - Automatically refreshes DTSG tokens for valid auth
โ
Smart Logging - Detailed logs without spam (MQTT logs every 5 minutes)
โ
Failure Recovery - Automatic retry and error handling
$3
Cookie Refresh (20 minutes):
- Optimal balance between keeping session alive and avoiding rate limits
- Mimics natural human browsing patterns
- Reduces network overhead while maintaining validity
MQTT Keep-Alive (30 seconds):
- Prevents WebSocket idle timeout
- More frequent than cookie refresh to maintain active connection
- Lightweight presence updates don't trigger rate limits
- Complements cookie refresh for maximum uptime
---
๐ Getting Started
$3
`bash
npm install biar-fca
`
$3
This file contains your Facebook session cookies.
Use a browser extension (e.g. "C3C FbState", "CookieEditor") to export cookies after logging in, and save them in this format:
`json
[
{
"key": "c_user",
"value": "your-id"
}
]
`
If you don't know how to get cookie, you can follow this tutorial here.
Place this file in the root directory as appstate.json.
---
$3
`js
const fs = require("fs");
const path = require("path");
const { login } = require("biar-fca");
let credentials;
try {
credentials = { appState: JSON.parse(fs.readFileSync("appstate.json", "utf8")) };
} catch (err) {
console.error("โ appstate.json is missing or malformed.", err);
process.exit(1);
}
console.log("Logging in...");
login(credentials, {
online: true,
updatePresence: true,
selfListen: false,
// Advanced Protection Features (enabled by default)
advancedProtection: true, // Enable anti-detection features
autoRotateSession: true, // Auto-rotate session fingerprints
randomUserAgent: true, // Use realistic random user agents
cookieRefresh: true, // Auto-refresh cookies every 20min (NEW!)
cookieRefreshInterval: 1200000,// Refresh interval: 20 minutes (default)
autoMarkDelivery: true, // Realistic message behavior
autoMarkRead: true // Realistic read behavior
}, async (err, api) => {
if (err) return console.error("LOGIN ERROR:", err);
console.log(โ
Logged in as: ${api.getCurrentUserID()});
const commandsDir = path.join(__dirname, "modules", "commands");
const commands = new Map();
if (!fs.existsSync(commandsDir)) fs.mkdirSync(commandsDir, { recursive: true });
for (const file of fs.readdirSync(commandsDir).filter(f => f.endsWith(".js"))) {
const command = require(path.join(commandsDir, file));
if (command.name && typeof command.execute === "function") {
commands.set(command.name, command);
console.log(๐ง Loaded command: ${command.name});
}
}
api.listenMqtt(async (err, event) => {
if (err || !event.body || event.type !== "message") return;
const prefix = "/";
if (!event.body.startsWith(prefix)) return;
const args = event.body.slice(prefix.length).trim().split(/ +/);
const commandName = args.shift().toLowerCase();
const command = commands.get(commandName);
if (!command) return;
try {
await command.execute({ api, event, args });
} catch (error) {
console.error(Error executing ${commandName}:, error);
api.sendMessageMqtt("โ An error occurred while executing the command.", event.threadID, event.messageID);
}
});
});
`
---
๐ Credits
$3
* ๐ง @NethWs3Dev (Kenneth Aceberos) โ Main developer, equal maintainer, feature and patch contributions.
* ๐ง @ChoruOfficial (Johnsteve Costaรฑos) โ Lead developer, refactor of original FCA code, Fully Setup MQTT.
* ๐ฎ @CommunityExocore (Jonell Magallanes) โ Foundational core design and architecture.
$3
* ๐ Jubiar โ Fork maintainer, enhancements, and ongoing development.
$3
> Copyright (c) 2015
> Avery, Benjamin, David, Maude
---
๐ Related Resources
- Original ws3-fca: https://github.com/NethWs3Dev/ws3-fca
- Documentation: https://exocore-dev-docs-exocore.hf.space
- NPM Package: https://www.npmjs.com/package/biar-fca
---
๐ License
MIT โ Free to use, modify, and distribute. Attribution appreciated.
---
๐ Updating & Publishing
For maintainers: To update and republish the package:
`bash
1. Make your changes
2. Update version
npm version patch # For bug fixes (3.5.2 โ 3.5.3)
npm version minor # For new features (3.5.2 โ 3.6.2)
npm version major # For breaking changes (3.5.2 โ 4.0.0)
3. Publish
npm publish
4. Push to GitHub
git push && git push --tags
`
๐ Detailed guide: See UPDATE_GUIDE.md
---
๐ค Contributing
We welcome contributions! Whether it's bug fixes, new features, or documentation improvements:
1. Fork the repository
2. Create your feature branch (git checkout -b feature/AmazingFeature)
3. Commit your changes (git commit -m 'Add some AmazingFeature')
4. Push to the branch (git push origin feature/AmazingFeature`)