Login to Facebook using cURL

facebook-login.sh

#!/bin/bash

# If it redirects to http://www.facebook.com/login.php at the end, wait a few minutes and try again

EMAIL='YOUR_EMAIL' # edit this
PASS='YOUR_PASSWORD' # edit this

COOKIES='cookies.txt'
USER_AGENT='Firefox/3.5'

curl -X GET 'https://www.facebook.com/home.php' --verbose --user-agent $USER_AGENT --cookie $COOKIES --cookie-jar $COOKIES --location # redirects to https://login.facebook.com/login.php
curl -X POST 'https://login.facebook.com/login.php' --verbose --user-agent $USER_AGENT --data-urlencode "email=${EMAIL}" --data-urlencode "pass=${PASS}" --cookie $COOKIES --cookie-jar $COOKIES
curl -X GET 'https://www.facebook.com/home.php' --verbose --user-agent $USER_AGENT --cookie $COOKIES --cookie-jar $COOKIES

sorry for the lengthy post but that's exactly why cURL'ing is a vital skill to learn and develop a habit in doing vs Trusting any network you're on.
Networking, Informational Services, and Security Development/Cryptography has that level of control across the internet that the average active user such as myself is unaware of & I didn't even explain it wholly!

I recommend you use a VPN from a provider you can trust when using a hostile network. Make sure you statically configure your DNS settings so there's no leaking your DNS queries to the network adversary.
Man in the middle attacks often employ proxies or other stream parsers to manipulate HTTP traffic in real time. Completely encrypting your traffic with a VPN will render the proxy/parsers useless.
If Mr crypto expert is abusing PKI (public key infrastructure) to decrypt your traffic then the tell tale sign would be in your operating systems certificate store. He would have had to install a certificate he generated and placed it in your certificate store.