Facebook is one of the favorite social networking sites of all people.It is a very secure site containing a four phase security,unlike orkut which contains three phase security.It is not easy to hack a facebook account.But there are vulnerabilities which still exist in facebook.So we shall be discussing one of them in this article to hack a facebook account.
Cookies is a very important part of all social networking sites as well as email websites.The username and password which we enter at the login page gets encrypted and saved as a cookie.If yor are browsing facebook,just try going to your browser settings and clear the cookies.Then you shall not be able to access your account and you will be redirected to the login page.Login again to access your account.
Here in this article we shall be using cookie stealing to hack a facebook account in LAN or wi-fi.This process of hacking a facebook account is divided into two phases-
-Cookie Stealing
-Cookie Injecting
For cookie stealing part,we shall be using packet sniffing technique,means that we shall capture the data packets sent/received to the server.For that we require a good packet sniffer.Wireshark can be used for that.It is one of the better packet sniffers.You can download wireshark here for free.
After installing wireshark,run it and set the filter at the top left to http.cookie contains datr (It should appear green,if red then there's some problem.)Then hit Enter.
This should show you only packets captured which contain the cookie we’re looking for. You can see that in this screenshot we’ve already captured a cookie.
Cookies is a very important part of all social networking sites as well as email websites.The username and password which we enter at the login page gets encrypted and saved as a cookie.If yor are browsing facebook,just try going to your browser settings and clear the cookies.Then you shall not be able to access your account and you will be redirected to the login page.Login again to access your account.
Here in this article we shall be using cookie stealing to hack a facebook account in LAN or wi-fi.This process of hacking a facebook account is divided into two phases-
-Cookie Stealing
-Cookie Injecting
For cookie stealing part,we shall be using packet sniffing technique,means that we shall capture the data packets sent/received to the server.For that we require a good packet sniffer.Wireshark can be used for that.It is one of the better packet sniffers.You can download wireshark here for free.
After installing wireshark,run it and set the filter at the top left to http.cookie contains datr (It should appear green,if red then there's some problem.)Then hit Enter.
This should show you only packets captured which contain the cookie we’re looking for. You can see that in this screenshot we’ve already captured a cookie.
Once you’ve found a suitable cookie, you can copy it into the buffer by right clicking on the cookie line, and clicking Copy -> Bytes (Printable Text Only)
So the first phase of cookie stealing is done.Now the second phase,which is cookie injecting.
For this phase, we require mozilla firefox browser.This browser has got many add ons so it is the most preferred browser for hackers.For cookie injecting,we require the gresemonkey and the cookieinjector scripts.Open firefox and download these scripts from the links given below-
Install these add ons,Restart firefox if needed.Then log on to facebook.com(Make sure you are not logged in) and then hit Atl+C to bring the cookie injector dialog box.Then Paste the captured cookies.
Click Ok and then reload the page..........you’re now logged in as your victim!!!!!
Inorder to protect your account from this kind of attack,Enable HTTPS browsing(Account->Account settings->Account Security).Many people avoid using HTTPS because while using third party games/applications,they have to turn off HTTPS,but a secured connection is again established upon the next login.So HTTPS must be enabled otherwise you could be easily hacked while you are browising facebook in a public wi-fi network or in your computer labs especially if you have got hackers in your class :)
This post is meant only for educational purposes,any
misuse of the above information shall not be the
responsibility of publisher
This post is meant only for educational purposes,any
misuse of the above information shall not be the
responsibility of publisher
No comments:
Post a Comment