I am back...... # admin Yogesh Jain ★HACK FACEBOOK BY COOKIE STEALING :~ by #admin Yogesh Jain. Three days ago I finished the series on gmail session Hijacking and Cookie Stealing , due to a tremendous response of readers I planned to writes post on Facebook cookie stealing and Session hijacking. Face book session hijacking can also be accomplished via a very popular tool called Firesheep(On a Wifi Network Only), which I wont be explaining here because I have already written it before in my post Facebook Hacking Made Easy With Firesheep In this tutorial I will explain you how an attacker can capture your authentication cookies on a local area network and use them to hack your facebook account, Before reading this tutorial I would recommend you to part1, part2 and part 3 of my Gmail Session Hijacking and Cookiestealing series, So you could have better understanding of what I amdoing here.Gmail Cookie Stealing And SessionHijacking Part 1Gmail Cookie Stealing And SessionHijacking Part 2Gmail Cookie Stealing And SessionHijacking Part 3Facebook Authentication Cookies.. The cookie which facebook uses to authenticate its users is called Datr, If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account. This is how a Facebook authentication cookie looks like:Cookie: datr=1276721606-b7f94f977295759399293c5b07676 18dc02111ede159a827030fc; How To Steal Facebook Session Cookies and hijack An Account? An attacker can use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account. If an attacker is on a Switch based network he would use an ARP Poisoning request to captureauthentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called fire sheep in order to capture a authentic action cookie and gain access to victims account.In the example below I will be explaining how an attacker can capture your authentication cookies and hack your facebook account with wireshark. Step 1 - First of all download wireshark from the official websiteand install it. Step 2 - Next open up wireshark click on analyze and then click on interfaces. Step 3 - Next choose the appropriate interface and click on start. Step 4 - Continue sniffing for around 10 minutes. Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop. Step 6 - Next set the filter tohttp.cookie contains “datr” at top left, This filter will search for all the httpcookies with the name datr, And datr as we know is the name of the facebook authentication cookie. Step 7 - Next right click on it and goto Copy - Bytes - Printable Text only. Step 8 - Next you’ll want to open up firefox. You’ll need both Greasemonkey and the cookieinjector script. Now open up Facebook and make sure that you are not logged in. Step 9- Press Alt C to bring up the cookie injector, Simply paste in thecookie value into it. Step 10 - Now refresh your page and you are logged in to the victims facebook account. Note: This Attack will only work if victim is ona connection and even on https:// if end to endencryption is not enabled.
Posted on: Fri, 17 Oct 2014 04:35:07 +0000
Trending Topics
Recently Viewed Topics
© 2015