Hi all users, after receiving your mails that most of facebook hacks
doesn't work anymore we have searched and tested and posted some of most
popular facebook hacking techniques but still I think doesn't work for
you so finally we've found this technique working 100% for hacking
facebook and today we're here to let you know how to do it. So you want
to hack Facebook, eh? Before we begin learning how to sniff and start
ARP poisoning, let's first begin with this: this tutorial was designed
for educational purposes--only! I take no responsibility in whatever
damage this may cause to those who wish to participate in this act of
hacking! That being said, if you still wish to continue in learning how
to get into someone's Facebook without them knowing, proceed along.
There are a couple of terms you will have to know before we begin. This
is so that you don't find yourself scratching your head midway through
this post wondering what the @$%# I'm talking about. Please understand
the following terms and they're respective definitions before
proceeding.
- Cookie: A cookie is just one or more pieces of information stored as text strings on your machine. A Web server sends you a cookie and the browser stores it. The browser then returns the cookie to the server the next time the page is referenced. Cookies are essentially utilized so that the website can remember certain aspects of that particular website so that when you return it loads the page faster.
- ARP Spoofing/Poisoning: ARP stands for Address Resolution Protocol and is a telecommunications protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks. It's the "guy" behind the scenes that stands in the middle of all the network traffic, takes in the requests of other computers on the LAN, and returns valuable information/answers. How do you think you get your IP address when you look up ipconfig in CMD? Your computer sends out a request to extract its IP address and the ARP essentially gives you the IP address for your computer. The act of "spoofing" or "poisoning" the ARP, as you probably can already tell, is a very dangerous protocol. By doing so, you are enacting what's called a "man-in-the-middle-attack", MITM for short. When you poison the ARP of a computer within a LAN, you are making yourself the ARP. In other words, all the requests the computers in the network make come directly to you and the answers go directly from you. More on this later.
- Packet(s): Packet, or packets, are a formatted unit of data carried by a packet mode computer network. They contain literally a million variety of information and provide useful methods in transmitting/receiving requested information. For example, let's take a look at sending an email. On the Internet, the network breaks an e-mail message into parts of a certain size in bytes. These are the packets. Each packet carries the information that will help it get to its destination -- the sender's IP address, the intended receiver's IP address, something that tells the network how many packets this e-mail message has been broken into and the number of this particular packet. The packets carry the data in the protocols that the Internet uses: Transmission Control Protocol/Internet Protocol (TCP/IP). Each packet contains part of the body of your message. Hopefully this gives you a general idea of how packets work and what they provide for both your computer and the internet.
- Sniffing: Sniffing is usually implied to sniffing network packets. Packet sniffing is the act of eavesdropping on another computer's packet transfer and capturing (saving) those packet transfers for analysis. Though this sounds malicious and wrong, packet sniffing is used widely around the world today for a number of beneficial reasons. But yes, you are correct, just like everything else there are both good and bad intentions for sniffing. An analysis of "sniffed" packets can often times to be used to pick out abusive/malicious acts within a network. An analysis can also provide the "sniffer" to pick out what the slave has been doing and what kind of information the slave's computer has been sending/receiving. Again, just a general definition but you get the picture.
Please read through the definitions and familiarize yourself with the
terms before asking what certain things mean here. You can't expect to
know every and anything without doing some homework. Trust me, knowing
these terms will not only save you time but also give you the benefit of
becoming more knowledgeable about basic network definitions Victoire
Software
The following is a comprehensive list of the software you will be
needing for this practice. I've given the links to their home pages
where you can download the software for free.
- Mozilla Firefox: http://www.mozilla.org/
- Web developer add-on for Firefox: https://addons.mozilla.org/en-US/firefox/addon/web-developer/
- Cain and Abel: http://www.oxid.it/cain.html
- Wireshark: http://www.wireshark.org/download.html
Sniffing Your Way In
Now that you're generally familiar with some basic network definitions
and have downloaded the required tools to effectively sniff packets, let
us begin. Go ahead and open up Firefox and log into your Facebook
account. You should be able to see the "cookies" option in the
upper-left corner of the toolbar. Click on that and select "View Cookie
Information".
You should now see a collective group of information all in regards to
the cookies saved on your computer for Facebook. The main cookies are
the c_user cookie (which identifies a person uniquely) and datr cookie
(which contains important information for the specified c_user). Our
goal in sniffing into someone else's Facebook is to trick the browser
and the computer into thinking that we are someone else. How do we do
this? By manipulating cookies to disguise ourselves. Essentially we are
swapping our actual Facebook cookies to that of the slave's so that when
we log back into Facebook, it will think we are the slave rather than
ourselves. Not too hard to understand, right? Blink
Go ahead and close out of Firefox for now. Next, go and install Cain and
Abel. Throughout the installation process, the setup wizard will ask if
you want to install the packet driver WinPCap--go ahead and install
this. Once you have successfully installed Cain and Abel, open the
program. Now follow these steps exactly:
- Click on configure on top and select your Network card. Mostly its the one with an IP address Tongue.
- Next click on the start/stop sniffer on top as shown below in green square.
- Once you start the sniffer, goto the sniffer tab in Cain, right-click and click scan MAC address as shown below!
Depending on your computer and your network population this process can take a couple of minutes. Once it's complete, however, you should be able to pull up a list of computers on your LAN. One cool thing you can do here is right-click one of the computers and find out the computer name. Now it's time for the attack! What was the name of the attack again? Anyone? Did you forget already? Ah, yes, the MITM attack!
Again, follow these steps accurately to effectively spoof the ARP :
- First Click the APR tab below in cain.
- Click the white screen in the top frame
- Click the blue plus on top.
You should get a list of all the devices on the left and a blank screen on the right. In the left screen you should select the router IP. And in the right box, select the computers you want to target. To be safe its better to target one computer. But if you want some real fun then select all the computers on the right frame Hehe. Press "Ok". A caveat in selecting a large amount of computers, however, is that your computer may not be able to handle all the network transmissions and therefore lose some packet captures. Also keep in mind, however, that if someone is working in the router or is monitoring/analyzing the router and actually knows what he/she is doing, they could immediately detect that you are ARP poisoning the router. So be careful! You can get caught.
All the computers should have populated the top-frame. Now select the whole list and click on the nuclear button (top left of Cain, bolded box in the picture below).
And you're done! You've successfully poisoned the ARP of the computers
you've selected and you are now the "middle-man" between your slave's
computer and the router to the internet. But wait just a second--we
can't get into the slave's Facebook just yet! All we've done so far is
established ourselves to be the "middle-man". We have to now capture
some packets, swap cookies, and voila! We're in.
Now we will open up Wireshark. Follow the steps below :
- Open up wireshark
- Go to "Capture –> Interfaces" in the top menu and select your interface. It’s usually the one which has an IP address and a certain number of packets flowing through it.
- Next go to "Capture" and click on "Start".
It should look something like this.
This window has all the packets sent from the slave’s/victims’ computer
to the router and all the packets sent from the router to the slave.
Next in the filter type “http.cookie contains datr”. You ask why? Because, when a user logs in to facebook, he is given some cookies which is unique to him. If we replace our cookies with the slave’s cookies, we can login to his account as then facebook wont know the difference.
After filtering the cookies out, right-click on any one of them and click on "Follow TCP Stream".
In the TCP stream look for the line "Cookie: ( and all cookie names)". If it doesn't show up, select some other packet in Wireshark and click on "Follow TCP Stream" for that particular cookie. You can see the source IP and destination IP in Wireshark. So if you have more than one source IP, then you know you have the cookies of more than one account on your LAN. This is what I got when I did it.
Next in the filter type “http.cookie contains datr”. You ask why? Because, when a user logs in to facebook, he is given some cookies which is unique to him. If we replace our cookies with the slave’s cookies, we can login to his account as then facebook wont know the difference.
In the TCP stream look for the line "Cookie: ( and all cookie names)". If it doesn't show up, select some other packet in Wireshark and click on "Follow TCP Stream" for that particular cookie. You can see the source IP and destination IP in Wireshark. So if you have more than one source IP, then you know you have the cookies of more than one account on your LAN. This is what I got when I did it.
You now have the slave's cookies for his/her Facebook. The main ones we
need to focus on are the datr cookie, c_user cookie, lu cookie, sct
cookie, w cookie and xs cookie. Now open up Firefox and go to Facebook.
If you're logged in, log out so that you're at Facebook's home page.
Click on the "Cookie" option in the toolbar (as like before) and do the
following in this exact order.
- Clear session cookies.
- Delete domain cookies.
- Delete patch cookies.
Note :-
If you don't do the steps in that same order, this will not work!
Note :- Once you do this, reload the Facebook page (http://www.facebook.com). This is to ensure that you are loading the Facebook page clean without any pre-existing cookies.
Now login to your account with your username and password. After logging in, click on cookies in web developer add-on just like before and click on “View Cookie Information”. You should see all of your Facebook cookies now. Any ideas what we do next? I suspect you know by nowOui.
Click on “Edit Cookie” for each cookies there and replace the cookie value with the value you got through Wireshark. If you didn't get all the cookies in Wireshark, it's OK! But mainly, you should look to replace the datr cookie, c_user cookie, lu cookie, sct cookie, w cookie and xs cookie.
After you have swapped cookies, go ahead and refresh the page. Voila!
You should now be logged in as your slave rather than yourself.
Congratulations, you have successfully "hacked" your way into someone
else's Facebook! Again, please keep in mind that this only works for
computers within your LAN. So if you're at home, you can only get into
the Facebook of people who are connected at home. No, you cannot hack
into the Facebook of someone across the worldNon.
Post a Comment