**HACK Fb USING SESSION HIJACKING**
This method is also called cookie stealing.
*WHAT YOU WILL NEED
1.WireSharkIt is a Network Protocol Analyzer.
It can be used forCapturing Packets and cookies
within a Network i.e LAN, WiFi etc.
2.Cookie InjectorIt is a agent which can be used to inject cookies to
This we’ll do via cookie Injector Script. And A
Chrome Plugin TemperMonkey (if you are using
chrome), Greasemonkey for Mozilla.
What is Facebook’s Authentication Cookie?
How is it Vulnerable?
Cookies, HTTP/HTTPS Cookies are helpful for
WebSite for Storing User Specific Data in User’s
Browser itself for reducing Overhead on Server
round trips. However Cookies can also get you in
trouble if someone is able to steal it from your
Facebook uses “datr” Cookie Authentication
mechanism.Attacker will use Your sessions cookies and inject
in Browser. Browser will redirect him to your
account State at that time.
Hacking Facebook Using Cookie Stealing and
How to Use WireShark for Capturing Cookies.
WireShark is a Packet Sniffer which Sniffs a
Network and captures Packets being Transferred,
So it also captures Session Cookie Packets being
used for any Website Say Facebook, Gmail, Hotmail
etc. Therefor it’s a very popular tool among
Hackers for Stealing Victim’s Cookies and hijacking
their loged in sessions. We can use this tool for
any kind of Network.
••Download Wireshark Protocol Analyzer(latest
••Install and run.
Go toCapture -> Interfaces.
It will open Interface window containing All Interface
you can check Active interfaces by seeing on
packets. If they are updating it means network is
Check out this Network and click Start.
••Packet Capturing will start.
Now we have to set Filter for Our desirable
packet.i.e Cookie for Facebook.
••Click onAnalyze-> Display Filters.
There Input Filter Name as Http.cookie and
FilterString as http.cookie contains datr. Then push
Now Filter has been set. Just wait for 10 mins it
will Fetch and display cookie containing“datr”.
••After Some time you will find Cookie Packet
containing datr value in the result window.
••Now Right Click Node Filtered for “HTTP Cookie
Go to Copy -> Bytes -> Printable text only.
••Put in a notepad copied text and select value
like :Cookie: datr=ZNHCUlHbFOue6NKOWLQaRUgvd
••Now You need cookie Injector.
Script will be run in browser via Plugin added
[Grease monkey or Temper Monkey].
••Now Open Plugin and Script Code to it. Once it’s
added to Plugin. Open Facebook Login Page in a
new window.[You must not have logged in]
••Now Press ALT+C .
It’ll Call Cookie Injector dump Window.
There you Put the Copied Cookie Value and press
••Cookie has been Injected to browser
••Now just Refresh the page & you’ll be logged in to
You can also use this method in your android
Note**Your device must be rooted.You can use a
application faceniff to hack fb using cookie stealing.
You can also use Firesheep, extension of firefox.
You can read more about this in our neXt post.