How To HacK Fb Using Session Hijacking 2016 By Sufyan Hacker
**HACK Fb USING SESSION HIJACKING**
This method is also called cookie stealing.
*WHAT YOU WILL NEED
1.WireShark
It is a Network Protocol Analyzer.It can be used forCapturing Packets and cookies
within a Network i.e LAN, WiFi etc.
2.Cookie Injector
It is a agent which can be used to inject cookies tobrowser.
This we’ll do via cookie Injector Script. And A
Chrome Plugin TemperMonkey (if you are using
chrome), Greasemonkey for Mozilla.
What is Facebook’s Authentication Cookie?
How is it Vulnerable?
Cookies, HTTP/HTTPS Cookies are helpful for
WebSite for Storing User Specific Data in User’s
Browser itself for reducing Overhead on Server
round trips. However Cookies can also get you in
trouble if someone is able to steal it from your
system.
Facebook uses “datr” Cookie Authentication
mechanism.
Attacker will use Your sessions cookies and injectin Browser. Browser will redirect him to your
account State at that time.
Hacking Facebook Using Cookie Stealing and
Session Hijacking
How to Use WireShark for Capturing Cookies.
WireShark is a Packet Sniffer which Sniffs a
Network and captures Packets being Transferred,
So it also captures Session Cookie Packets being
used for any Website Say Facebook, Gmail, Hotmail
etc. Therefor it’s a very popular tool among
Hackers for Stealing Victim’s Cookies and hijacking
their loged in sessions. We can use this tool for
any kind of Network.
••Download Wireshark Protocol Analyzer(latest
version Preferred).
••Install and run.
Go toCapture -> Interfaces.
It will open Interface window containing All Interface
Supported.
you can check Active interfaces by seeing on
packets. If they are updating it means network is
active.
Check out this Network and click Start.
••Packet Capturing will start.
Now we have to set Filter for Our desirable
packet.i.e Cookie for Facebook.
••Click onAnalyze-> Display Filters.
There Input Filter Name as Http.cookie and
FilterString as http.cookie contains datr. Then push
Apply.
Now Filter has been set. Just wait for 10 mins it
will Fetch and display cookie containing“datr”.
••After Some time you will find Cookie Packet
containing datr value in the result window.
••Now Right Click Node Filtered for “HTTP Cookie
datr”.
Go to Copy -> Bytes -> Printable text only.
••Put in a notepad copied text and select value
like :Cookie: datr=ZNHCUlHbFOue6NKOWLQaRUgvd
sabsacg789
••Now You need cookie Injector.
Script will be run in browser via Plugin added
[Grease monkey or Temper Monkey].
••Now Open Plugin and Script Code to it. Once it’s
added to Plugin. Open Facebook Login Page in a
new window.[You must not have logged in]
••Now Press ALT+C .
It’ll Call Cookie Injector dump Window.
There you Put the Copied Cookie Value and press
ok.
••Cookie has been Injected to browser
••Now just Refresh the page & you’ll be logged in to
Victims Account.
You can also use this method in your android
device.
Note**Your device must be rooted.You can use a
application faceniff to hack fb using cookie stealing.
You can also use Firesheep, extension of firefox.
You can read more about this in our neXt post.
eNjoy.
# eThicAl
No comments: