Jump to content

Recommended Posts

Posted (edited)

[align=center]Here is how to access someone's facebook on your network

 

Facebook send a cookie to the person loggin in in order to keep him signed in

so our job is to get that cookie and use it to bypass login so we can use that facebook account without user/pass.

 

Since im doing it from ubuntu, i need to install all the tools needed, here they are:

 

______________________________________________________________________________________

Gather your tools:

 

[*] Add grease monkey to firefox

 

[*] Install the greasemonkey cookie injector script from here

[spoiler='']

Copy and past the javascript and save it as Snipa@HackCommunity.user.js [spoiler=image]decff8a639.jpg

To install the script just drag and drop it in your firefox page[spoiler=image]f3cec884cc.png

A box will pop up to install the script just click install [spoiler=image]5bb2e89ff4.png

(note that greasemonkey should be enabled and you need to restart firefox in order to work)

 

 

[*] Install ettercap [spoiler=''] e15cjwg.png

 

 

 

[*] Install SSLstrip [spoiler='']qEZwZsY.png

 

 

 

[*] Install dsniff [spoiler=''] AIqLtuX.png

 

 

 

[*] Install wireshark [spoiler=''] TlEc3fF.png

______________________________________________________________________________________

 

 

Explanation:

 

To get the cookie , we need to see the traffic on our network, this is why we need wireshark

One problem oppose, we want to see data send to/from a certain ip address , this mean you need the local ip of your target ; in this case its 192.168.1.104

Now we capture the cookie, and use it to login to facebook, this is done with greasemonkey

 

______________________________________________________________________________________

 

 

The attack:

 

[*] Enable ip forwarding to be able to resend data that we get[spoiler=''] Ioyk0ey.png

 

 

 

to enable ip forward:sudo sysctl -w net.ipv4.ip_forward=1to check if done corretly:cat /proc/sys/net/ipv4/ip_forward

 

 

 

 

[*] Enable ip tables to redirect the target from port 80 to 1000 for SSLstrip to work [spoiler='']Saa5Pwm.png

 

 

 

 

[*] Start SSLstrip [spoiler='']qhxunnF.png

 

 

 

 

[*] ARPspoofing to position ourselfs between the router and the client (target) [align=right]-dsniff-[/align]

[spoiler=''] uzXIry6.png

 

 

 

Incty61.png

 

 

 

 

[*] Start wireshark and select an interface to start seeing the traffic[spoiler=''] aZvaHIA.png

 

 

 

 

[*] Type this in the filter, and wait for the target to login on facebook [spoiler=''] CrEjaF0.png

 

 

 

 

[*] When he login, you will see this, just copy the printable text only, like i did [spoiler=''] owxX84b.png

 

 

 

 

[*] Now inject the cookie in your webbrowser, go to facebook, and press ALT+C to see this input box, and past there [align=right]-grease monkey-[/align][spoiler=''] 1BvVcI7.png

 

 

 

 

[*] You can now refresh facebook, and there you go, you are logged in [spoiler='']GCdyiyp.png

 

 

 

______________________________________________________________________________________

[/align]

 

Note : This is a Man In The Middle Attack (MITM) example, done on my personal facebook account, on my network, maxcheaters don't take resposability due to what you do with informations you got from this tutorial.

Edited by Viral Dragon
  • 2 weeks later...
Guest
This topic is now closed to further replies.


  • Posts

    • relax guys!!! maybe he sold the GOD files, and the vacation will last even longer!
    • This is my attempt to somehow bring the script to be usable. Remembering that the ideal is someone with real capacity to work on it. I'm just trying to improve in my spare time. Changed connection logic to work in php8 Organization of links I added my top rank next to l2jbrasil. My top is 4Team Servers, if you can use it, I would appreciate it!   Download: https://github.com/Sage-BR/icpn-votesystem If you have any bugs, post them here, but as I said, I will try to resolve them or report them to: ICPNetwork    L2JBrasil = The function that generates the playerid generated the incorrect id, now for l2jbrasil it uses "ID + Key" in the VoteAPI menu L2Votes = Now use "ID + Key" GameTOP200 = "Needs testing" Organized new API Hopezone EU = Uses “ID + Key” GameBytes = API fix, (So the API only returns FALSE or TRUE, I added logic using localstorage instead of a cookie to save the moment the API returned "true" and the counter generates it from there) L2Top.co = API fix, (So the API only returns FALSE or TRUE, I added logic using localstorage instead of a cookie to save the moment the API returned "true" and the counter generates it from there) GamingTop100 = API fix GameStop200 = API fix
    • New L2 Logo Faction Interlude Mid Server!  @everyone  BETA SERVER LOGINS ARE ONLINE ENJOY! 📌 Faction Manager Good VS Evil 🏆 Maximum Buffs Slots 24/12 ⚡ Safe Enchant +3 Max +18 💥 Champion System 💥 Vitality System 🔰 GMShop, Buffer & Gatekeeper 🔁 *LOGINS ONLINE * 1st March @ 20:00 GMT+2 🌐 Website: https://l2logo-faction.com/ D ྀི Discord: https://discord.com/invite/SKsDk5yY
    • *LOGINS ONLINE* 21st February @ 15:00 GMT+2   New L2 Logo Faction Interlude Mid Server!  @everyone  Faction Manager Good VS Evil  Maximum Buffs Slots 24/12  Safe Enchant +3 Max +18  Champion System  Vitality System  GMShop, Buffer & Gatekeeper  *LOGINS ONLINE* 21st February @ 15:00 GMT+2  Website: https://l2logo-faction.com/ D ྀི Discord: https://discord.com/invite/SKsDk5yY
    • Here lies Gaytits, the gayest scammer to ever exist... RIP King -- You won't be missed.
  • Topics

×
×
  • Create New...