Jump to content

Recommended Posts

Posted (edited)

[align=center]Here is how to access someone's facebook on your network

 

Facebook send a cookie to the person loggin in in order to keep him signed in

so our job is to get that cookie and use it to bypass login so we can use that facebook account without user/pass.

 

Since im doing it from ubuntu, i need to install all the tools needed, here they are:

 

______________________________________________________________________________________

Gather your tools:

 

[*] Add grease monkey to firefox

 

[*] Install the greasemonkey cookie injector script from here

[spoiler='']

Copy and past the javascript and save it as Snipa@HackCommunity.user.js [spoiler=image]decff8a639.jpg

To install the script just drag and drop it in your firefox page[spoiler=image]f3cec884cc.png

A box will pop up to install the script just click install [spoiler=image]5bb2e89ff4.png

(note that greasemonkey should be enabled and you need to restart firefox in order to work)

 

 

[*] Install ettercap [spoiler=''] e15cjwg.png

 

 

 

[*] Install SSLstrip [spoiler='']qEZwZsY.png

 

 

 

[*] Install dsniff [spoiler=''] AIqLtuX.png

 

 

 

[*] Install wireshark [spoiler=''] TlEc3fF.png

______________________________________________________________________________________

 

 

Explanation:

 

To get the cookie , we need to see the traffic on our network, this is why we need wireshark

One problem oppose, we want to see data send to/from a certain ip address , this mean you need the local ip of your target ; in this case its 192.168.1.104

Now we capture the cookie, and use it to login to facebook, this is done with greasemonkey

 

______________________________________________________________________________________

 

 

The attack:

 

[*] Enable ip forwarding to be able to resend data that we get[spoiler=''] Ioyk0ey.png

 

 

 

to enable ip forward:sudo sysctl -w net.ipv4.ip_forward=1to check if done corretly:cat /proc/sys/net/ipv4/ip_forward

 

 

 

 

[*] Enable ip tables to redirect the target from port 80 to 1000 for SSLstrip to work [spoiler='']Saa5Pwm.png

 

 

 

 

[*] Start SSLstrip [spoiler='']qhxunnF.png

 

 

 

 

[*] ARPspoofing to position ourselfs between the router and the client (target) [align=right]-dsniff-[/align]

[spoiler=''] uzXIry6.png

 

 

 

Incty61.png

 

 

 

 

[*] Start wireshark and select an interface to start seeing the traffic[spoiler=''] aZvaHIA.png

 

 

 

 

[*] Type this in the filter, and wait for the target to login on facebook [spoiler=''] CrEjaF0.png

 

 

 

 

[*] When he login, you will see this, just copy the printable text only, like i did [spoiler=''] owxX84b.png

 

 

 

 

[*] Now inject the cookie in your webbrowser, go to facebook, and press ALT+C to see this input box, and past there [align=right]-grease monkey-[/align][spoiler=''] 1BvVcI7.png

 

 

 

 

[*] You can now refresh facebook, and there you go, you are logged in [spoiler='']GCdyiyp.png

 

 

 

______________________________________________________________________________________

[/align]

 

Note : This is a Man In The Middle Attack (MITM) example, done on my personal facebook account, on my network, maxcheaters don't take resposability due to what you do with informations you got from this tutorial.

Edited by Viral Dragon
  • 2 weeks later...
Guest
This topic is now closed to further replies.
×
×
  • Create New...