Skip to main content

Hijacking FACEBOOK

  • How To Hack FACEBOOK ?

  Today I'll illustrate the SESSION HIJACKING technique to hack FB Account.



In this scope I will be using BACKTRACK, a Penetration Testing Distribution integrated with the below tools for Network Scan, MIMA and Packet Analysis.

1. NMAP
2. ARPSPOOF
3. WIRESHARK

And two below scripts which are compatible with Mozilla Firefox will be used for Cookie Injection:

1. GREASEMONKEY
2. COOKIE INJECTOR

  • Techniques:   
1. First Scan your network and find the target using NMAP, a Network Scanner. In this case i got 192.168.1.3 as the Target.

Backtrack


2. Next I need to start the IP Forwarding which enables my machine to forward any network traffic it receives from the target to the router.

Backtrack


3.  Next Man-In-The-Middle-Attack (MIMA) is begun by exploiting ARP Cache Poisoning to intercept network traffic between the target and the router.  

First  a malicious ARP reply is sent to the target, associating my MAC address with the router's IP (192.168.1.1).


Secondly  another malicious ARP reply is sent to the router, associating my MAC address with the target's IP (192.168.1.3).


4. Next I start packet capturing using WIRESHARK at my wlan0 interface and
applied a filter with http.cookie contains datr. The cookie string printable text with GET label is then copied.



5. GREASEMONKEY and COOKIE INJECTOR scripts are then installed in my Firefox browser. After restarting the browser Facebook login page is opened and Alt+C is pressed to inject cookie strings captured in Wireshark.



Reloading the page and I am able to login target's account !


  • Protection:
1. Browse Facebook on a secure connection (https) when possible. Make sure Secure Browsing option in Security Settings tab is enabled.



2. Arpwatch is a computer software tool for monitoring Address Resolution Protocol traffic on a computer network. Network administrators monitor ARP activity to detect ARP spoofing.

3. Capsa Network Analyzer (Packet Sniffer) is an easy-to-use Ethernet network analyzer (aka. packet sniffer or protocol analyzer) for network monitoring and troubleshooting purposes.



Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...
Labels:

Comments

Post a Comment

Popular posts from this blog

SESSION HIJACKING

What is Session Hijacking ? Session hijacking is the act of taking control of a user session after successfully obtaining or generating an authentication session ID. Session hijacking involves an attacker using captured, brute forced or reverse-engineered session IDs to seize control of a legitimate user's Web application session while that session is still in progress. TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine. Techniques : There are mainly three methods used to perpetrate a session hijack. These are: 1. Session Fixation: The session fixation attack is a class of Session Hijacking, which steals the established session between the client and the Web Server after the user logs in. Instead, the Session Fixation attack fixes an established session on the victim's browser, so the attack starts...
Post a Comment
Continue reading »

Major Cyber Attacks, Ransomware Attacks & Data Breaches — August 2025

  📌 Executive Summary August 2025 witnessed one of the most turbulent months in cybersecurity, with insurance giants, luxury fashion brands, airlines, and tech leaders like Google falling victim to attacks. Ransomware : Healthcare, energy, and government agencies remained prime targets. Data Breaches : Customer records in the millions exposed from airlines, fintech, and retail. New Malware & Vulnerabilities : Emerging strains like DeepHound RAT and new critical flaws in Microsoft Exchange raised red flags. Key Trend : Threat actors continue to shift toward supply chain attacks and extortion-focused ransomware campaigns  Timeline of Major Cyber Incidents — August 2025 🔒 Ransomware Attacks in August 2025 Ransomware continued to dominate the cyber threat landscape: Insurance & Finance : A major global insurer suffered system-wide downtime due to the BlackBasta group . Healthcare : Hospitals in the US and Europe disrupted by LockBit 4.0 , delayi...
Post a Comment
Continue reading »

Next-Gen Infrastructure: The Key to Unlocking Business Success

Key points Artificial Intelligence (AI)  is driving the need for next-generation data centers that can support high-performance computing , low-latency data transfer , and sustainable operations . AI data centers  are specifically designed to handle complex AI workloads , featuring specialized hardware accelerators , advanced cooling systems , and high-performance storage . Hyperscale cloud providers ,  neocloud providers , and  colocation specialists  are key players in the AI data center landscape, each offering unique advantages and challenges. As I report from the world of technology,  Artificial Intelligence (AI)  is moving at an unprecedented pace, with innovations expanding its capabilities at a rapid rate. This has significant implications for  enterprise architecture , as existing data center capabilities are no longer sufficient to support the demands of AI workloads. According to sources, the rapid evolution of AI requires  next-ge...
Post a Comment
Continue reading »