Skip to main content

HACKING FACEBOOK ACCOUNTS USING COOKIE STEALING AND SESSION HI-JACKING

Warning: This is only for EDUCATIONAL purposes to make you aware of how your FACEBOOK account may get HACKED so that you may PREVENT it from getting hacked,,,,!!!
The person posting this or the this blog is not responsible for any type malicuous activities performed by anyone who is reading this,,,,!!! 


                           



Hey there,,,!!! Many of them have been reuesting me to post about FACEBOOK HACKING,,,!!! Well here it is for you,,,!!!

Authentication Cookies used by Facebook :

The cookie which facebook uses to authenticate it's users is called "Datr", If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account. This is how a facebook authentication cookie looks like:

datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;

An attacker may use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any ***Packet Sniffer*** and gain access to victims account.

If an attacker is on a Switch based network he would use an ***ARP Poisoning*** request to capture authentication cookies, If an attacker is on a wireless network he uses a tool called ***FIRESHEEP*** in order to capture authentication cookie and gain access to victims account.
Here in the example below I will be explaining in simple STEPS how an attacker can capture your authentication cookies and hack into your Facebook account with ***Wireshark***.

Step 1 - First of all download wireshark from the official website and install it.

Step 2 - Next open up wireshark click on analyze and then click on interfaces.

Step 3 - Next choose the appropriate interface and click on start.


                                


Step 4 - Continue sniffing for around 10 minutes.

Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

         

Step 6 - Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the  http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.

Step 7 -  Next right click on it and goto Copy - Bytes - Printable Text only.

    

Step 8 - Next you’ll want to open up firefox. You’ll need both  Greasemonkey nd the  cookieinjector scrip ow open up Facebook.com and make sure that you are not logged in.

Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it.




 Step 10 - Now refresh your page and
                                                  *******BINGO***********************You are logged in to the victims facebook account.***************


Now comes the important part,,,,,!!!

HOW TO PROTECT YOUR ACCOUNT ??
Well, the best way to protect yourself against a session hijacking attack is to use  " https:// " connection each and every time you login to any of your accounts in  Facebook, Gmail, Yahoo or any other email account. As your cookies would be encrypted so even if an attacker manages to capture your session cookies he won't be able to do any thing with your cookies.  Also avoid using unwanted apps that you use in FACEBOOK. Keep changing your password freequently. Use tough passwords which  are hard to guess with a combination of uppercase and lowercase characters with symbols in between to make the password very strong.

 Hope you ENJOYED this post,,,!!! Please do bookmark and share if you liked this post,,,!!! Cheers,,,,!!!

Comments

Popular posts from this blog

List of google dorks for sql injection!!!!!

                                       List Of Google Dorks For Sql Injection Google Dork for sql injection I had previously share with you guys List of  good proxy sites to surf anonymously on the internet and today i am sharing with you a list of google dorks for sql injection which is one of most used method to hack a website. List Of Google Dorks inurl:index.php?id= inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID= inurllay_old.php?id= inurl:declaration_more.php?decl_id= inurlageid= inurl:games.php?id= inurlage.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id=d= inurl:event.php?id= inurlroduct-item.php?id= inurl:sql.php?id= inurl:news_view.php?id= inurl:select_biblio.php?id= inurl:humor.php?id= inurl:aboutbook.php?id= inurl:fiche_spectacle.php?id= inurl:article.php?id= inurl:show.php?id= inurl:staff_id= inurl:newsitem.php?nu...

HOW TO INSTALL PATTERN LOCK IN WINDOWS

Hi friends , smartphones are famous for their pattern lock software. If you are already using any smartphone then you know what is pattern lock and if you really like it then you can now install it on your windows PC too. Now you thinking , it is interesting to do but how can you implement it then here are some steps available for you to install pattern lock on your windows pc STEP 1. First of all you have to download & install XUS PC LOCK to your PC                                                DOWNLOAD STEP 2. Now  set a pattern to unlock your screen STEP 3. Now you'll get a icon on your desktop as well as in notification area as shown in below screenshot. STEP 4. Now it will automatically lock your PC when it is not in use like in your smartphone, you can unlock it using  pattern which you set in step 2.

HOW TO CHECK DND(Do Not Disturb) SERVICE STATUS ONLINE IN INDIA

DND is short for Do Not Disturb. This service enables the mobile users to stop receiving advertising or bulk sms or calls on their mobile. This service is provided by NDNC (National Do Not Call Registry). So if you want to check your number is registered on DND or not then here are some steps , just follow them. STEP 1. First of all open this website, and click on Check Registration Status. STEP 2. Now here fill your 10 digit mobile number and hit on SEARCH STEP 3. Now you'll get detail of activation of DND on your number NOTE: If you want to activate DND then Send an SMS with the message START 0 to 1909