10000
Skip to main content

Hacking Facebook using cookie




Authentication Cookies used by Facebook :
The cookie which facebook uses to authenticate it's users is called "Datr", If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account. This is how a facebook authentication cookie looks like:

datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;

An attacker may use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any ***Packet Sniffer*** and gain access to victims account.
If an attacker is on a Switch based network he would use an ***ARP Poisoning*** request to capture authentication cookies, If an attacker is on a wireless network he uses a tool called ***FIRESHEEP*** in order to capture authentication cookie and gain access to victims account.
Here in the example below I will be explaining in simple STEPS how an attacker can capture your authentication cookies and hack into your Facebook account with ***Wireshark***.

Step 1 - First of all download wireshark from the official website and install it.
Step 2 - Next open up wireshark click on analyze and then click on interfaces.
Step 3 - Next choose the appropriate interface and click on start.













Step 4 - Continue sniffing for around 10 minutes.

Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.
Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.
Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.
Step 6 - Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the  http                  cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.

Step 7 -  Next right click on it and goto Copy - Bytes - Printable Text only.

Step 8 - Next you’ll want to open up firefox. You’ll need both Greasemonkey and the cookieinjector script.               Now open up Facebook.com and make sure that you are not logged in.

Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it.
 Step 10 - Now refresh your page and*******BINGO***********************You are logged in to the victims facebook account.***************


Now comes the important part,,,,,!!!

HOW TO PROTECT YOUR ACCOUNT ??
Well, the best way to protect yourself against a session hijacking attack is to use  " https:// " connection each and every time you login to any of your accounts in  Facebook, Gmail, Yahoo or any other email account. As your cookies would be encrypted so even if an attacker manages to capture your session cookies he won't be able to do any thing with your cookies.  Also avoid using unwanted apps that you use in FACEBOOK. Keep changing your password freequently. Use tough passwords which  are hard to guess with a combination of uppercase and lowercase characters with symbols in between to make the password very strong.

 Hope you ENJOYED this post,,,!!! Please do bookmark and share if you liked this post,,,!!! Cheers,,,,!!!




Labels:

Comments

Post a Comment

write your comment here........

Popular posts from this blog

Throne rush game : Tips and tricks to get more score and mana

1. For Throne Rush,  the primary   factor   you wish   to try and do  is  to avoid wasting  your gems  thus   you'll  purchase with a hero.  not like  with League of Warriors that from  the start  you  have already got  your dragons with you and what  you wish   to try and do  is  to spice up   the extent  from upgrading the dragon. This time,  you wish   to get  it  1st  with gems. Don’t worry  as a result of   you'll  get free gems in game  additionally  if  you recognize   the way to  play it from the  thought  and exploitation   totally different   items  of  the sport ,  you actually  don’t  got to  have a hero as a beginner. 2. Since  you've got   just one   employee   out there  as you started  taking part in   the sport ,  you ought to   forever   set up  your action. Our recommendation is to  1st   go along with   simple  task  that may  not  need  you  a really  long  amount  of progress. And  when you   don't seem to be   able to   log on  like if  you
1 comment
Read more

What is SEO

Image Source: http://rohitkatke.com  SEO stands for Search Engine Optimization or Search Engine Optimizer Search engine optimization (SEO) is the method of improving the volume and quality of traffic to an online web site from search engines via “natural” (”organic” or “algorithmic”) search results for targeted keywords. Before to go looking SEO it’s good to understand how search engine works. SEO is one of tools for search engine to allow actual content that you discover in search engine. Google never accepts money to include or rank sites in our search results, and it costs nothing to appear in our organic search results There are several layers to SEO however we cover the basic fundamentals that bring about the best results. It include: Title tags URL Structure Page Names Site Structure Site Speed Back Links and a lot. Success formula is Great Content + Quality Links = Search Engine Success! If you’re new to SEO (
Post a Comment
Read more

Payroll management system in vb 6.0 with source code free download

Managing employee’s  data  of  a selected  organization or for  atiny low   group   may be a  tedious task.  it's  to store all  the mandatory  records  for every   and each   worker   at intervals  the organization to assign correct task to correct person and right  wage  and perks to their eligible  staff . Manual record keeping  may be a  time taking  method .  because it  causes delay  creating   question  and generating  the ultimate  results.  thanks to   advanced   atmosphere   and dealing  procedures,  it'  practicable  to handle all  the data  with accuracy. This Payroll Management System Project  can  do  of these  jobs mechanically  and  a lot of  accurately Payroll Management System Project  summary By  exploitation   pc   primarily based  Payroll Management System Project, it saves time,  area   and energy . Its user  will  merely  click the button  victimization  menus for  the subsequent  activities: Adding  worker   info . Deleting  worker   info
5 comments
Read more