Phishing is the most commonly used method to
hack Facebook. The most widely used technique in phishing is the use of Fake Login Pages, also known as spoofed pages. These fake login pages resemble the original login pages of sites likeYahoo , Gmail, MySpace etc. The victim is fooled to believe the fake facebook page to be the real one and enter his/her password. But once the user attempts to login through these pages, his/her facebook login details are stolen away.
You have to only get the trick used to make a phisher, which i think is very easy if You have knowledge of html & css...
Create an id in www.110mb.com,www.ripway.com, t35.com,yourfreehostingsite.com,000webhost.com.
These are the hosting site which will allow you to upload your files.
Download the fake
Facebook page.html (index1.html) &
write.php (write.php) file.
Upload it to your account.
Give that link of html page to the mail-picture-link (by any means fool him/her) of any person(acc you want to hack)
When a user types a Username Password in the the text box,The info is sent to "
write.php" which acts as a password logger and redirects the page to "
Real Facebook login" so that the victim does not know that yoursite is a fake site and gets his Facebook.com password hacked
If anyone enters id & password ... it gets stored in passes.txt file in your account.
Now facebook shows (of phishing) that -if you have entered password at last page you need to reset password.
To avoid this you can change redirection to any other site eg: google.com.
NOTE:- PHISHING IS ILLEGAL
2) Keylogging
The easiest way and best way to hack Facebook is by using a keylogger(
Spy Software). It doesn’t matter whether or not you have physical access to the target computer. To use a keylogger it doesn’t need any technical knowledge. Anyone with a basic knowledge of computers can use keyloggers,below i will show you on How to hack facebook passwords with winspy and sniperspy
First of all free download Winspy keylogger software from link given below:
You can use
Snipper Spy Or
Keystroke Spy also...
Download Winspy Keylogger
After downloading winspy keylogger to hack Facebook account password, run the application. On running, a dialog box will be prompted. Now, create an user-id and password on first run and hit apply password. Remember this password as it is required each time you start Winspy and even while uninstalling.
Now, another box will come, explaining you the hot keys(
Ctrl + Shift + F12) to start the Winspy keylogger software.
Now, on pressing hot keys, a login box will come asking userid and password. Enter them and click OK.
Now, Winspy’s main screen will be displayed as shown in image below:
Select Remote at top, then Remote install.
On doing this, you will get a popup box as shown in image. Now, fill in the following information in this box.
.user - type in the victim’s name
.file name - Name the file to be sent. Use the name such that victim will love to accept it.
.file icon - keep it the same
.picture - select the picture you want to
apply to the keylogger.
In the textfield of “
Email keylog to”, enter your email address. Hotmail accounts do not accept keylog files, so use another
emailaccount id,my sugession is using a
Gmail id
Thats it. This much is enough. If you want, can change other settings also.
After you have completed changing settings, click on “
Create Remote file”. Now just add your picture to a winrar archive. Now, what you have to do is only send this keylog file to your victim. When victim will open this file, all keystrokes typed by victim will be sent to your email inbox. Thus, you will get all his passwords and thus will be able to hack his email accounts and even
Facebook account password.
3) Cookie Hijacking
Facebook Authentication Cookies
The cookie which Facebook uses to authenticate it's users is called "Datr".
If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account.
This is how a facebook authentication cookie looks like:
Cookie: datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;
How To Steal Facebook Session Cookies And Hijack An Account?
An attacker can use variety of methods in order to steal your Facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.
If an attacker is on a Switch based network he would use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called 'firesheep' in order to capture authentication cookie and gain access to victims account.
In the example below I will be explaining how an attacker can capture your authentication cookies and hack your Facebook account with wireshark.
Step 1 - First of all download wireshark from the official website and install it.
Step 2 - Next open up wireshark click on analyze and then click on interfaces.
Step 3 - Next choose the appropriate interface and click on start.
Step 4 - Continue sniffing for around 10 minutes.
Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.
Step 6 - Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.
Step 7 - Next right click on it and goto Copy - Bytes - Printable Text only.
Step 8 - Next you’ll want to open up firefox. You’ll need both Grease monkey and the cookieinjector script.
Now open up Facebook.com and make sure that you are not logged in.
Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it.
Note: This Attack will only work if victim is on a http:// connection and even on https:// if end to end encryption is not enabled.
Countermeasures
The best way to protect yourself against a session hijacking attack is to use https:// connection each and every time you login to your Facebook, Gmail, Hotmail or any other email account. As your cookies would be encrypted so even if an attacker manages to capture your session cookies he won't be able to do any thing with your cookies.
ENJOY...!! :)
