Facebook Cookie Stealing And Session Hijacking



Three days ago I finished the series on Gmail Session Hijacking and Cookie Stealing , due to a tremendous response of readers I planned to write a post on Facebook cookie stealing and Session hijacking. Facebook session hijacking can also be accomplished via a very popular tool called Firesheep(On a Wifi Network Only), which I won't be explaining here because I have already written it before in my post Facebook Hacking Made Easy With Firesheep
In this tutorial I will explain you how an attacker can capture your authentication cookies on a local area network and use them to hack your facebook account,  Before reading this tutorial I would recommend you to  part1, part2 and part 3 of my Gmail Session Hijacking and Cookie stealing series, So you could have better understanding of what I am doing here.

Facebook Authentication Cookies

The cookie which facebook uses to authenticate it's users is called "Datr", If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account. This is how a facebook authentication cookie looks like:
Cookie: datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;

How To Steal Facebook Session Cookies And Hijack An Account? 

An attacker can use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.

If an attacker is on a Switch based network he would use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called firesheep in order to capture authentication cookie and gain access to victims account.

In the example below I will be explaining how an attacker can capture your authentication cookies and hack your facebook account with wireshark.

Step 1 - First of all download wireshark from the official website and install it.

Step 2 - Next open up wireshark click on analyze and then click on interfaces.

Step 3 - Next choose the appropriate interface and click on start.




Step 4 - Continue sniffing for around 10 minutes.

Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

Step 6 - Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.


Step 7 -  Next right click on it and goto Copy - Bytes - Printable Text only.


Step 8 - Next you’ll want to open up firefox. You’ll need both Greasemonkey and the cookieinjector script. Now open up Facebook.com and make sure that you are not logged in.

Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it.


Step 10 - Now refresh your page and viola you are logged in to the victims facebook account.



Note: This Attack will only work if victim is on a http:// connection and even on https:// if end to end encryption is not enabled.


Countermeasures

The best way to protect yourself against a session hijacking attack is to use https:// connection each and every time you login to your Facebook, Gmail, Hotmail or any other email account. As your cookies would be encrypted so even if an attacker manages to capture your session cookies he won't be able to do any thing with your cookies.

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.

Subscribe to RHA


Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!


Tags:


Kindly Bookmark it and Share it with Friends:

191 comments :

  1. Omg, it really works, You have gained my respect dude, Can you tell me any other way to prevent cookie stealing else than https://?

    ReplyDelete
    Replies
    1. Incognito-browsing.. Automatically prevents from cookie stealing

      In Chrome..
      Ctrl+Shift+N - Incognito mode

      In Internet Explorer
      Ctrl+Shift+P - Inprivate mode

      Good Luck,
      aAnonymous

      Delete
  2. Nice Articles
    Admin of www.hackingarticles.in

    ReplyDelete
  3. Your "Cookie Injector" link is not working please give me a valid link.

    ReplyDelete
  4. Your "Cookie Injector" link is not working please give me a valid link.

    ReplyDelete
  5. One of the best article.... great sharing
    One more thing that i want to add here is that ...if someone using https, so you can crack it too... http://www.ehacking.net/2011/06/crack-ssl-using-sslstrip-with.html

    ReplyDelete
  6. @George
    You can use a VPN solution too.

    @Usama
    Thanks for informing, I have updated the link.

    ReplyDelete
  7. Yes buddy, There are variety of methods you can use, You can even do it with cain and abel.

    ReplyDelete
  8. hey rafay i hav read blog "how to install keylogger remotely on a computer " and i have olso try to do the same but i couldn't found ftp accounts and file manager to new directory ,can you please tell me where i shall found it.........

    ReplyDelete
  9. So finally .. u posted how to bypass https encryption !!.. gud one man !!

    ReplyDelete
  10. hey please tell me what to do after pasting the cookie value in cookie injector...

    ReplyDelete
  11. I wanna ask same question as Abreez one.

    ReplyDelete
  12. cookieinjector script. link is not working . please adjust it

    ReplyDelete
  13. great article!!!
    can you please define a php script to capture cookie in your next article...

    ReplyDelete
  14. (http.cookie contains “datr”) was typed on filter then none data was found!!!!!!!! could you explain me???? I am surfing in a wireless network

    ReplyDelete
  15. step 3 and 6 are confusing---what do you mean by appropriate interface?
    http.cookie contains “datr”--not working
    cookie injector not found for firefox
    --please clarify above points--

    ReplyDelete
  16. @Anonymous 15
    Instead of typing http.cookie contains "datr", just type http.cookie and search manually for the datr cookie.

    ReplyDelete
  17. i get an alert "All Cookies Have Been Written." Please Help Me

    ReplyDelete
  18. @Sandhu
    Yes, you are getting the correct message, Just refresh your page and you will be inside victims account.

    ReplyDelete
  19. Rafay, does it works with the NVIDIA Force Networking Adapter... interface?

    ReplyDelete
  20. i've done all the steps,but when i refresh the page nothing happen..please help me

    ReplyDelete
  21. Hi, So I have made this facebook account for myself and logged in with it on my own PC and set up my information once. After a while I tried to log in again, but couldn't remember my password. unfortunately the password I used for my facebook account is the same as for my email, so I can't use the "forgot password" option. Having considered that I have used my own PC to log in, is there a way that login information is stored somewhere that I can retrieve them? (accessing cookies, etc) This is very vital for me as I have put some important information on that account without setting up proper privacy setting. Can you please help?

    ReplyDelete
  22. I can't seem to make it work.. :\ I have followed your instructions correctly and tried to hack myself for fun, but it didn't work.. I disabled the HTTPS browsing beforehand.

    ReplyDelete
  23. hey , how would i know that after injecting the script , that it's the same account that i'm trying to hack ?

    ReplyDelete
  24. i cant even find the “datr” thing manually too , Need help man plz .
    how exactly it looks like ?

    ReplyDelete
  25. I am at step 8 and nothing. Please assist

    nikochi78@hotmail.com

    ReplyDelete
  26. after refreshing the page...nothing happens!! help please!

    ReplyDelete
  27. after refreshing ...nothing happens why ?

    ReplyDelete
  28. how to hack gmail, if any one have dare to give 100% answer then send to my mail id : aabc8400@gmail.com

    ReplyDelete
  29. from ur method it seems i have to know install those software in the victims computer and take is cookie id and then put in my comp and go in to his account.. right??

    ReplyDelete
  30. wouldnt i be able to do all this in google chrome instead of using fire fox??

    ReplyDelete
  31. what value should be given in 'cookie value'...

    ReplyDelete
  32. rafay, u've got to response to this. I admit tht i'm only a script kiddie but you've got to tutor us on how this works. everything i did has been correct up to step 9. after the dialogue box pops out, telling tht the cookie's been written, nothing happens after i click on the refresh button. did i do anything wrong or has facebook upgraded their security system? i'd like to just see it work for once. please.

    ReplyDelete
  33. @Oui
    It appears that you are getting the correct message, It should work, If it still does not work for you, I would need some information about your network.

    First of all can you tell on what type of network are you on currently, Is it a wifi network?

    Secondly are you on a hub based network or switched based network?.

    ReplyDelete
  34. It works perfectly....

    ReplyDelete
  35. I think the trick's not working because I'm capturing packets on a secured wireless network? Because I was using my college wireless network on my first attempt and all that was captured were my own data and on my second attempt, I am capturing on a neighborhood(3-4 houses sharing one wifi connection) wireless network where everybody's sick on facebook (they're seriously crazy in love with facebook, can't get off it when everyone's home - maybe a little bit of exaggeration but that's how I see it) but I can't find anything with 'http.cookie contains "datr"' neither with 'http.cookie' for anything regarding facebook? Can this work on a home or office wireless network where the network isn't public but anyone accessing it needs a passcode? I reckon it's still wifi though. I'm just itchin'.

    ReplyDelete
  36. @Oui
    If you can't find the Http.cookie, it means that you haven't captured any of the facebook's traffic. There are wide variety of reasons why a session hijacking attack won't work, If you want to get a better understanding of session hijacking attacks, I would recommend read the three part series on Gmail session hijacking.

    ReplyDelete
  37. hey when I paste the cookie it says.........warning all cookies have been written........and then nothing happens........pls help

    ReplyDelete
  38. Interesting article you've got here. Well visit www.9jaboys.com for mobile and pc stuffs like free browsing tips. Free call, free sms....etc

    ReplyDelete
  39. wireshark didnt capture any packets why plz help me

    ReplyDelete
  40. How can you figure out the network you're on. Hub or switch base? Now that I'm lost

    ReplyDelete
  41. every thing works except the facebook part, I can get the cookies and paste them into the cookie thing but it doesn't log me in. Please help! Im on an acer aspire 4011, verizon wifi hub.

    ReplyDelete
  42. everything works but the last part when i regresh the facebook after putting all what you had said it does not login. it still onthe page of facebook login? what is going wrong?

    ReplyDelete
  43. everything seems to work but the last part on facebook page.when i refresh the page nothing works could you please help!

    ReplyDelete
  44. does the person need to be logged in from the same computer or network??

    ReplyDelete
  45. @Rafay Baloch
    U have 2 answer this one please!
    Why does Wireshark only track the http.cookie of my ip address
    only?!

    ReplyDelete
  46. I have managed all the steps, but when i open facebook and press "Alt" and "C" no cookie injector comes up. Why is this?

    ReplyDelete
  47. what if we need to hack victim in WAN no in a LAN?? so the above procedure will still work?? or its failed to hack with WAN?

    ReplyDelete
  48. Okay, how do you Manually find the datr?

    ReplyDelete
  49. please tell about WAN hacking facebook or yahoo or so on

    ReplyDelete
  50. is there any way to hack passwords with different networks that an attacker and victim use different network not in LAN ???

    ReplyDelete
  51. after pasting the cookies in cookie injector then i reload the browser window,,,,nothing happen.why???????please clear the doubt

    ReplyDelete
  52. youre cookie injector link is not working.. any other links that i can use?

    ReplyDelete
  53. hey ... i pressed alt c but nothing happened :s what should i do !!

    ReplyDelete
  54. Hi rafay plz give a attention here !!

    bro , :) ... http.cookie contains "datr" This one is wrong !

    plz Update this post .. the correct one is http.cookie contains datr

    without quotes " " .. :) hope u understand ..

    and the second mistake is -- " Step 2 - Next open up wireshark click on analyze and then click on interfaces. "

    It should be open Capture ! then click on interfaces . :)


    and yeah my problem plz bro give a solution to this ..

    i downloaded and installed wireshark and when i clcik on capture then interface then i get an error like this -- " There are no interfaces on which a capture can be done. "

    plz tell me how to solve this problem ?

    Hope u reply soon bro ....

    ReplyDelete
  55. by d way...........if facebook is used with HTTPS .........thn how can u hack tht id with cookies..bcoz cookies gets expires.........lolz......d best way is keylogger hiding under jpg.

    ReplyDelete
  56. @Anonymous 55
    HTTPS hasn't anything to do with the cookie expiring process, It makes sure that the information passed through the form is encrypted and both the parties can have a secure communication, Facebook does it well in expiring the cookies, but not much when encrypting the cookie.

    ReplyDelete
  57. Hey Rafay, r you frm Pakistan??

    ReplyDelete
  58. I want to hack the facebook account of someone who unfriend me. Is there a possible way to do that since where not living together? I also can't locate the facebook id number. The only display i got is something like www.facebook.com/xxxxxref=ts. Any reponse will be appreciated. Thankyou.

    ReplyDelete
  59. hey does this stuff work on a wired internet connection?

    ReplyDelete
  60. hey i tried this i got the message "All Cookies Have Been Written." i refreshed the page...now how to enter into victim's profile ? i typed victim's profile link in the search bar but it wasn't of any use..!

    ReplyDelete
  61. brother u gotta answer this one....

    how can we b sure that thats the same account we want to hack in.....???

    -ash

    ReplyDelete
  62. its not doing nothing after i refresh it after last step?! please help

    ReplyDelete
  63. I got to the pasting the cookie in the box, and it told me "all cookies have been written." How do I fix this? Please respond as soon as possible (anyone), I need to get into this account before tomorrow night!!

    ReplyDelete
  64. Hey it take me to my own account dude.how i'll get someone Authentication cookie?? plz reply soon

    ReplyDelete
  65. Will wireshark work on wifi interface atheros adapter? And Im a bit confused, will it only hack peopel who are using the same network or someone using a deifferent network?

    ReplyDelete
  66. rafay please i have no idea of facebook hacking, as someone used my pics in a wrong manner although i send directly by myself. will you please let me know how i can hack the account in order to save myself.

    well i have no much idea about facebook and hacking so keeping in view these points so i can do efficently.

    ReplyDelete
  67. dude u should help us......
    many of us are having same problem .....
    nothing happens after refreshing ....what can be the cause...???

    ReplyDelete
  68. @All those who are not getting into the account after refreshing the page, Here are the possible reasons:

    1. You are probably sniffing https:// traffic, which means that the cookie is encrypted.

    2. You are probably sniffing on a hub based network.

    ReplyDelete
  69. Where I need to paste the script, in Greasemonkey?

    ReplyDelete
  70. plizz can u hack dis account n most probably close it...facebook account : mfahim@xtra.co.nz
    plizz..he's harrassin me n sayin bad things to me..plizzz

    ReplyDelete
  71. Dear Rafa,

    I wanna know my wife's facebook password.She logged in using my laptop 15 days ago. Now she is not here. How can I get the password information from that? Please help me

    Sadi

    ReplyDelete
  72. I think, for this u need physical access to the victim's Computer .

    ReplyDelete
  73. I still cant understand it, If someone is on a wire connection [internet] then how to hack his account??

    ReplyDelete
  74. nice..
    hey guyzz visit my blog at
    www.almashackingtutorials.blogspot.com

    ReplyDelete
  75. What am I doing wrong, when every time I try to insert the code, a window pops up, telling me ''All Cookies Have Been Written'' ?

    thanks for answering

    ReplyDelete
  76. Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it. i don't get it

    ReplyDelete
  77. bro wire shark isn;t capturing any data on my pc. plz help :)

    ReplyDelete
  78. itz opening my own facebook account only...not of the victim dude...

    ReplyDelete
  79. hey itz showin my own facebook account ..not of the victims ya

    ReplyDelete
  80. @Shiya
    It means that you have captured your own cookies instead of the victims.

    ReplyDelete
  81. in step 6 how we will know thhat the cookie is of datr

    ReplyDelete
  82. (http.cookie contains “datr”) was typed on filter then none data was found!!!!!!!! could you explain me????

    ReplyDelete
  83. (http.cookie contains “datr”) was typed on filter then none data was found!!!!!!!! could you explain me????

    ReplyDelete
  84. den how can i capture victims cookie ?

    ReplyDelete
  85. den hw can i capture victims cookie ?

    ReplyDelete
  86. den hw can i capture victims cookie dude ?

    ReplyDelete
  87. ive tried and still cant do it... i know my ex is cheatin on me, but this time i think its with someone i think of as a friends... im tryin to gain his password to his facebook :'( and ive had no success... anyone willing to help me im desperate :(( contact me by my email brandy_b787@yahoo.com

    ReplyDelete
  88. i downloaded greasemonkey and cookieinjector scrip, but when i run cookieinjector script i said it is from unknow publisher and wont work :(: here is what i got :line 21
    char: 2
    Error : "unsafewindow" is undefined
    Code: 800A1391
    Source: microsoft JScript runtime error

    hope u find me a solution mr. rafay
    byt thanks for ur aarticles.

    ReplyDelete
  89. A message appears saying that "all cookies have been written"then I refreshed the page but nothing happend.Please help me

    ReplyDelete
  90. i took my own facebook cookie i log ou then i logged in still same result when i log out the session dies ?
    i tried to inject only the datr it doenst work ?? i tried to extract it doesn also work !!! should i preporm MITM before ?

    ReplyDelete
  91. how to capture victims cookies? i try many times but still stucked at there..
    other than this,
    is it cannot use wifi?

    ReplyDelete
  92. I have tried all the steps but i can never get the correct cookie, while I wait the 5-10 minutes do i have to do anything on facebook to actually get the correct cookie?

    ReplyDelete
  93. hello rafay i am a fan of yours since i read your work and i was wondering if you could help me out someone hacked my friends (girlfriends) account and i wanted to hack it to get it back but there is a problem apparently the person who hacked her facebook also hack her hotmail so she cant reset the password i tried to use your method but it didnt work so now i wanted to see if you could help me hack her account or what you suggest my email is t_cangri@hotmail.com thx for the help

    ReplyDelete
  94. hello rafay i am a fan of yours since i read your work and i was wondering if you could help me out someone hacked my friends (girlfriends) account and i wanted to hack it to get it back but there is a problem apparently the person who hacked her facebook also hack her hotmail so she cant reset the password i tried to use your method but it didnt work so now i wanted to see if you could help me hack her account or what you suggest my email is t_cangri@hotmail.com thx for the help

    ReplyDelete
  95. Why can I only capture the cookies on my computer but not other people's computer when they share a same wifi network with me?

    ReplyDelete
  96. hey can you tell me how to hack a retro hotel??? a retro hotel is like habbo.co whit many online accounts :) the retro hotels names is :dibbo.dk :) hope you can help me ??

    ReplyDelete
  97. I have followed the all procedure stated above. But when i press the ALT+c Nothing happens. Any solution. . .

    ReplyDelete
  98. after i refresh,,i still couldnt go to victim's account. I am sure that it is HTTP. so, what am i supposed to do rafa??
    thanks

    J

    ReplyDelete
  99. i cant found interfaces after clicking 0n ANLAYZE...what can i d0?

    ReplyDelete
  100. http.cookie "dart" can be found....what do i d0?

    ReplyDelete
  101. I can only say SUPERB

    ReplyDelete
  102. First of all, this must be a good program...Now i do not want to use profanity but i am sick of all of you here who are trying to get something that does not belong to you. You would not like it if this was done to you. I am a victim on a similer scale on facebook but a very intence one. Here is a change for some of you to do good in life. HELP ME PLZ. I play poker on Facebook and my chips keep on getting stolen over and over again. I have changed my password and login multiple time, installed a new version of windows, bought a new security software, added addon to my browser but still same thing. I get hacked the same day that zynga give me my chips back. They are tracking my issue on a daily basis but its been a while either its multiple people stealing from me or just one. Who ever it is , he or she is good. my wireless is secure, atleast i think so. I use mac filtering and changed the admin password and login as well. dont know what else to do...can someone tell me what can i do...thanks plz reply to aamir_f_khan@yahoo.com

    ReplyDelete
  103. rafy bro can u help me out bro i have got the cookies but tell me how to put them ?

    i have added Greasemonkey and the cookieinjector is just a script

    plz tell me how to use it ?
    and where i will fine this wireshak cookie dump ?

    bro plz plz plz reply soon

    ReplyDelete
  104. when i click on interfaces in wireshark, it says "There are no interfaces on which a capture can be done." Please Help

    ReplyDelete
  105. hi .. I can not always get it to work when I log on to facebook so I have only been opened my own account sometimes .. What should you do if you want to open someone else's account we mail or ID number .. I want to hack a specific account because the person behind the account hetzer people and illegal sites etc.. I really hope you will help. You may want. send me an email to facebookteam093@gmail.com

    ReplyDelete
  106. hi .. I can not always get it to work when I log on to facebook so I have only been opened my own account sometimes .. What should you do if you want to open someone else's account we mail or ID number .. I want to hack a specific account because the person behind the account hetzer people and illegal sites etc.. I really hope you will help. You may want. send me an email to facebookteam093@gmail.com

    ReplyDelete
  107. So does it work if the victim is using a different computer but using the same wifi?????

    ReplyDelete
  108. What can I do to solve the hub issue? Do I need to buy switch or is there another way?

    ReplyDelete
  109. is nok work please help

    ReplyDelete
  110. Hey this work today because i find the datr cookie and inject but when reload the web appear facebook to login or open my facebook

    ReplyDelete
  111. Alt +C not working

    ReplyDelete
  112. i mean cookkie injector is not working

    ReplyDelete
  113. No offence and I don't want to promote it, but could someone tell me if hijacking/hacking facebook is possible? I came across a posting at google groups, there is a guy who can actually get you password of your enemies. Funny, hah!

    If there is any one around here with some good knowledge, do share it out here. For the reference, here is group url: http://groups.google.com/group/pay-to-click/browse_thread/thread/1cab446b734697c7

    ReplyDelete
  114. You dont need wireshack to do this you can go to google chrome inspect element--> resources-->local storage. Also i think this doesnt work bcause facebook got https

    ReplyDelete
  115. hi want to hack facebook account please help me

    ReplyDelete
  116. Dear brother, I have tried to hack facebook account using this trick but yet i am unable to perform it. I successfully steel the cookies using wireshark and inject them but when i refresh the page, nothing happens. plz brother help me plzzzzzzzzz

    ReplyDelete
  117. how to know im hacking whose account and how to choose victim?

    ReplyDelete
  118. hey this happens only when both r on same netwrk rite...

    ReplyDelete
  119. i am getting the sane login page after refreshing.... how to do i am not understanding.. please help me

    ReplyDelete
  120. hey i am not understanding what are u saying... ia m getting the same login page after refreshing....... how to do it...please help me...

    ReplyDelete
  121. cant capture packets using wireshar..help me please..

    ReplyDelete
  122. cant capture cookies by using wire shark..bcos i'm using Huwai usb nodem...if u can help me pls...

    ReplyDelete
  123. If I can have access to another computer's cookie directory, is there any way to extract the datr file and use it, or it has to be online to hack the account? I am searching my own cookie directory, but i use chrome and i am not sure that I have found the right datr format. I used SQLite Manager to extract the cookie directory for chrome, and I import the results in the Greasemonkey but nothing seems to happen.
    If you could tell what I am doing wrong it would be very helpfull.

    Thanks in advance

    ReplyDelete
  124. If I can have access to another computer's cookie directory, is there any way to extract the datr file and use it, or it has to be online to hack the account? I am searching my own cookie directory, but i use chrome and i am not sure that I have found the right datr format. I used SQLite Manager to extract the cookie directory for chrome, and I import the results in the Greasemonkey but nothing seems to happen.
    If you could tell what I am doing wrong it would be very helpfull.

    Thanks in advance

    ReplyDelete
  125. I am Able to copy cookie of my own account and gaining access to mah account ........ but how can i find cookies of another people account on the same wi-fi connection ?????? i m getting cookies of my own account only on wireshark ................my gmail is
    tochetanwadhwa@gmail.com

    ReplyDelete
  126. sir ......... will u plzz tell me that how to select interface on a wi-fi network in wireshark to get coookies of another's gmail accounts active on same wi-fi network ???

    ReplyDelete
  127. Cookie Injerctor dont pop up.

    ReplyDelete
  128. The following display filter isn't a valid display filter:
    http.cookie contains “datr”
    Help ??

    ReplyDelete
  129. The following display filter isn't a valid display filter:
    http.cookie contains “datr”
    help

    ReplyDelete
  130. It goes to my own facebook page. how do i get the victims cookies?

    ReplyDelete
  131. Guys to those who do not see any result after pressing ALT + C , please follow this :
    1-Go to Tools (press alt if you are using last firefox version)

    2-go to Greasemonkey > Greasemonkey-options

    3-then press " Add " and write the website you have cookie for NOTE:(exept Gmail & google ) and make sure the website followed by " * " expmle : http://www.facebook.com/*

    4- then click at Ok
    and open http://www.facebook.com/ (without the " * " ; make sure you are not logged in.

    5-and press ALT + C , and past the cookie you have copied from wireshark , (at the copying step , at the details of the packet you captured look for " Cookie : " and right click at the cookie line and Copy>Bytes>printable only.

    6-Now refresh the facebook page ( F5 )
    Congratulations you are done.

    ReplyDelete
  132. it is working 100% perfect thanks rafay
    to those people who said that it doesnot work
    you have to log to the facebook account and donot logout because when you logout the cookies ends and you could do that from internet explorer browser and use the cookies on the firefox by alt+c and paste then refresh while opening the account from another explorer without logging out

    ReplyDelete
  133. guys if the password had changes from other pc this can work??
    plzzz answer

    ReplyDelete
  134. This capturing way just succeed packets between your own local computer and server/website that you visit not whole network or specific IP address

    ReplyDelete
  135. hey when i use wireshark and click on start it says no packet capture..??why plzz help

    ReplyDelete
  136. how can i capture interfaces if i am using wireless as my internet connection ( it's like an internet using a flash drive)

    ReplyDelete
  137. thankxxx... i needed it badly.

    ReplyDelete
  138. It s not working....After i do everything...my filter directs me to a result...something like....ajax/chat/buddy......(something like that)...i copy it as Directed...n inject it...after getting the message cookies have been written....i refresh n i dont get anything....the same login page gets reloaded again!!!....i am using broadband...PPoE....n at some on a single connection...on single computer!!...and whats that...End to end encryption?

    ReplyDelete
  139. can u tell me, what is useful to capture packets on a 3g usb connection

    ReplyDelete
  140. Please, tell me how can i get a cookie from any friends browser
    and i tried this but it is not working!

    ReplyDelete
  141. Please, tell me how do i get cookie from friends browser?? And i tried this , but it is not working!! when i set a cookie into cookieinjector after that automatically redirect into google and this process remain continue!

    ReplyDelete
  142. Hey after refreshing nothing happens.......what to do.....

    ReplyDelete
  143. First, thank you for this and for the answers that you give to us ;)

    Then, I need u're help, Everything work until the "refresh moment", when I refresh, nothing happens, and I'm french so I did'nt really understand what you said before :/ so could you explain for me what's the problem, knowin that I'm (on/in) wifi, and the account i'm tryin to hack, is (in/on) https, so what can I do ? Thanks for all again, bye.

    ReplyDelete
  144. after downloading and installing wireshark, when im opening it its coming The procedure entry point DecodePointer could not be loacted in the dynamic link library KERNEL32.dll. What to do?? Please help!

    ReplyDelete
  145. IF our victim is online on FB from cell, will this work?

    ReplyDelete
  146. I've gotten everything down except once I copy and paste the code and then refresh the screen, nothing happens... HELP!

    ReplyDelete
  147. http.cookie contains datr doesnt work it has syntax error pls help
    turkog@itu.edu.tr mail me

    ReplyDelete
  148. http.cookie contains datr doesnt work it has syntax error pls help me turkog@itu.edu.tr mail me pls

    ReplyDelete
  149. Does this work on a remote computer? for example I want to hack and account but the person is logging in from Argentina.

    Thanks :)

    ReplyDelete
  150. If I have access to a person's cookies on a shared computer, can I just take the cookie .txt file from their user appdata folder and get the value that way? If so, how do I get the value once I have the .txt file?

    ReplyDelete
  151. But how i access to a exact victim's account?

    ReplyDelete
  152. This only works on your network.. Argentina won't work.. To set up wireshark you have to choose your interface first but selecting either wlan0 for wifi of something like eth0 for wired.. If not then wiresshsark doesn't know where to capture from. You can set that up right in the menu. After choosing an interface hit start capture and follow the instructions for session stealing. And if you want the exact account then steal the exact cookie for his account.

    ReplyDelete
  153. Good Article.I'll try this and reply again,

    ReplyDelete
  154. hey firesheep is not working on firefox 14.0.1

    ReplyDelete
  155. how to know who are you hacking????

    ReplyDelete
  156. did it work on datastick ?/////////////////?????????????????????????????????
    n which browsser???????????

    ReplyDelete
  157. now...I cant get it to work..Doesnt do anything when i refresh,,any more detailed descriptions on what to do?

    ReplyDelete
  158. Now..What do i do when i get in there, when i refresh it does nothing. How do you control it...Any more specific instructions?

    ReplyDelete
  159. i get this error "All Cookies Have Been Written" then i refresh the page but not working.... plz help

    ReplyDelete
  160. i get some msg as you reply to:Sandhu

    Yes, you are getting the correct message, Just refresh your page and you will be inside victims account.

    but its not working.... plz reply...

    ReplyDelete
  161. I followed the steps, but ended up with the same problem as most of the people: when refreshing, nothing happens. Could it be becauze i am using a hub based network ? It s a computer, not a laptop.

    ReplyDelete
  162. I followed the steps and ended up with nothing happening after the refresh. I am using a hub based network. What seems to be the problem ? :/

    ReplyDelete
  163. In Step 7, you say to "right click on it and goto Copy - Bytes - Printable Text only."
    What, exactly, is "it"? Where would I find it? Help please? Thanks.

    ReplyDelete
  164. how to hack fb using above method, if a person is on hub network...

    ReplyDelete
  165. it really works man.....i logged on to my account and stole my own cookie through Wireshack and i successfully logeed in...
    Admin u deserve my respect man.......

    ReplyDelete
  166. what to do with cookieinjector script

    ReplyDelete
  167. i could not able to bring up the cookieinjector with alt+c, is there any other way to bring that up ?

    ReplyDelete
  168. how do i identify the information that i found is the one who im going to hack?

    ReplyDelete
  169. Facebook nolonger http, now cookie cant sniff through https:// ssl protected website... need to use other method to disable ssl/https and sniff to http://

    ReplyDelete
  170. Error on opening the cookie injector ... how to fix it sir.?
    tnx

    ReplyDelete
  171. This is useless! it isn't working :@

    ReplyDelete
  172. I need your help please i did every thing 1 by 1 but i start interfaces i never find any datr files

    ReplyDelete
  173. if you wanna prevent the session stealing please sure that you are not in a hub environment. Well yes we can still sniff by ARP pois. in a switch environment, just in order to make it harder to do it. You may use things like HMAC to sign the variables for the web server and browser to check it by codes like:


    ----------------------------------------------------------------


    < F'k(m) > < C >
    HMAC(ve,k)= hash --------> user -------> server
    |
    |
    < HMAC(ve,k) > V
    if hash == HMAC(moded(ve),k) <----------- compute
    else print {error};
    [drop session]


    -----------------------------------------------------------------

    ReplyDelete
  174. When i clicked on interfaces it said I've got none... so now what.

    ReplyDelete
  175. Hey listen, I did everything you said and it all went normal, but when i pasted the cookie in that text box, i get a message saying "all cookies have been written" and then i hit enter. the n as you said i refresh the page but ABSOLUTELY NOTHING HAPPENS. and yes the victim was logged in during that time. Please help me man. thanks.

    ReplyDelete
  176. guys pls help ctrl-c not working!!

    ReplyDelete
  177. Someone Should so hack someone for me... This isnt my comp so i cant just DL things to it. <3

    ReplyDelete
  178. Would this method work if the victim is on a different network entirely?

    ReplyDelete
  179. How can I find the victims cookie, there is a lot of these things(I'm a newbie)

    ReplyDelete
  180. When I paste the printable text in wireshark cookies dump on facebook login page it says "All cookies have been written' plz tell me what to do

    ReplyDelete
  181. Please answer me whether I need access to victim's pc for this method to work?

    ReplyDelete
  182. My question is IF our victim is online on FB from cell, will this work? how to hack wifi password on android Waiting For Your Answer!

    ReplyDelete
  183. does this still work on 2015 ? xD

    ReplyDelete
  184. Http.cookie containing datr is not there in filter
    Only Http.Cookie_pair. Is there
    What to do now

    ReplyDelete
  185. Http.cookie containing datr is not there
    Rather Http.Cookie_pair is showing in the filter
    How shall I do now

    ReplyDelete
  186. I enter in filter http.cookie contains “datr” but there is not show anythink plzzz help

    ReplyDelete

Blog Archive

 

Recent Comments

About

Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.