Facebook Cookie Stealing And Session Hijacking

Three days ago I finished the series on Gmail Session Hijacking and Cookie Stealing , due to a tremendous response of readers I planned to write a post on Facebook cookie stealing and Session hijacking. Facebook session hijacking can also be accomplished via a very popular tool called Firesheep(On a Wifi Network Only), which I won't be explaining here because I have already written it before in my post Facebook Hacking Made Easy With Firesheep
In this tutorial I will explain you how an attacker can capture your authentication cookies on a local area network and use them to hack your facebook account, Before reading this tutorial I would recommend you to part1, part2 and part 3 of my Gmail Session Hijacking and Cookie stealing series, So you could have better understanding of what I am doing here.

Facebook Authentication Cookies

The cookie which facebook uses to authenticate it's users is called "Datr", If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account. This is how a facebook authentication cookie looks like:

Cookie: datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;

How To Steal Facebook Session Cookies And Hijack An Account?

An attacker can use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.

If an attacker is on a Switch based network he would use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called firesheep in order to capture authentication cookie and gain access to victims account.

In the example below I will be explaining how an attacker can capture your authentication cookies and hack your facebook account with wireshark.

Step 1 - First of all download wireshark from the official website and install it.

Step 2 - Next open up wireshark click on analyze and then click on interfaces.

Step 3 - Next choose the appropriate interface and click on start.

Step 4 - Continue sniffing for around 10 minutes.

Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

Step 6 - Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.

Step 7 - Next right click on it and goto Copy - Bytes - Printable Text only.

Step 8 - Next you’ll want to open up firefox. You’ll need both Greasemonkey and the cookieinjector script. Now open up Facebook.com and make sure that you are not logged in.

Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it.

Step 10 - Now refresh your page and viola you are logged in to the victims facebook account.

Note: This Attack will only work if victim is on a http:// connection and even on https:// if end to end encryption is not enabled.

Countermeasures

The best way to protect yourself against a session hijacking attack is to use https:// connection each and every time you login to your Facebook, Gmail, Hotmail or any other email account. As your cookies would be encrypted so even if an attacker manages to capture your session cookies he won't be able to do any thing with your cookies.

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook, Google+ and Twitter.

Tags: Hack Facebook

Kindly Bookmark it and Share it with Friends:

180 comments:

George said...: Omg, it really works, You have gained my respect dude, Can you tell me any other way to prevent cookie stealing else than https://?
raj@hackingarticles.in on July 7, 2011 at 9:56 PM said...: Nice Articles
Admin of www.hackingarticles.in
Usama on July 8, 2011 at 12:58 AM said...: Your "Cookie Injector" link is not working please give me a valid link.
Usama on July 8, 2011 at 1:00 AM said...: Your "Cookie Injector" link is not working please give me a valid link.
Ethical Hacking on July 8, 2011 at 2:31 AM said...: One of the best article.... great sharing
One more thing that i want to add here is that ...if someone using https, so you can crack it too... http://www.ehacking.net/2011/06/crack-ssl-using-sslstrip-with.html
Rafay Baloch on July 8, 2011 at 2:35 AM said...: @George
You can use a VPN solution too.

@Usama
Thanks for informing, I have updated the link.
Rafay Baloch on July 8, 2011 at 2:49 AM said...: Yes buddy, There are variety of methods you can use, You can even do it with cain and abel.
Anonymous said...: hey rafay i hav read blog "how to install keylogger remotely on a computer " and i have olso try to do the same but i couldn't found ftp accounts and file manager to new directory ,can you please tell me where i shall found it.........
Bharvi on July 9, 2011 at 10:43 AM said...: So finally .. u posted how to bypass https encryption !!.. gud one man !!
Abreez on July 12, 2011 at 7:44 PM said...: hey please tell me what to do after pasting the cookie value in cookie injector...
Usama.Alvi on July 13, 2011 at 1:15 PM said...: I wanna ask same question as Abreez one.
foyshal.hossain on July 13, 2011 at 2:33 PM said...: cookieinjector script. link is not working . please adjust it
syed aamir on July 18, 2011 at 9:51 AM said...: great article!!!
can you please define a php script to capture cookie in your next article...
Arien said...: (http.cookie contains “datr”) was typed on filter then none data was found!!!!!!!! could you explain me???? I am surfing in a wireless network
Anonymous said...: step 3 and 6 are confusing---what do you mean by appropriate interface?
http.cookie contains “datr”--not working
cookie injector not found for firefox
--please clarify above points--
Rafay Baloch on July 21, 2011 at 2:28 PM said...: @Anonymous 15
Instead of typing http.cookie contains "datr", just type http.cookie and search manually for the datr cookie.
Sandhu on August 1, 2011 at 2:25 AM said...: i get an alert "All Cookies Have Been Written." Please Help Me
Rafay Baloch on August 1, 2011 at 7:26 AM said...: @Sandhu
Yes, you are getting the correct message, Just refresh your page and you will be inside victims account.
=KoG=Siiwiitoo0 on August 2, 2011 at 10:07 AM said...: Rafay, does it works with the NVIDIA Force Networking Adapter... interface?
anonymous on August 9, 2011 at 3:18 AM said...: i've done all the steps,but when i refresh the page nothing happen..please help me
Adler on August 15, 2011 at 9:30 AM said...: Hi, So I have made this facebook account for myself and logged in with it on my own PC and set up my information once. After a while I tried to log in again, but couldn't remember my password. unfortunately the password I used for my facebook account is the same as for my email, so I can't use the "forgot password" option. Having considered that I have used my own PC to log in, is there a way that login information is stored somewhere that I can retrieve them? (accessing cookies, etc) This is very vital for me as I have put some important information on that account without setting up proper privacy setting. Can you please help?
Otaku on August 18, 2011 at 11:37 AM said...: I can't seem to make it work.. :\ I have followed your instructions correctly and tried to hack myself for fun, but it didn't work.. I disabled the HTTPS browsing beforehand.
sharath on August 18, 2011 at 3:14 PM said...: hey , how would i know that after injecting the script , that it's the same account that i'm trying to hack ?
sharath on August 18, 2011 at 3:26 PM said...: i cant even find the “datr” thing manually too , Need help man plz .
how exactly it looks like ?
Niko Akbad on August 20, 2011 at 8:38 PM said...: I am at step 8 and nothing. Please assist

nikochi78@hotmail.com
Anonymous said...: after refreshing the page...nothing happens!! help please!
Anonymous said...: after refreshing ...nothing happens why ?
Anonymous said...: how to hack gmail, if any one have dare to give 100% answer then send to my mail id : aabc8400@gmail.com
Anonymous said...: from ur method it seems i have to know install those software in the victims computer and take is cookie id and then put in my comp and go in to his account.. right??
Anonymous said...: wouldnt i be able to do all this in google chrome instead of using fire fox??
Anonymous said...: what value should be given in 'cookie value'...
oui, mais... on September 12, 2011 at 6:28 AM said...: rafay, u've got to response to this. I admit tht i'm only a script kiddie but you've got to tutor us on how this works. everything i did has been correct up to step 9. after the dialogue box pops out, telling tht the cookie's been written, nothing happens after i click on the refresh button. did i do anything wrong or has facebook upgraded their security system? i'd like to just see it work for once. please.
Rafay Baloch on September 12, 2011 at 8:15 AM said...: @Oui
It appears that you are getting the correct message, It should work, If it still does not work for you, I would need some information about your network.

First of all can you tell on what type of network are you on currently, Is it a wifi network?

Secondly are you on a hub based network or switched based network?.
Anonymous said...: It works perfectly....
oui, mais... on September 12, 2011 at 11:55 PM said...: I think the trick's not working because I'm capturing packets on a secured wireless network? Because I was using my college wireless network on my first attempt and all that was captured were my own data and on my second attempt, I am capturing on a neighborhood(3-4 houses sharing one wifi connection) wireless network where everybody's sick on facebook (they're seriously crazy in love with facebook, can't get off it when everyone's home - maybe a little bit of exaggeration but that's how I see it) but I can't find anything with 'http.cookie contains "datr"' neither with 'http.cookie' for anything regarding facebook? Can this work on a home or office wireless network where the network isn't public but anyone accessing it needs a passcode? I reckon it's still wifi though. I'm just itchin'.
Rafay Baloch on September 13, 2011 at 12:19 AM said...: @Oui
If you can't find the Http.cookie, it means that you haven't captured any of the facebook's traffic. There are wide variety of reasons why a session hijacking attack won't work, If you want to get a better understanding of session hijacking attacks, I would recommend read the three part series on Gmail session hijacking.
Nick Shorty on September 14, 2011 at 8:12 AM said...: hey when I paste the cookie it says.........warning all cookies have been written........and then nothing happens........pls help
Oscar on September 15, 2011 at 7:15 AM said...: Interesting article you've got here. Well visit www.9jaboys.com for mobile and pc stuffs like free browsing tips. Free call, free sms....etc
anmol on September 17, 2011 at 6:20 AM said...: wireshark didnt capture any packets why plz help me
Anonymous said...: How can you figure out the network you're on. Hub or switch base? Now that I'm lost
Echo on September 18, 2011 at 5:24 PM said...: every thing works except the facebook part, I can get the cookies and paste them into the cookie thing but it doesn't log me in. Please help! Im on an acer aspire 4011, verizon wifi hub.
Anonymous said...: everything works but the last part when i regresh the facebook after putting all what you had said it does not login. it still onthe page of facebook login? what is going wrong?
Sweet said...: everything seems to work but the last part on facebook page.when i refresh the page nothing works could you please help!
Anonymous said...: does the person need to be logged in from the same computer or network??
Aditya on September 22, 2011 at 9:54 AM said...: @Rafay Baloch
U have 2 answer this one please!
Why does Wireshark only track the http.cookie of my ip address
only?!
Anonymous said...: I have managed all the steps, but when i open facebook and press "Alt" and "C" no cookie injector comes up. Why is this?
zeroCool on September 23, 2011 at 2:41 PM said...: what if we need to hack victim in WAN no in a LAN?? so the above procedure will still work?? or its failed to hack with WAN?
Anonymous said...: Okay, how do you Manually find the datr?
saad on September 27, 2011 at 4:45 AM said...: please tell about WAN hacking facebook or yahoo or so on
saad on September 27, 2011 at 4:57 AM said...: is there any way to hack passwords with different networks that an attacker and victim use different network not in LAN ???
rahul on September 27, 2011 at 7:00 AM said...: after pasting the cookies in cookie injector then i reload the browser window,,,,nothing happen.why???????please clear the doubt
Anonymous said...: youre cookie injector link is not working.. any other links that i can use?
Anonymous said...: hey ... i pressed alt c but nothing happened :s what should i do !!
HVT Hacker on October 3, 2011 at 3:59 PM said...: Hi rafay plz give a attention here !!

bro , :) ... http.cookie contains "datr" This one is wrong !

plz Update this post .. the correct one is http.cookie contains datr

without quotes " " .. :) hope u understand ..

and the second mistake is -- " Step 2 - Next open up wireshark click on analyze and then click on interfaces. "

It should be open Capture ! then click on interfaces . :)

and yeah my problem plz bro give a solution to this ..

i downloaded and installed wireshark and when i clcik on capture then interface then i get an error like this -- " There are no interfaces on which a capture can be done. "

plz tell me how to solve this problem ?

Hope u reply soon bro ....
Anonymous said...: by d way...........if facebook is used with HTTPS .........thn how can u hack tht id with cookies..bcoz cookies gets expires.........lolz......d best way is keylogger hiding under jpg.
Rafay Baloch on October 6, 2011 at 1:09 PM said...: @Anonymous 55
HTTPS hasn't anything to do with the cookie expiring process, It makes sure that the information passed through the form is encrypted and both the parties can have a secure communication, Facebook does it well in expiring the cookies, but not much when encrypting the cookie.
Ahmad said...: Hey Rafay, r you frm Pakistan??
Anonymous said...: I want to hack the facebook account of someone who unfriend me. Is there a possible way to do that since where not living together? I also can't locate the facebook id number. The only display i got is something like www.facebook.com/xxxxxref=ts. Any reponse will be appreciated. Thankyou.
Anonymous said...: hey does this stuff work on a wired internet connection?
Anonymous said...: hey i tried this i got the message "All Cookies Have Been Written." i refreshed the page...now how to enter into victim's profile ? i typed victim's profile link in the search bar but it wasn't of any use..!
Anonymous said...: brother u gotta answer this one....

how can we b sure that thats the same account we want to hack in.....???

-ash
Anonymous said...: its not doing nothing after i refresh it after last step?! please help
Jacc said...: I got to the pasting the cookie in the box, and it told me "all cookies have been written." How do I fix this? Please respond as soon as possible (anyone), I need to get into this account before tomorrow night!!
Something on October 27, 2011 at 7:28 AM said...: Hey it take me to my own account dude.how i'll get someone Authentication cookie?? plz reply soon
Anonymous said...: Will wireshark work on wifi interface atheros adapter? And Im a bit confused, will it only hack peopel who are using the same network or someone using a deifferent network?
Anonymous said...: rafay please i have no idea of facebook hacking, as someone used my pics in a wrong manner although i send directly by myself. will you please let me know how i can hack the account in order to save myself.

well i have no much idea about facebook and hacking so keeping in view these points so i can do efficently.
Anonymous said...: dude u should help us......
many of us are having same problem .....
nothing happens after refreshing ....what can be the cause...???
Rafay Baloch on November 4, 2011 at 12:51 PM said...: @All those who are not getting into the account after refreshing the page, Here are the possible reasons:

1. You are probably sniffing https:// traffic, which means that the cookie is encrypted.

2. You are probably sniffing on a hub based network.
Anonymous said...: Where I need to paste the script, in Greasemonkey?
Anonymous said...: plizz can u hack dis account n most probably close it...facebook account : mfahim@xtra.co.nz
plizz..he's harrassin me n sayin bad things to me..plizzz
Anonymous said...: Dear Rafa,

I wanna know my wife's facebook password.She logged in using my laptop 15 days ago. Now she is not here. How can I get the password information from that? Please help me

Sadi
Anonymous said...: I think, for this u need physical access to the victim's Computer .
Faizan on November 12, 2011 at 2:13 AM said...: I still cant understand it, If someone is on a wire connection [internet] then how to hack his account??
Almas Malik on November 13, 2011 at 1:09 AM said...: nice..
hey guyzz visit my blog at
www.almashackingtutorials.blogspot.com
Anonymous said...: What am I doing wrong, when every time I try to insert the code, a window pops up, telling me ''All Cookies Have Been Written'' ?

thanks for answering
raja said...: great share
Anonymous said...: Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it. i don't get it
junaid ahmed said...: bro wire shark isn;t capturing any data on my pc. plz help :)
Anonymous said...: Hey it works.
shiya on December 10, 2011 at 5:13 AM said...: itz opening my own facebook account only...not of the victim dude...
shiya on December 10, 2011 at 5:15 AM said...: hey itz showin my own facebook account ..not of the victims ya
Rafay Baloch on December 12, 2011 at 7:32 AM said...: @Shiya
It means that you have captured your own cookies instead of the victims.
Anonymous said...: in step 6 how we will know thhat the cookie is of datr
Anonymous said...: (http.cookie contains “datr”) was typed on filter then none data was found!!!!!!!! could you explain me????
Anonymous said...: (http.cookie contains “datr”) was typed on filter then none data was found!!!!!!!! could you explain me????
shiya on December 13, 2011 at 7:51 AM said...: den how can i capture victims cookie ?
shiya on December 13, 2011 at 7:54 AM said...: den hw can i capture victims cookie ?
shiya on December 13, 2011 at 8:10 AM said...: den hw can i capture victims cookie dude ?
Anonymous said...: ive tried and still cant do it... i know my ex is cheatin on me, but this time i think its with someone i think of as a friends... im tryin to gain his password to his facebook :'( and ive had no success... anyone willing to help me im desperate :(( contact me by my email brandy_b787@yahoo.com
Anonymous said...: i downloaded greasemonkey and cookieinjector scrip, but when i run cookieinjector script i said it is from unknow publisher and wont work :(: here is what i got :line 21
char: 2
Error : "unsafewindow" is undefined
Code: 800A1391
Source: microsoft JScript runtime error

hope u find me a solution mr. rafay
byt thanks for ur aarticles.
Anonymous said...: A message appears saying that "all cookies have been written"then I refreshed the page but nothing happend.Please help me
Unknown on December 19, 2011 at 7:17 AM said...: i took my own facebook cookie i log ou then i logged in still same result when i log out the session dies ?
i tried to inject only the datr it doenst work ?? i tried to extract it doesn also work !!! should i preporm MITM before ?
Anonymous said...: how to capture victims cookies? i try many times but still stucked at there..
other than this,
is it cannot use wifi?
Anonymous said...: I have tried all the steps but i can never get the correct cookie, while I wait the 5-10 minutes do i have to do anything on facebook to actually get the correct cookie?
isaac on December 23, 2011 at 11:53 AM said...: hello rafay i am a fan of yours since i read your work and i was wondering if you could help me out someone hacked my friends (girlfriends) account and i wanted to hack it to get it back but there is a problem apparently the person who hacked her facebook also hack her hotmail so she cant reset the password i tried to use your method but it didnt work so now i wanted to see if you could help me hack her account or what you suggest my email is t_cangri@hotmail.com thx for the help
isaac on December 23, 2011 at 11:54 AM said...: hello rafay i am a fan of yours since i read your work and i was wondering if you could help me out someone hacked my friends (girlfriends) account and i wanted to hack it to get it back but there is a problem apparently the person who hacked her facebook also hack her hotmail so she cant reset the password i tried to use your method but it didnt work so now i wanted to see if you could help me hack her account or what you suggest my email is t_cangri@hotmail.com thx for the help
Anonymous said...: Why can I only capture the cookies on my computer but not other people's computer when they share a same wifi network with me?
Anonymous said...: hey can you tell me how to hack a retro hotel??? a retro hotel is like habbo.co whit many online accounts :) the retro hotels names is :dibbo.dk :) hope you can help me ??
Anonymous said...: I have followed the all procedure stated above. But when i press the ALT+c Nothing happens. Any solution. . .
Anonymous said...: after i refresh,,i still couldnt go to victim's account. I am sure that it is HTTP. so, what am i supposed to do rafa??
thanks

J
Anonymous said...: i cant found interfaces after clicking 0n ANLAYZE...what can i d0?
Anonymous said...: http.cookie "dart" can be found....what do i d0?
Anonymous said...: I can only say SUPERB
Anonymous said...: First of all, this must be a good program...Now i do not want to use profanity but i am sick of all of you here who are trying to get something that does not belong to you. You would not like it if this was done to you. I am a victim on a similer scale on facebook but a very intence one. Here is a change for some of you to do good in life. HELP ME PLZ. I play poker on Facebook and my chips keep on getting stolen over and over again. I have changed my password and login multiple time, installed a new version of windows, bought a new security software, added addon to my browser but still same thing. I get hacked the same day that zynga give me my chips back. They are tracking my issue on a daily basis but its been a while either its multiple people stealing from me or just one. Who ever it is , he or she is good. my wireless is secure, atleast i think so. I use mac filtering and changed the admin password and login as well. dont know what else to do...can someone tell me what can i do...thanks plz reply to aamir_f_khan@yahoo.com
Anonymous said...: rafy bro can u help me out bro i have got the cookies but tell me how to put them ?

i have added Greasemonkey and the cookieinjector is just a script

plz tell me how to use it ?
and where i will fine this wireshak cookie dump ?

bro plz plz plz reply soon
Cool Dyude said...: when i click on interfaces in wireshark, it says "There are no interfaces on which a capture can be done." Please Help
Anonymous said...: hi .. I can not always get it to work when I log on to facebook so I have only been opened my own account sometimes .. What should you do if you want to open someone else's account we mail or ID number .. I want to hack a specific account because the person behind the account hetzer people and illegal sites etc.. I really hope you will help. You may want. send me an email to facebookteam093@gmail.com
æ3a said...: hi .. I can not always get it to work when I log on to facebook so I have only been opened my own account sometimes .. What should you do if you want to open someone else's account we mail or ID number .. I want to hack a specific account because the person behind the account hetzer people and illegal sites etc.. I really hope you will help. You may want. send me an email to facebookteam093@gmail.com
Anonymous said...: So does it work if the victim is using a different computer but using the same wifi?????
Anonymous said...: What can I do to solve the hub issue? Do I need to buy switch or is there another way?
Anonymous said...: is nok work please help
Anonymous said...: Hey this work today because i find the datr cookie and inject but when reload the web appear facebook to login or open my facebook
Anonymous said...: Alt +C not working
Anonymous said...: i mean cookkie injector is not working
jbsoft on February 29, 2012 at 4:16 AM said...: No offence and I don't want to promote it, but could someone tell me if hijacking/hacking facebook is possible? I came across a posting at google groups, there is a guy who can actually get you password of your enemies. Funny, hah!

If there is any one around here with some good knowledge, do share it out here. For the reference, here is group url: http://groups.google.com/group/pay-to-click/browse_thread/thread/1cab446b734697c7
Anonymous said...: You dont need wireshack to do this you can go to google chrome inspect element--> resources-->local storage. Also i think this doesnt work bcause facebook got https
Anonymous said...: hi want to hack facebook account please help me
fari.haral on March 12, 2012 at 7:47 AM said...: Dear brother, I have tried to hack facebook account using this trick but yet i am unable to perform it. I successfully steel the cookies using wireshark and inject them but when i refresh the page, nothing happens. plz brother help me plzzzzzzzzz
cntiong on March 14, 2012 at 8:43 AM said...: how can i choose a victim?
cntiong on March 14, 2012 at 8:44 AM said...: how to know im hacking whose account and how to choose victim?
Anonymous said...: hey this happens only when both r on same netwrk rite...
datta on March 23, 2012 at 7:20 AM said...: i am getting the sane login page after refreshing.... how to do i am not understanding.. please help me
datta on March 23, 2012 at 7:22 AM said...: hey i am not understanding what are u saying... ia m getting the same login page after refreshing....... how to do it...please help me...
ishaktop on April 6, 2012 at 4:15 AM said...: cant capture packets using wireshar..help me please..
ishaktop on April 6, 2012 at 4:24 AM said...: cant capture cookies by using wire shark..bcos i'm using Huwai usb nodem...if u can help me pls...
Βασίλης Καραγεωργίου on April 9, 2012 at 3:25 PM said...: If I can have access to another computer's cookie directory, is there any way to extract the datr file and use it, or it has to be online to hack the account? I am searching my own cookie directory, but i use chrome and i am not sure that I have found the right datr format. I used SQLite Manager to extract the cookie directory for chrome, and I import the results in the Greasemonkey but nothing seems to happen.
If you could tell what I am doing wrong it would be very helpfull.

Thanks in advance
Βασίλης Καραγεωργίου on April 9, 2012 at 3:26 PM said...: If I can have access to another computer's cookie directory, is there any way to extract the datr file and use it, or it has to be online to hack the account? I am searching my own cookie directory, but i use chrome and i am not sure that I have found the right datr format. I used SQLite Manager to extract the cookie directory for chrome, and I import the results in the Greasemonkey but nothing seems to happen.
If you could tell what I am doing wrong it would be very helpfull.

Thanks in advance
Chetan Wadhwa on April 10, 2012 at 4:04 AM said...: I am Able to copy cookie of my own account and gaining access to mah account ........ but how can i find cookies of another people account on the same wi-fi connection ?????? i m getting cookies of my own account only on wireshark ................my gmail is
tochetanwadhwa@gmail.com
Chetan Wadhwa on April 10, 2012 at 5:59 AM said...: sir ......... will u plzz tell me that how to select interface on a wi-fi network in wireshark to get coookies of another's gmail accounts active on same wi-fi network ???
Anonymous said...: Cookie Injerctor dont pop up.
Tuaha Jawaid on April 15, 2012 at 9:24 AM said...: The following display filter isn't a valid display filter:
http.cookie contains “datr”
Help ??
Tuaha Jawaid on April 15, 2012 at 9:25 AM said...: The following display filter isn't a valid display filter:
http.cookie contains “datr”
help
Anonymous said...: It goes to my own facebook page. how do i get the victims cookies?
Ashraf drissi on April 24, 2012 at 2:18 AM said...: Guys to those who do not see any result after pressing ALT + C , please follow this :
1-Go to Tools (press alt if you are using last firefox version)

2-go to Greasemonkey > Greasemonkey-options

3-then press " Add " and write the website you have cookie for NOTE:(exept Gmail & google ) and make sure the website followed by " * " expmle : http://www.facebook.com/*

4- then click at Ok
and open http://www.facebook.com/ (without the " * " ; make sure you are not logged in.

5-and press ALT + C , and past the cookie you have copied from wireshark , (at the copying step , at the details of the packet you captured look for " Cookie : " and right click at the cookie line and Copy>Bytes>printable only.

6-Now refresh the facebook page ( F5 )
Congratulations you are done.
Anonymous said...: it is working 100% perfect thanks rafay
to those people who said that it doesnot work
you have to log to the facebook account and donot logout because when you logout the cookies ends and you could do that from internet explorer browser and use the cookies on the firefox by alt+c and paste then refresh while opening the account from another explorer without logging out
Anonymous said...: guys if the password had changes from other pc this can work??
plzzz answer
Anonymous said...: This capturing way just succeed packets between your own local computer and server/website that you visit not whole network or specific IP address
tani said...: hey when i use wireshark and click on start it says no packet capture..??why plzz help
Anonymous said...: how can i capture interfaces if i am using wireless as my internet connection ( it's like an internet using a flash drive)
Syed R on June 11, 2012 at 11:25 PM said...: thankxxx... i needed it badly.
Abhi said...: It s not working....After i do everything...my filter directs me to a result...something like....ajax/chat/buddy......(something like that)...i copy it as Directed...n inject it...after getting the message cookies have been written....i refresh n i dont get anything....the same login page gets reloaded again!!!....i am using broadband...PPoE....n at some on a single connection...on single computer!!...and whats that...End to end encryption?
Debjit Ghosh on June 25, 2012 at 12:18 PM said...: can u tell me, what is useful to capture packets on a 3g usb connection
fazil malik on June 28, 2012 at 5:52 AM said...: Please, tell me how can i get a cookie from any friends browser
and i tried this but it is not working!
fazil malik on June 28, 2012 at 5:56 AM said...: Please, tell me how do i get cookie from friends browser?? And i tried this , but it is not working!! when i set a cookie into cookieinjector after that automatically redirect into google and this process remain continue!
Anonymous said...: Hey after refreshing nothing happens.......what to do.....
Axel ruiz diez on July 2, 2012 at 5:58 PM said...: First, thank you for this and for the answers that you give to us ;)

Then, I need u're help, Everything work until the "refresh moment", when I refresh, nothing happens, and I'm french so I did'nt really understand what you said before :/ so could you explain for me what's the problem, knowin that I'm (on/in) wifi, and the account i'm tryin to hack, is (in/on) https, so what can I do ? Thanks for all again, bye.
Anonymous said...: Incognito-browsing.. Automatically prevents from cookie stealing

In Chrome..
Ctrl+Shift+N - Incognito mode

In Internet Explorer
Ctrl+Shift+P - Inprivate mode

Good Luck,
aAnonymous
Anonymous said...: after downloading and installing wireshark, when im opening it its coming The procedure entry point DecodePointer could not be loacted in the dynamic link library KERNEL32.dll. What to do?? Please help!
Anonymous said...: IF our victim is online on FB from cell, will this work?
Jenny said...: I've gotten everything down except once I copy and paste the code and then refresh the screen, nothing happens... HELP!
Oğuzhan TÜRK on July 19, 2012 at 2:24 AM said...: http.cookie contains datr doesnt work it has syntax error pls help
turkog@itu.edu.tr mail me
Oğuzhan TÜRK on July 19, 2012 at 2:25 AM said...: http.cookie contains datr doesnt work it has syntax error pls help me turkog@itu.edu.tr mail me pls
Anonymous said...: Does this work on a remote computer? for example I want to hack and account but the person is logging in from Argentina.

Thanks :)
Anonymous said...: If I have access to a person's cookies on a shared computer, can I just take the cookie .txt file from their user appdata folder and get the value that way? If so, how do I get the value once I have the .txt file?
Anonymous said...: But how i access to a exact victim's account?
Anonymous said...: This only works on your network.. Argentina won't work.. To set up wireshark you have to choose your interface first but selecting either wlan0 for wifi of something like eth0 for wired.. If not then wiresshsark doesn't know where to capture from. You can set that up right in the menu. After choosing an interface hit start capture and follow the instructions for session stealing. And if you want the exact account then steal the exact cookie for his account.
myittricks.com on August 1, 2012 at 6:43 AM said...: Good Article.I'll try this and reply again,
Anonymous said...: hey firesheep is not working on firefox 14.0.1
Anonymous said...: how to know who are you hacking????
Anonymous said...: did it work on datastick ?/////////////////?????????????????????????????????
n which browsser???????????
John on August 7, 2012 at 11:32 PM said...: now...I cant get it to work..Doesnt do anything when i refresh,,any more detailed descriptions on what to do?
John on August 7, 2012 at 11:33 PM said...: Now..What do i do when i get in there, when i refresh it does nothing. How do you control it...Any more specific instructions?
mani on August 14, 2012 at 2:29 PM said...: i get this error "All Cookies Have Been Written" then i refresh the page but not working.... plz help
mani on August 14, 2012 at 2:33 PM said...: i get some msg as you reply to:Sandhu

Yes, you are getting the correct message, Just refresh your page and you will be inside victims account.

but its not working.... plz reply...
Me.likey on August 31, 2012 at 4:31 AM said...: I followed the steps, but ended up with the same problem as most of the people: when refreshing, nothing happens. Could it be becauze i am using a hub based network ? It s a computer, not a laptop.
Me.likey on August 31, 2012 at 4:32 AM said...: I followed the steps and ended up with nothing happening after the refresh. I am using a hub based network. What seems to be the problem ? :/
Me.likey on August 31, 2012 at 4:36 AM said...: Please help...
Anonymous said...: In Step 7, you say to "right click on it and goto Copy - Bytes - Printable Text only."
What, exactly, is "it"? Where would I find it? Help please? Thanks.
Anonymous said...: how to hack fb using above method, if a person is on hub network...
simplyamjad on November 14, 2012 at 5:10 AM said...: it really works man.....i logged on to my account and stole my own cookie through Wireshack and i successfully logeed in...
Admin u deserve my respect man.......
Anonymous said...: what to do with cookieinjector script
Anonymous said...: i could not able to bring up the cookieinjector with alt+c, is there any other way to bring that up ?
Anonymous said...: how do i identify the information that i found is the one who im going to hack?
Jack on December 14, 2012 at 5:29 AM said...: Facebook nolonger http, now cookie cant sniff through https:// ssl protected website... need to use other method to disable ssl/https and sniff to http://
Anonymous said...: Error on opening the cookie injector ... how to fix it sir.?
tnx
Tooba said...: This is useless! it isn't working :@
Anonymous said...: I need your help please i did every thing 1 by 1 but i start interfaces i never find any datr files
Anonymous said...: if you wanna prevent the session stealing please sure that you are not in a hub environment. Well yes we can still sniff by ARP pois. in a switch environment, just in order to make it harder to do it. You may use things like HMAC to sign the variables for the web server and browser to check it by codes like:

----------------------------------------------------------------

< F'k(m) > < C >
HMAC(ve,k)= hash --------> user -------> server
|
|
< HMAC(ve,k) > V
if hash == HMAC(moded(ve),k) <----------- compute
else print {error};
[drop session]

-----------------------------------------------------------------
Anonymous said...: When i clicked on interfaces it said I've got none... so now what.
Tanzeel Ahmad on May 16, 2013 at 5:26 AM said...: Hey listen, I did everything you said and it all went normal, but when i pasted the cookie in that text box, i get a message saying "all cookies have been written" and then i hit enter. the n as you said i refresh the page but ABSOLUTELY NOTHING HAPPENS. and yes the victim was logged in during that time. Please help me man. thanks.