Pin It

Hack A Facebook Account With ARP Poisoning



This article is a revised and a more advanced version of what we learned in the post "Facebook Cookie Stealing And Session Hijacking", before i get started, i would like to share that i have just passed my CCNP route examination with 95.3 percent and i am preparing for my CCNP switch examination therefore i would not be able to post for a while, however our Cheif Editor "Dr Sindhiya Junjeo" will continue to update you with latest hacking news until i return. So Let's get back to the tutorial.

In our previous post, "Facebook Cookie Stealing And Session Hijacking" i used a packet sniffer called "Wireshark" to capture packets on a wireless network and finally captured facebook's authentication cookie and replaced the victims authentication cookie with our own authentication cookie allowing us to hack the facebook account. However this post would be more related to hacking a facebook account on a LAN with ARP Poisoning or Man in the middle attack.

Lan Sniffing - Core Concepts

  • If you are sniffing on a local area network (LAN), first of all you should make sure that your Network card is in the promiscuous mode. 
  • Next up you should know the difference between a hub and a switch based network, in case of a hub based network a normal packet sniffer would do the job, however in case of a switch based network we would need to launch an attack called "ARP Poisoning attack" or "Man in the Middle attack" in order to route the victims traffic through us. 
Before reading this tutorial I would recommend you to  part1, part2 and part 3 of my Gmail Session Hijacking and Cookie stealing series, So you could have better understanding of what I am doing here.

Logic And Methodology:

The tutorial is divided in to three main steps:

Step 1

First of all we would use "ARP Poisoning" or "Man In the Middle Attack" in order to poison victims "ARP CACHE" and route all the traffic through our computer.

Step 2

Since all the traffic would be rotued through our computer, we would simply launch a packet sniffer (Wireshark) and capture the authentication cookies for facebook.

Step 3

Finally we would replace the victims authentication cookie with our cookies and therefore hacking into victims Facebook account. 

Tools

Hack A Facebook Account [ARP Poisoning] {STEP 1 }

I have wrote lots of tutorials on ARP Poisoning, therefore i won't got into much details on how it works. We would use a tool named "Cain And Abel" to accomplish this task. So here is how we will use "Cain And Abel" to carry out a Man in the Middle attack to hack a facebook account.

Step 1 - Download "Cain and Abel" from the link above and launch it.
Step 2 - Turn on the sniffer by clicking on the Green button at the top, Next scan for the Mac Addresses by clicking on the plus sign (+) at the top. 


Step 3 - Once you have scanned all the Mac Addresses and IP addresses, it's time to perform the Man In the middle attack. For that, Click on the APR tab at the bottom and then click on the white area in the top frame. This will turn the "+" sign into blue color.


Step 4 - Next click on the "+" sign, lists of hosts will appear, select the hosts which you want to intercept the traffic between. In my case at the left side would be my default gateway and on the right would be my victim hosts. 

Step 5 - Click ok and then finally click the "Yellow Button" just under the file menu of  "Cain and abel", Now it will start poisoning the routes in a short span of time and you would start to see traffic being captured by cain and abel. 



Monitor a Facebook Account from any where in the world

Hack A Facebook Account [Packet Sniffing Wireshark] {STEP 2}

So, since we have already poisoned victim's ARP Cache, all the traffic going from the victim to the router will be captured by our packet sniffer (Wireshark). But before we capture the cookie, i would like to explain briefly regarding "Facebook Authentication Cookies".

Facebook Authentication Cookies

Well, at the time i wrote the tutorial "Facebook Cookie Stealing And Session Hijacking" Facebook used "Datr" as their authentication cookie, Now facebook uses two cookies instead of one, namely "c_user" and "xs" for authenticating a user. Therefore we would need to capture both of these cookies and replace them with our cookie to hack a facebook account.  So here is how you would capture authentication cookies with facebook. 

Step 1 - First of all download wireshark from the official website and install it.


Step 2 - Next open up wireshark click on analyze and then click on interfaces.


Step 3 - Next choose the appropriate interface and click on start.


Step 4 - Continue sniffing for around 10 minutes.

Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

Step 6 - Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.



Step 7 -  Next right click on it and goto Copy - Bytes - Printable Text only.


Step 8 - Now you would see lots of cookie values, however c_user and xs would be the only ones of our interest. Copy both of the values in a notepad. 

Hack A Facebook Account [Cookie Editing] {Step 3}

Now, finally it's time to hack a facebook account by using the cookie values we captured, for this purpose you would need a cookie editor, I will use a firefox addon called "Cookie Manager" to replace the cookies.

Step 1 

First of all open up firefox and browse to http://facebook.com.

Step 2  

Next open up the cookie manger (Tools - CookieManager+)



Step 3  

Next click the "add" button.  Fill in the following values: (Take a look at the screenshots below for more clarification)

For Authentication Cookie: c_user

Name: c_user
Value: The value of the cookie that was captured.
Host: .facebook.com

For Authentication Cookie: xs

Name: xs
Value: The value of the cookie that was captured.
Host: .facebook.com


Step 4 -

Next click on the save button, Finally you just need to refresh your page and you would be logged in to the victims account, thus you have hacked a facebook account by session hijacking attack. 



Note: This Attack will only work if victim is on a http:// connection and even on https:// if end to end encryption is not enabled.

I hope you have enjoyed the tutorial as much as i have enjoyed while making it, if you have any questions feel free to ask, Feel free to share it with your friends so they can know the dangers of browsing over a http connection. 

P.S: If you would like to learn more methods to hack in to facebook account, kindly refer my Facebook Hacking Course

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.

Subscribe to RHA


Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!


Tags:


Kindly Bookmark it and Share it with Friends:

39 comments :

Samar on October 30, 2012 at 7:55 PM said...

First of all, congrats for your grades. And, good article. On the next article about ARP poisoning, I would expect a manual ARP poisoning tutorial by packet editing from you. Also, a bit more technical description about ARP would be appreciated.

Mahesh Verma on October 30, 2012 at 11:09 PM said...

Awesome Tutorial And Good Information :)

amad on October 30, 2012 at 11:10 PM said...

Hi, Rafay you have prided a wounderful method. But i Am facing a problem is that i am not getting MAC adresses of victum. because I have not activated the promiscuous mode. i have seen in the following link that how to activate the promiscuous mode.

http://windows7themes.net/enable-promiscuous-mode-manually-in-windows-7.html


But the "netsh bridge set adapter" command is not working. due to which i could not able to activate the promiscuous mode.
So help me out That Either i need to activate it not??/ but i think i must need to activate it. Because i am using PTCL LAn net. Due to non-promiscuous mode, when a NIC receives a frame, it normally drops it unless the frame is addressed to that NIC's MAC address or is a broadcast or multicast frame.


My next Question is that how i get victum's IPs. By clicking Their Id or how?

Rafay Baloch on October 30, 2012 at 11:21 PM said...

Thanks for the compliment. At first i was planning to write a manual tutorial via packet editing (Wireshark) but later decided that it would make things a bit complicated for the readers, therefore i used cain and abel for ARP Poisoning, i have written lots of tutorial on ARP Poisoning and now looking forward to move towards web application attacks as per readers requests.

Anonymous said...

Awesome Tutorial Rafay this tutorial is for windows users what about using Ethercap ARP poisioning in backrack 5 and using wireshark it will work right but just more complicated then this....by the way thnks for this tutorial and many others....

amad on October 31, 2012 at 4:58 AM said...

That Would Be So much Nice THat If you Provide Us tutorial about Packet editing???? And Much More !! Just Provide uS We really need to Learn It!

Rafay Baloch on October 31, 2012 at 5:51 AM said...

@amad
Are you on a wireless network?

Rafay Baloch on October 31, 2012 at 5:53 AM said...

@Anonymous 5

Though Ettercap has more capabilities but cain and abel is more usefriendly as comapred to ettercap.Therefore i decided to write on cain and abel.

Anonymous said...

Someone can recommend me some books except programming ... I want play hack. thks!

amad on October 31, 2012 at 7:05 AM said...

Actually I am using PTCL Net using Wire It is not wireless. But I am not Getting Number of IPs' In Step To Just Getting Only One IP Of my net 192.168.1.1 Nothing more. But In Step Tw0 And Four There are plenty of IPs' of victums and all host of sub net??? What is the mistake i am doing that i have not set my LAN to promiscuous mode. how to set it on promiscuous mode to my connection?

Anonymous said...

Thanks for the cool Info dude!
Btw while searching through google I found this facebook hacking website,they claim that their system can hack any facebook account in minutes and this is a free service too. hack a facebook account
Does this kind of websites work?

Dr. RDS on November 2, 2012 at 3:53 AM said...

hack a facebook account

Anonymous said...

@rafay baloch bro then can we change the password of victim or not..

Guppu Boss on November 8, 2012 at 5:59 AM said...

Can we hack someone's Facebook account if i have his IP address???

---------------------------------
http://www.internetDreamz.com/

Anonymous said...

Salam,

guys grow up now.what hacking hacking you guys are talking about.first of all try to clear your concept.about hacking and all IT. this goes for Mr Raffy Baloch aswell. doing ccna/ccnp/ccie or rest of Cisco certifications will never make you a leet class hacker.a real hacker don't bark or try to make himself a famous hacker.like rafay is doing with the help of softwares. a real hacker don't need softwares like ( wireshark & others ). Rafay you seems to be a teenager or a kid. i am using the computer from 10 years in my whole life i have seen the classy guy which is a pakistani. he Dont make blogs/tut/facebookpage/or any advertisement. that pakistani guy deserve the respect of everything in IT. he dont call himself a hacker. but i must say he is the best of all. because i have seen his work. i have seen the magic of his skills. his nickname is ( Legend ). nobody knows his real name or detail. Mr Rafay Baloch you made so many advertisments of ethical hacking.which have no concern to people.you are teaching them to hack or telling them how to secure themselves ?. do you know what basicly you are doing with them ?? what are you ?

Rafay Baloch on November 27, 2012 at 8:38 AM said...

@Anonymous 15
Well, I disagree with you.

1st of all try to clear your concept.about hacking and all IT. this goes for Mr Raffy Baloch aswell. doing ccna/ccnp/ccie or rest of Cisco certifications will never make you a leet class hacker.a real hacker don't bark or try to make himself a famous hacker

Answer: Friend, I never mentioned any where that doing CCIE would make you a great hacker, Did i?, so you have no right to give statements about me.
You even don't know what's the definition of a hacker?, According to you ". a real hacker don't need softwares like ( wireshark & others ). Rafay you seems to be a teenager or a kid. i am using the computer from 10 years in my whole life i have seen the classy guy which is a pakistani. he Dont make blogs/tut/facebookpage/or any advertisement.", Where did you read that definition that a real hacker does not need a software, Tell me a single resource.
If you don't know the definition yourself then you have no right to say what's wrong and what's right.

Anonymous said...

ok im reading all this stuff im like whoaaa ... i just want to get to my future spouse facebook or email. to see what going before i end up marrying a phony ... my instincts are telling he is hiding something.cuz when i walk by my desktop acts like hes watching something. is there a simiplier way to acess his email or facebook. or can i give u the email address and you get the password for me??? can you let me know as soon as possible
id really appreciate it

vove22

Phạm Hữu Trường on November 30, 2012 at 4:57 AM said...

Thank you Mr.Baloch. i've see many clip about hacking facebook on youtube and all of them are @#$%.
Iam moving my first step to become a hacker, my knowledge about . I've read your tutorial but i've a question, can you hack an account from a long distance? like from USA to some where in Asia?
Or this tutorial just about hacking in LAN?
Sorry, i come from a country do not use English, my English is not well enough.

Phạm Hữu Trường on November 30, 2012 at 4:58 AM said...

Thank you Mr.Baloch. i've see many clip about hacking facebook on youtube and all of them are @#$%.
Iam moving my first step to become a hacker, my knowledge about . I've read your tutorial but i've a question, can you hack an account from a long distance? like from USA to some where in Asia?
Or this tutorial just about hacking in LAN?
Sorry, i come from a country do not use English, my English is not well enough.

Phạm Hữu Trường on November 30, 2012 at 5:13 AM said...

thank you Baloch.
can i ask you this question?
Because i'm a newbie in hacking, i've a few knowledge about computer. Is this work if i want to hack account of my friends from a long distance? for example from USA to some where in Asia?
Please do not blame me because iam very curious about hacking.. Thanks a lot

Phạm Hữu Trường on November 30, 2012 at 12:40 PM said...

thank you for the tutorial. i am a newbie in hacking. I want to ask you a question. I can only hack account by this programm when the victim and me are in LAN or we are using the same wifi? because iam stay really far from my victim and i want to hack them

javaid saleem on December 9, 2012 at 12:48 PM said...

hi rafay i have captured cookie but by another method please tell me how to use it this is cookie

[Cookie:
domain: facebook.com
path: /
c_user=100004491761350;]
[Cookie:
domain: facebook.com
path: /
datr=mVxvUOKBVUHroc3Rrkp2UsoG;]
[Cookie:
domain: facebook.com
path: /
lu=Th_68dlsgOjtwBtOfEB0_D3g;]
[Cookie:
domain: facebook.com
path: /
xs=62%3AE84bDn4sLPYNag%3A0%3A1350421730;]

plzz tell me how to use it

Adil Ikram on December 11, 2012 at 1:12 AM said...

bro mje ye cain n able me http me jo passwors atey h ye btao unko describe kese krna h plz

Anonymous said...

@anonymous 15

lolz i think u didnt saw what u wrote :p .. u mentioned no one knows who is he or his name(the pakistani hacker). than how did u find it out ^.0 . knowledge is free my brother.if u mean hackers doesnt have to teach or show others his trick,than a Teacher also doesnt has any rights to teach u or us,do u agree with that? huh! ofcourse not.by the way using computer for 10 years doesnt makes u a hacker either :p. well i just said what i meant.not to hurt anyones thinking.

@rafay bro aap sabke sunte ho mere liye bhi ek post mar do yaar :D pliz !!

Rafay Baloch on December 11, 2012 at 9:18 AM said...

On what buddy?

javaid saleem on December 12, 2012 at 7:32 AM said...

hi rafay i have captured cookie but by another method please tell me how to use it this is cookie

[Cookie:
domain: facebook.com
path: /
c_user=100004491761350;]
[Cookie:
domain: facebook.com
path: /
datr=mVxvUOKBVUHroc3Rrkp2UsoG;]
[Cookie:
domain: facebook.com
path: /
lu=Th_68dlsgOjtwBtOfEB0_D3g;]
[Cookie:
domain: facebook.com
path: /
xs=62%3AE84bDn4sLPYNag%3A0%3A1350421730;]

plzz tell me how to use it

Anonymous said...

rafay bro will it work if i use a warless network/modem?

Anonymous said...

What if they using like facebook app using iphone/android phone? Can i hack using this? Thks..

Andromeda on February 1, 2013 at 4:43 AM said...

How do I hack an account if i'm not on a wireless network. I have a telephone and modem sort of connection where you have to plugin to your Ethernet port (a wired connection ?)
I tried Wireshark. It doesn't sniff any packets except the ones from my computer.
I tried Cain and Abel. It shows just one Mac address and says "you need atleast two hosts to start ARP entry"
Do i have to go for Phishing and Keylogging ?

Andromeda on February 1, 2013 at 4:44 AM said...

How do I hack an account if i'm not on a wireless network. I have a telephone and modem sort of connection where you have to plugin to your Ethernet port (a wired connection ?)
I tried Wireshark. It doesn't sniff any packets except the ones from my computer.
I tried Cain and Abel. It shows just one Mac address and says "you need atleast two hosts to start ARP entry"
Do i have to go for Phishing and Keylogging ?

Andromeda on February 1, 2013 at 4:53 AM said...

Hey Rafay, learned a lot form your articles. Kind of a newbie !
How do I hack an account if i'm not on a wireless network. I have that telephone and modem connection where you have to plugin to the Ethernet port (wired connection maybe?)
I tried Wireshark. It sniffs packets sent only from my computer.
I tried Cain and Abel. It always shows only one Mac Address when i search for it and says "You need atleast two hosts to set an APR entry"
Do i have to go for Phishing and Keylogging ?

INNOCENT HEART on February 24, 2013 at 12:25 AM said...

I HACK THIS ACCOUND

Syed Zeeshan Ali on March 29, 2013 at 2:59 PM said...

There are many ways to hack facebook account, but nobody know to save your facebook account. Keep to save your account otherwise, behalf the hackers like Rafay can hack your account easily

Syed Zeeshan Ali on March 29, 2013 at 3:00 PM said...

There are many ways to hack facebook account, but nobody know to save your facebook account. Keep to save your account otherwise, behalf the hackers like Rafay can hack your account easily.

Very Nice Post. I appreciate your thinking

Anonymous said...

this methode works only when the victim is around but if the victime is on a long distance howa ti get his cookies

chintan vadod on June 4, 2013 at 9:48 PM said...

Hey Sir i Want to Hack My Girlfriend Account for the only Loyalty Test then How can i do this??? plz give me tha answer with proper solution.,....

Anonymous said...

i have my suspicions my boyfriend is cheating online, its been driving me crazy for weeks and i want to know the truth, is there a way i can hack his fb or his email without having to install anything on his computer im not that savvy but im qiuk to learn

Anonymous said...

Good day sir, i would like to know what is the fastest video downloader which is free?

Anonymous said...

Complicated, Here you should also Define Ettercap too, and ARP Posioning on Wlan0

Dare to ask? :)

Blog Archive

 

Recent Comments

About

Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.