Three days ago I finished the series on
Gmail Session Hijacking and Cookie
Stealing , due to a tremendous
response of readers I planned to write a
post on Facebook cookie stealing and
Session hijacking. Facebook session
hijacking can also be accomplished via
a very popular tool called Firesheep(On
a Wifi Network Only), which I won't be
explaining here because I have already
written it before in my post Facebook
Hacking Made Easy With Firesheep
In this tutorial I will explain you how an
attacker can capture your
authentication cookies on a local area
network and use them to hack your
facebook account, Before reading this
tutorial I would recommend you to
part1, part2 and part 3 of my Gmail
Session Hijacking and Cookie stealing
series, So you could have better
understanding of what I am doing here.
Gmail Cookie Stealing And Session
Hijacking Part 1
Gmail Cookie Stealing And Session
Hijacking Part 2
Gmail Cookie Stealing And Session
Hijacking Part 3
Facebook Authentication Cookies
The cookie which facebook uses to
authenticate it's users is called "Datr",
If an attacker can get hold of your
authentication cookies, All he needs to
do is to inject those cookies in his
browser and he will gain access to your
account. This is how a facebook
authentication cookie looks like:
Cookie: datr=1276721606-
b7f94f977295759399293c5b07676
18dc02111ede159a827030fc;
How To Steal Facebook Session Cookies
And Hijack An Account?
An attacker can use variety of methods
in order to steal your facebook
authentication cookies depending upon
the network he is on, If an attacker is
on a hub based network he would just
sniff traffic with any packet sniffer and
gain access to victims account.
If an attacker is on a Switch based
network he would use an ARP
Poisoning request to capture
authentication cookies, If an attacker is
on a wireless network he just needs to
use a simple tool called firesheep in
order to capture authentication cookie
and gain access to victims account.
In the example below I will be
explaining how an attacker can capture
your authentication cookies and hack
your facebook account with wireshark.
Step 1 - First of all download wireshark
from the official website and install it.
Step 2 - Next open up wireshark click
on analyze and then click on interfaces.
Step 3 - Next choose the appropriate
interface and click on start.
Step 4 - Continue sniffing for around 10
minutes.
Step 5 - After 10minutes stop the
packet sniffing by going to the capture
menu and clicking on Stop.
Step 6 - Next set the filter to
http.cookie contains “datr” at top left,
This filter will search for all the http
cookies with the name datr, And datr as
we know is the name of the facebook
authentication cookie.
Step 7 - Next right click on it and goto
Copy - Bytes - Printable Text only.
Step 7 - Next right click on it and goto
Copy - Bytes - Printable Text only.
Step 8 - Next you’ll want to open up
firefox. You’ll need both Greasemonkey
and the cookieinjector script. Now open
up Facebook.com and make sure that
you are not logged in.
Step 9- Press Alt C to bring up the
cookie injector, Simply paste in the
cookie value into it.
Step 10 - Now refresh your page and
viola you are logged in to the victims
facebook account.
Note: This Attack will only work if
victim is on a http:// connection and
even on https:// if end to end
encryption is not enabled.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment