Welcome to XnonymouX Blog

Saturday, 9 February 2013

Hack Facebook account using MITM attack : Part 2

By on 23:40

Prerequisite : Part 1 on MITM attack .
Till now we were success full in routing data of victim through our computer. now the main part begins.
Step 2 : Sniffing Intercepted data
Wireshark will help us in reading data packets , so follow these steps :
  • Start Wireshark.
  • Go to “Capture”->”Interfaces” and select your interface . Select one with ethernet. click on Start.
step 1
  •  Your screen will start flooding with data packets. The window shows your data packets along with victim’s data packets.
  • In the filter type “http.cookie contains datr” . This expression will filter out cookie containing value datr. Why datr only , check previous tutorial. To know more about expressions check this.
Enter expressions
  • To extract values from cookies, right click on any of the HTTP packets and select “follow TCP stream”.
  • Make sure you not having your own facebook account open in browser. Because then you might end up reading your own cookie.
  • You will find cookie values in pop up window. Copy cookie portion (as shown in pic below ) and save in notepad , we gonna need this later.
copy cookies
  • Now we have to insert these values in browser. There are many methods to insert like extensions in chrome and addons in firefox. I recommend Greasemonkey addon.
  • Install Greasemonkey. Restart firefox and install Cookie Injector script .
  • Go to firefox options and in privacy section click on remove individual cookie. Then clear cookies of facebook.com .
  • (Here comes interesting part) Now open facebook.com and type ALT+C . A popup will appear to enter wireshark dump.
Enter Cookies
Enter Cookies
  • Enter cookie data copied earlier and press OK.
  • Referesh facebook.com. BAM! you are in.

1 comments:

  1. View the Net Worth of Celebrities, Athletes, Rappers and other Famous Movie Stars. World's Most Comprehensive Celebrity Net Worth Encyclopedia
    celebrity net worth
    celebrities net worth

    ReplyDelete