Guide [Mitm]Facebook Cookie Stealing On Linux

[WebDAV]

[align=center]Here is how to access someone's facebook on your network

 

Facebook send a cookie to the person loggin in in order to keep him signed in

so our job is to get that cookie and use it to bypass login so we can use that facebook account without user/pass.

 

Since im doing it from ubuntu, i need to install all the tools needed, here they are:

 

______________________________________________________________________________________

Gather your tools:

 

[*] Add grease monkey to firefox

 

[*] Install the greasemonkey cookie injector script from here

[spoiler='']

Copy and past the javascript and save it as Snipa@HackCommunity.user.js [spoiler=image]

To install the script just drag and drop it in your firefox page[spoiler=image]

A box will pop up to install the script just click install [spoiler=image]

(note that greasemonkey should be enabled and you need to restart firefox in order to work)

 

 

[*] Install ettercap [spoiler='']

 

 

 

[*] Install SSLstrip [spoiler='']

 

 

 

[*] Install dsniff [spoiler='']

 

 

 

[*] Install wireshark [spoiler='']

______________________________________________________________________________________

 

 

Explanation:

 

To get the cookie , we need to see the traffic on our network, this is why we need wireshark

One problem oppose, we want to see data send to/from a certain ip address , this mean you need the local ip of your target ; in this case its 192.168.1.104

Now we capture the cookie, and use it to login to facebook, this is done with greasemonkey

 

______________________________________________________________________________________

 

 

The attack:

 

[*] Enable ip forwarding to be able to resend data that we get[spoiler='']

 

 

 

to enable ip forward:sudo sysctl -w net.ipv4.ip_forward=1to check if done corretly:cat /proc/sys/net/ipv4/ip_forward

 

 

 

 

[*] Enable ip tables to redirect the target from port 80 to 1000 for SSLstrip to work [spoiler='']

 

 

 

 

[*] Start SSLstrip [spoiler='']

 

 

 

 

[*] ARPspoofing to position ourselfs between the router and the client (target) [align=right]-dsniff-[/align]

[spoiler='']

 

 

 

 

 

 

 

[*] Start wireshark and select an interface to start seeing the traffic[spoiler='']

 

 

 

 

[*] Type this in the filter, and wait for the target to login on facebook [spoiler='']

 

 

 

 

[*] When he login, you will see this, just copy the printable text only, like i did [spoiler='']

 

 

 

 

[*] Now inject the cookie in your webbrowser, go to facebook, and press ALT+C to see this input box, and past there [align=right]-grease monkey-[/align][spoiler='']

 

 

 

 

[*] You can now refresh facebook, and there you go, you are logged in [spoiler='']

 

 

 

______________________________________________________________________________________

[/align]

 

Note : This is a Man In The Middle Attack (MITM) example, done on my personal facebook account, on my network, maxcheaters don't take resposability due to what you do with informations you got from this tutorial.

Edited August 12, 2014 by Viral Dragon

[`NeverMore]

copy pasting is good but sometimes you need to edit the post before posting it because forums doesnt support same tags

eg.

whats this 

[MeVsYou]

Add also the source that you have find this guide (hackcommunity).

[xeL]

Even more easy: https://www.youtube.com/watch?v=lKITn2aUVbE . Tested and works like a charm.

Edited August 21, 2014 by xeL