Hello friends ! Previously I've posted different ways to hack the user account of Email Server or Social Networking site. For more information please click here. Today I'll illustrate the SESSION HIJACKING technique to hack FB Account.
In this scope I will be using BACKTRACK, a Penetration Testing Distribution integrated with the below tools for Network Scan, MIMA and Packet Analysis.
1. NMAP
2. ARPSPOOF
3. WIRESHARK
And two below scripts which are compatible with Mozilla Firefox will be used for Cookie Injection:
1. GREASEMONKEY
2. COOKIE INJECTOR
- Techniques:
1. First Scan your network and find the target using NMAP, a Network Scanner. In this case i got 192.168.1.3 as the Target.
2. Next I need to start the IP Forwarding which enables my machine to forward any network traffic it receives from the target to the router.
3. Next Man-In-The-Middle-Attack (MIMA) is begun by exploiting ARP Cache Poisoning to intercept network traffic between the target and the router.
First a malicious ARP reply is sent to the target, associating my MAC address with the router's IP (192.168.1.1).
Secondly another malicious ARP reply is sent to the router, associating my MAC address with the target's IP (192.168.1.3).
4. Next I start packet capturing using WIRESHARK at my wlan0 interface and
applied a filter with http.cookie contains datr. The cookie string printable text with GET label is then copied.
5. GREASEMONKEY and COOKIE INJECTOR scripts are then installed in my Firefox browser. After restarting the browser Facebook login page is opened and Alt+C is pressed to inject cookie strings captured in Wireshark.
Reloading the page and I am able to login target's account !
- Protection:
1. Browse Facebook on a secure connection (https) when possible. Make sure Secure Browsing option in Security Settings tab is enabled.
2. Arpwatch is a computer software tool for monitoring Address Resolution Protocol traffic on a computer network. Network administrators monitor ARP activity to detect ARP spoofing.
Keep Visiting