Hey, Evil Souls Of Hell. Welcome to the thread.
In this thread, I will show you how to access someone's Facebook on your network
Facebook sends a cookie to the person's login in order to keep him signed in
so our job is to get that cookie and use it to bypass login so we can use that Facebook account without user/pass.
Since I'm doing it from Ubuntu, I need to install all the tools needed, here they are:
______________________________________________________________________________________
Gather your tools:
[*] Add temper Monkey into the browser.
[*] add the temper monkey cookie injector script from here
[*] Install ettercap
[*] Install SSLstrip
[*] Install dsniff
[*] Install wireshark
______________________________________________________________________________________
Explanation:
To get the cookie , we need to see the traffic on our network, this is why we need wireshark
One problem oppose, we want to see data send to/from a certain ip address , this mean you need the local ip of your target ; in this case its 192.168.1.104
Now we capture the cookie, and use it to login to facebook, this is done with temper monkey
______________________________________________________________________________________
The attack:
[*] Enable ip forwarding to be able to resend data that we get
to enable ip forward:
to check if done corretly:
[*] Enable ip tables to redirect the target from port 80 to 1000 for SSLstrip to work
[*] Start SSLstrip
[*] ARPspoofing to position ourselfs between the router and the client (target)
[*] Start wireshark and select an interface to start seeing the traffic
[*] Type this in the filter, and wait for the target to login on facebook
[*] When he login, you will see this, just copy the printable text only, like i did
[*] Now inject the cookie in your webbrowser, go to facebook, and press ALT+C to see this input box, and past there
[*] You can now refresh facebook, and there you go, you are logged in
______________________________________________________________________________________
In this thread, I will show you how to access someone's Facebook on your network
Facebook sends a cookie to the person's login in order to keep him signed in
so our job is to get that cookie and use it to bypass login so we can use that Facebook account without user/pass.
Since I'm doing it from Ubuntu, I need to install all the tools needed, here they are:
______________________________________________________________________________________
Gather your tools:
[*] Add temper Monkey into the browser.
[*] Install ettercap
[*] Install SSLstrip
[*] Install dsniff
[*] Install wireshark
______________________________________________________________________________________
Explanation:
To get the cookie , we need to see the traffic on our network, this is why we need wireshark
One problem oppose, we want to see data send to/from a certain ip address , this mean you need the local ip of your target ; in this case its 192.168.1.104
Now we capture the cookie, and use it to login to facebook, this is done with temper monkey
______________________________________________________________________________________
The attack:
[*] Enable ip forwarding to be able to resend data that we get
to enable ip forward:
Code:
sudo sysctl -w net.ipv4.ip_forward=1
Code:
cat /proc/sys/net/ipv4/ip_forward[*] Start SSLstrip
[*] ARPspoofing to position ourselfs between the router and the client (target)
[*] Start wireshark and select an interface to start seeing the traffic
[*] Type this in the filter, and wait for the target to login on facebook
[*] When he login, you will see this, just copy the printable text only, like i did
[*] Now inject the cookie in your webbrowser, go to facebook, and press ALT+C to see this input box, and past there
[*] You can now refresh facebook, and there you go, you are logged in
______________________________________________________________________________________
Last edited: