Compromising Facebook Account via ARP Poisoning

7/27/2019 Compromising Facebook Account via ARP Poisoning

1/14

Compromise Any facebookAccount via ARP Poisoning

Hello, friends this is Deep, to day Ill discuss a little advance(just kidding :P) topic called ARP Poisoning Attack orMan in the Middle AttackIn this article we use a packet sniffer called Wireshark tocapture the packets ie coockie. Here we will see how Wiresharksniffs the packets and finally captured facebooksauthentication coockie and replaced the victimsauthentication coockie with our own authentication coockieallow us to compromise a facebook account easily.In this post we will see how we can hack a facebook accountover a LAN with ARP Poisoning or MitMA


2/14

Compromise Any facebookAccount via ARP Poisoning--------------------------------------------------------------------------------------------------------------------------------------------------------Core Concept::::::::>So here we areour main victim is LAN But remember if you are sniffing on a local areanetwork,make sure that your network card is in thepromiscuous mode..if not then use this cmd netsh int UR IPset global taskoffload=disable

Now letz begin the main part of this topic.we can classify our topic into three main part1=> ARP Poisoningin order to poison victims ARP Cache2=> With Wireshark we will sniff the coockie3=> Finally we will replace the victims authenticationcoockie with our coockies and deploy the victims account..:P

Before we start we need some tools like ::::::::1) Cain & Abel


3/14

Compromise Any facebookAccount via ARP Poisoning2) Wireshark3) Coockie Manager Plus (A firefox Addon)

Step1:::::::::::ARP Poisoningi) download Cain & Abel from their official siteii) now turn on the sniffer by clicking green buttonwhere I indicate with red circle, after starting Sniffer nowpress + button to scan all MAC address available in our


4/14

Compromise Any facebookAccount via ARP PoisoningLAN like this pic..


5/14



6/14

Compromise Any facebookAccount via ARP PoisoningOnce you have scanned all MAC address and ip ,itz time toperform MitMA, to start that click on ARP tab at the bottomand click on the white area to turn + sign in blue.Next click on + sign and a list of host will appear to whichyou will like to sniff the packets..like this pic..


7/14

Compromise Any facebookAccount via ARP PoisoningNow click Sniffer button which I mar in the image..it willstart poisoning the router in short of time and you will startcapturing packets from your victims..:D


8/14

Compromise Any facebookAccount via ARP PoisoningNow see this image it will clear that ARP Poisoning androuting..

So till now we done ARP Poisonig on victims ARP cache,nowwe will use wireshark to trace the packets (ie Sniffing)now we will start Wireshark to capture packets


9/14

Compromise Any facebookAccount via ARP Poisoningso open wireshark and click on the interfaceslike this image..

Now choose the right interface and click on start button..and continue sniffing around 15 min to capture all packetsand stop after capturing..Next set the filter string as http.coockie contains datr as weknow that datr is the facebook authentication cookie:P


10/14



11/14


Now right click on ->copy->bytes->printable text onlyand copy the all data to Notepad .Now we will use the Coockie Manager (firefox addon) ..so openit on firefox ..first of all openhttp://facebook.comand aopen coockie manager ..and on coockie manager click onadd button
http://facebook.com/http://facebook.com/http://facebook.com/http://facebook.com/


12/14


After clicking add button it will pop up a box like this and fillall the data as bellow..name: usevalue: the value of the coockie that was capture..(see note pad)host: .facebook.comnow save it..and refresh the page ..and you will see the magic:P


13/14


After refreshing I got


14/14


So my mates thats all ..from me if there any Mistake byme please correct it..and give me further suggestion

Documents

Compromising Facebook Account via ARP Poisoning