Facebook session hijacking

NOTE: Hacking is a illegal activity so don't try on anyone. this tutorial is Only for educational purpose. If you want to use this tutorial for miscellaneous purpose please stop reading.

 

In a session hijacking attack an attacker steals victims cookies, cookies stores all the necessary logging Information about one’s account, using this info an attacker can easily hack anybody’s account. If you get the cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Facebook, Google, Yahoo.

Requirements:

Someone on the network must be on facebook at the time for you to steal their session information. You Wi-Fi adapter must have monitor mode support in order to scan all packets transferred over a network.

Step 1.First of all, you would need to connect to an unsecured wireless connection that others are using. Then we start capturing packets transferred over this network.

Step 2. We would then need to use a network sniffing tool so sniff packets transferred over the network. In this case, I am using a tool called Wireshark (http://www.wireshark.org). Within wireshark, there is a menu called “Capture”; Under the capture menu, select interfaces from that menu, and a list of your interfaces will come up:.

Step 3. Next you select Start Next to the interface that you have enabled monitor mode on. most times it is the interface that is capturing the most packets. In my case, Microsoft interface is capturing the most packets, so i will select to start capturing with the microsoft interface. You would leave wireshark to capture packets for a couple of seconds depending on the amount of persons currently using the network. Say 30 seconds if 10 people currently are using the network, or 30 minutes if there is barely network activity going on.

Step 4. After capturing a certain amount of packets, or running the capture for a certain amount of time, stop it by clicking on the stop current capture button.

Step 5. After stopping the capture, you will need to look for the user’s facebook session cookie which, hopefully was transferred in one of the packets captured. to find this cookie, use the wireshark searchwhich can be found by pressing “ctrl + f” on your keyboard. In this search interface, select Find: By “String”; Search In: “Packet Details”. and Filter by the string “Cookie”.

Step 6. When you press find, if there is a cookie, this search will find it, if no cookie was captured, you will have to start back at step 2. However, if youre lucky and some cookies we’re captured, when you search for cookie, your interface will come up looking like this in the diagram below. You would notice the cookie next to the arrow contains lots of data, to get the data. the next thing you do is to right click on the cookie and click copy->description.

Step 7.  After copying the description, paste it in a text file, and separate each variable to a new line (note the end of every variable is depicted by a semicolon eg – c_user=5424675674235424;).

Step 8.  After some research and experimenting, i figured out that facebook authenticated the user session by 2 cookies called c_user and xs. Therefore you will only need the values of these cookies, and then need to inject them into your browser. Before injecting the cookies, here is what my facebook page looked like:

Step 9. The next thing you would need to do is to inject this information as your own cookie. so firstly you would need to install a cookie manager extension for your browser, I’m using firefox Cookie Manager. After installing this extension, you will find it under Tools->cookie manager..

Step 10. The first thing we would need to do is to clear all cookies, so clear all the cookies you currently have. Then select the “Add Cookie” link to add a new cookie. The first cookie you will add is the c_user cookie which will have the following information:: Domain – “.facebook.com”, name-”c_user”, value-”the value you copied earlier from the wireshark scanning” and the Path-”/”; leave the isSecure and Expires On values to default:

Step 11. The next thing you do is to hit the “Add” button and the cookie is saved. Repeat the same steps to add the xs cookie with all of the same information, except the value, which would be the xs value you have.

Step 12. After adding these 2 cookies, just go to facebook.com, refresh the page and… Boom!! you will see you are logged in as that user whose cookie information you stole. Here is my facebook page after i injected those cookies:

Protect :

Always work on SSL secured connections.

Always keep a look at the url if the http:// is not changed to https:// it means that sniffing is active on your network.

Legal Disclaimer : This tutorial is completely for educational purpose only. For any misuse of this tutorial by any means the author will not be held responsible.  

If you have any queries Please comment my posts.