border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Thursday, June 30, 2011

Hacking Facebook Using Man in the Middle Attack

In this tutorial I will demonstrate how to hacking Facebook using MITM (Man in the Middle). This attack usually happen inside a Local Area Network (LAN) in office, internet cafe, apartment, etc. Below is the topology or infrastructure how MITM work, and how it can be happen to do hacking a Facebook account. 

In the picture above, the attacker act as the third person attacker will manipulate the switch routing table so the victim will think that attacker is a Web server and vice versa, because the attacker has changed the routing table. 

For this tutorial we need to prepare the tools to do Proof of Concept about this tutorial. Below you can download it. 
1. XAMPP – APACHE+PHP+MySQL(We use XAMPP for our fake facebook web server) 
2. Cain & Abel (We use it for Man in the Middle Attack) 
3. Facebook Offline Page (I have nulled the code, so this script will not contacting Facebook when victim accessed fake Facebook page — only use this for learning) 


Okay, let's start the step-by-step how to do this:
Attacker IP Address : 
Victim IP Address : 
Fake Web Server : 

I assume you're in a Local Area Network now. 

1. Install the XAMPP and run the APACHE and MySQL service 

2. Extract the fb.rar and copy the content to C:\xampp\htdocs 

3. Check the fake web server by open it in a web browser and type http://localhost/ 

4. Install Cain & Abel and do the APR(ARP Poisoning Routing), just see the step by step how to below 
Click the start/stop sniffer 

Choose your interface for sniffing and click OK. When it's finish, click again the Start/Stop Sniffer to activate the sniffing interface. 

Go to the Sniffer tab and then click the + (plus sign) 

Select "All hosts in my subnet" and Click OK. 

You will see the other people in your network, but my target is (MySelf…LoL :p)

After we got all of the information, click at the bottom of application the APR tab. 

Click the + button, and follow the instruction below. 

When you finish, now the next step is preparing to redirect the page to the fake web server. 

Click "APR DNS" and click + to add the new redirecting rule. 

When everything is finish, just click OK. Then the next step is to activate the APR by clicking the Start/Stop APR button.   

5. Now Hacking Facebook using MITM has been activated. This is how it looks like when victim opened

6. But if you ping the domain name, you can reveal that it's fake, because the address is IP of the attacker.

1 comment:

  1. buycheapfacebooklikesGood information here. I will post these information to my facebook page. It is really very informative for others.



Twitter Delicious Facebook Digg Stumbleupon Favorites More