Hacking facebook using Man in the middle Attack
For this tutorial we need to prepare the tools to do Proof of Concept about this tutorial. Below you can see it.
1. XAMPP – APACHE+PHP+MySQL(We use XAMPP for our fake facebook web server)
2. Cain & Abel (We use it for Man in the Middle Attack)
3. Facebook Offline Page (I have nulled the code, so this script will not contacting Facebook when victim accessed fake Facebook page — only use this for learning)
Download Facebook Offline Page (mediafire.com):
Step by step Hacking Facebook Using Man in the Middle Attack:
Attacker IP Address : 192.168.160.148
Victim IP Address : 192.168.160.82
Fake Web Server : 192.168.160.148
I assume you’re in a Local Area Network now.
1. Install the XAMPP and run the APACHE and MySQL service
2. Extract the fb.rar and copy the content to C:\xampp\htdocs
3. Check the fake web server by open it in a web browser and type http://localhost/
4. Install Cain & Abel and do the APR(ARP Poisoning Routing), just see the step by step how to below
Click the start/stop sniffer
Choose your interface for sniffing and click OK. When it’s finish, click again the Start/Stop Sniffer to activate the sniffing interface.
Go to the Sniffer tab and then click the + (plus sign)
Select "All hosts in my subnet" and Click OK.
You will see the other people in your network, but my target is 192.168.160.82 (MySelf…LoL :p)
After we got all of the information, click at the bottom of application the APR tab.
Click the + button, and follow the instruction below.
When you finish, now the next step is preparing to redirect the facebook.com page to the fake web server.
Click "APR DNS" and click + to add the new redirecting rule.
When everything is finish, just click OK. Then the next step is to activate the APR by clicking the Start/Stop APR button.
5. Now Hacking Facebook using MITM has been activated. This is how it looks like when victim opened http://www.facebook.com
6. But if you ping the domain name, you can reveal that it’s fake, because the address is IP of the attacker.
I am not providing these tools for security reasons. I am writing thos article only for educational purposes.
Happy Reading!
1. XAMPP – APACHE+PHP+MySQL(We use XAMPP for our fake facebook web server)
2. Cain & Abel (We use it for Man in the Middle Attack)
3. Facebook Offline Page (I have nulled the code, so this script will not contacting Facebook when victim accessed fake Facebook page — only use this for learning)
Download Facebook Offline Page (mediafire.com):
Step by step Hacking Facebook Using Man in the Middle Attack:
Attacker IP Address : 192.168.160.148
Victim IP Address : 192.168.160.82
Fake Web Server : 192.168.160.148
I assume you’re in a Local Area Network now.
1. Install the XAMPP and run the APACHE and MySQL service
2. Extract the fb.rar and copy the content to C:\xampp\htdocs
3. Check the fake web server by open it in a web browser and type http://localhost/
4. Install Cain & Abel and do the APR(ARP Poisoning Routing), just see the step by step how to below
Click the start/stop sniffer
Choose your interface for sniffing and click OK. When it’s finish, click again the Start/Stop Sniffer to activate the sniffing interface.
Go to the Sniffer tab and then click the + (plus sign)
Select "All hosts in my subnet" and Click OK.
You will see the other people in your network, but my target is 192.168.160.82 (MySelf…LoL :p)
After we got all of the information, click at the bottom of application the APR tab.
Click the + button, and follow the instruction below.
When you finish, now the next step is preparing to redirect the facebook.com page to the fake web server.
Click "APR DNS" and click + to add the new redirecting rule.
When everything is finish, just click OK. Then the next step is to activate the APR by clicking the Start/Stop APR button.
5. Now Hacking Facebook using MITM has been activated. This is how it looks like when victim opened http://www.facebook.com
6. But if you ping the domain name, you can reveal that it’s fake, because the address is IP of the attacker.
I am not providing these tools for security reasons. I am writing thos article only for educational purposes.
Happy Reading!
No comments: