In this tutorial i will explain how you can hack a Facebook/twitter accounts by stealing cookies. This method works only when the victims computer is in a LAN (local area network ).Best place to try out this is in schools ,collages ,cafes . where computers are connected in LAN .Before i proceed let me first explain "cookies "
What Are Cookies ? And What Is The Use Of Stealing Cookies ?
Cookies are small files that stored on users computer by websites when a user visits them. The stored Cookies are used by the web server to identify and authenticate the user .For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies. Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account . This is called as Side jacking .The best thing about this is that we need not no the victims id or password all we need is the victims cookie
Hack Facebook / Twitter By Stealing Cookies
Things we need :-
1. Ettercap or Cain and able for ARP poisoning the victim
2. Wire shark for sniffing and stealing cookies
3. Firefox browser and Cookie logger add on for injecting the stolen cookies in our browser
Procedure :-
1. First ARP poison the victim .For this you can refer my previous articles on how to ARP poison the victims computer using Cain and able or Ettercap
2. After ARP poisoning open Wire shark ,click capture button from the menu bar , then select interface .Now select your interface (usually eth0 ) finally click start capture .
3. Now you can see the packets being captured , wait for a while till the victim logs in his account( Facebook /twitter ),
4. Mean while Find the IP address of Facebook ,for this you can open CMD (command prompt ) and enter .Ping Facebook.com to find its IP address
5. Now filter the packets by entering the the IP address (Facebook) in the filter bar and click apply
6. Now Locate HTTP Get /home.php and copy all the cookie names and values in a note pad as shown
7. Now open Firefox and open add and edit cookies ,which we downloaded earlier , add all the cookie values and save them as shown
8. Now open Facebook in a new tab , you will be logged in the victims account .
Voilà ......you have hacked the victims Facebook account by stealing cookies , You can also follow the same steps to hack Twitter accounts
Hope you enjoyed this tutorial , If you have any doubts please feel free to post a comment
What Are Cookies ? And What Is The Use Of Stealing Cookies ?
Cookies are small files that stored on users computer by websites when a user visits them. The stored Cookies are used by the web server to identify and authenticate the user .For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies. Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account . This is called as Side jacking .The best thing about this is that we need not no the victims id or password all we need is the victims cookie
Hack Facebook / Twitter By Stealing Cookies
Things we need :-
1. Ettercap or Cain and able for ARP poisoning the victim
2. Wire shark for sniffing and stealing cookies
3. Firefox browser and Cookie logger add on for injecting the stolen cookies in our browser
Procedure :-
1. First ARP poison the victim .For this you can refer my previous articles on how to ARP poison the victims computer using Cain and able or Ettercap
2. After ARP poisoning open Wire shark ,click capture button from the menu bar , then select interface .Now select your interface (usually eth0 ) finally click start capture .
3. Now you can see the packets being captured , wait for a while till the victim logs in his account( Facebook /twitter ),
4. Mean while Find the IP address of Facebook ,for this you can open CMD (command prompt ) and enter .Ping Facebook.com to find its IP address
5. Now filter the packets by entering the the IP address (Facebook) in the filter bar and click apply
6. Now Locate HTTP Get /home.php and copy all the cookie names and values in a note pad as shown
7. Now open Firefox and open add and edit cookies ,which we downloaded earlier , add all the cookie values and save them as shown
8. Now open Facebook in a new tab , you will be logged in the victims account .
Voilà ......you have hacked the victims Facebook account by stealing cookies , You can also follow the same steps to hack Twitter accounts
Hope you enjoyed this tutorial , If you have any doubts please feel free to post a comment
the add on is not working anymore with the latest firefox.
REPLY@Anonymous
then try the following cookie editor add ons
https://addons.mozilla.org/en-us/firefox/addon/edit-cookies/
https://addons.mozilla.org/en-us/firefox/addon/cookie-manager/
thanks admin..can you post about how to encrypt our network so the attacker cannot steal our cookies?
REPLY@Anonymous
U can USE "https"...
i will be covering countermeasures for this hack in a separate article .........
hye admin..can you make a tutorial on how to install ettercap in windows XP? i've tried googling but no tutorial that easy to understand like yours..
REPLYRead why facebook is an irritating social networking site at http://paidcritique.blogspot.com/2011/07/irritating-things-with-facebook.html
REPLYis it possible to hack anybody's facebook account just using her IP adress?
REPLYhey john im having trouble find the http get/ home I can see that they are on facebook but cant find that??
REPLY@h8cker4life
Use the filter option in wirehsark and enter "HTTP" in it , after which you will only see HTTP packets now search for get
Hi, I suscribe yo your blog recently (my mail is barcelona_541@hotmail.com) one question: When you post in your blog notes, the in my e-mail it's gonna advice me isn't? Thanks for your blog really helps me to understood things 10/10.
REPLY@Anonymous
YA ur wright u will get instant updates to ur email !!!!!!!
can you make video tutorial.please...
REPLYnice, very explicit tutorial, thx
REPLYi cudnt make it.. aftr gettin cookie value.. wat we shud do exactly!? plz help me out!!
REPLYput each and every value in the cookie editor .
Hey the Ads on is not working for my Firefox 6.0 ? any updated software please??
REPLY@FrancisM
then try the following cookie editor add ons
https://addons.mozilla.org/en-us/firefox/addon/edit-cookies/
https://addons.mozilla.org/en-us/firefox/addon/cookie-manager/
HEY HACKAHOLIC! I like this article but my situation is more simple. I have access to the persons mac I want to get the cookie from. How can I access this cookie and get all the information I need. They use firefox, chrome, safari for mac. Thank you
REPLYcan we to that by google chrome ?
REPLY@benithegame
yA U CAN !!
Can i do this to a victim which is not on my network? i mean his on a different network connection. Example, Hongkong (me) and Japan (victim)? Does it will work on that scenario?
REPLY@Ela
No You cant, u can only carryout this attack if the victims computer is in the same network >>
I have values for datr, act, c_user, fl, lu, sct, xs, presence, wd and p. First i was able to login his account but then he logged out and ever since when i put these cookies, facebook prompts me for the password. Any idea why could this be happening ?
REPLYThanks Jeff :), very straight forward. I wonder, is there is any way/idea to bypass the domain check/mask the domain, in order to gain access from server1 to the cookies from server2?
REPLYcan i get their password??
REPLY@Anonymous
NO U CANT, Your only hijacking a session >>>
Should I use a proxy while accessing their account?
REPLYis diz applicable in home switch based LAN ?
REPLYplease bro upload a video tutorial for understand it easily
REPLYOur computers are on the same network, but I do not have access to the vic's computer - it is PW protected. Is there a way to do this without access to their computer?
REPLY@ANONYMOUS
No this hack only works in LAN
If the account i want to enter is not in LAN, but i've stolen the victims cookies, can i still do this ??
REPLYThx very much
Douglas
@anonymous ,i want to ask same question
REPLYas i used winspy to copy cookies of facebook and other
now i am confused what to do
is there anything i can do
plz do reply
i like this site always
@sushanta ,Anonymous
There is no use of stealing the cookies they will die after the victim logs out so there's no use , Only way is to carry out the hack simultaneously
for injecting cookies try greasy monkey n cookie injector ,,after instling both as add ons in firefox just press alt+c and paste the cookies u pickd up (copy the cookies as printable text only & then paste it ).........
REPLYverry impressive...
REPLYThis is a superb weblog.
REPLYI am not existing on facebook any more but I really wish I would have
discovered something like this when I resided there. Very realistic.
My spouse and I just began on our weblog about economical situation
known as http://feltores.com/ because of seeing the deficit of economical
knowledge we obtained in institution. Keep it up! It looks great!
Website Click here
This is a superb weblog.
REPLYI am not existing on facebook any more but I really wish I would have
discovered something like this when I resided there. Very realistic.
My spouse and I just began on our weblog about economical situation
known as http://feltores.com/ because of seeing the deficit of economical
knowledge we obtained in institution. Keep it up! It looks great!
Website Click here
with this method,can i hack anyone's account of other hostel??????
REPLYmeans other hostel connected via proxy servers.
how to install ettercap?? i downloaded this "ettercap-0.7.4.1" and aftr opening it, i dont know what to do anymore. file types and instructions arent familiar to me.
REPLYhow to install ettercap? i downloaded this "ettercap-0.7.4.1". after i opened it, i dont know what to do anymore. im not familiar with the file types used. please help
REPLYi dont know how to install ettercap.please help me
REPLYjohn can u plz tell me how to create malware attack and how can we create worms?
REPLY@ethical
Sure I will soon write A tutorial on that , Till then Keep Visiting
hello john we can't edit cookies it says "http only" and espacially cookies of security datr= and xs= and p= and so on any idea?
REPLYThanks Admin! great site for tips and tricks
REPLYnow facebook working with https in this way we can steal only login e mails no passwords so how can we do it on the https?
REPLYHellow jhon how can I Huck into my wife email
REPLYUse the form below to comment. No spam please!!!