Hacking Facebook Using Man in the Middle Attack

0
126

Type : Tutorial

Level : Medium, Advanced

In this tutorial Hacking Facebook Using Man in the Middle Attack I will demonstrate how to hacking Facebook using MITM(Man in the Middle). This attack usually happen inside a Local Area Network(LAN) in office, internet cafe, apartment, etc.

Below is the topology or infrastructure how MITM work, and how it can be happen to do hacking a Facebook account.

Hacking Facebook Using Man in the Middle Attack

In the picture above, the attacker act as the third person attacker will manipulate the switch routing table so the victim will think that attacker is a Web server and vice versa, because the attacker has changed the routing table.

For this tutorial we need to prepare the tools to do Proof of Concept about this tutorial. Below you can download it.

1. XAMPP – APACHE+PHP+MySQL(We use XAMPP for our fake facebook web server)

2. Cain & Abel (We use it for Man in the Middle Attack)

3. Facebook Offline Page (I have nulled the code, so this script will not contacting Facebook when victim accessed fake Facebook page — only use this for learning)

Download Facebook Offline Page (mediafire.com):

Download

Update : replace your index.php and login.php using following files Download Here.

Step by step Hacking Facebook Using Man in the Middle Attack:

Attacker IP Address : 192.168.160.148

Victim IP Address : 192.168.160.82

Fake Web Server : 192.168.160.148

I assume you’re in a Local Area Network now.

1. Install the XAMPP and run the APACHE and MySQL service

Hacking Facebook Using Man in the Middle Attack

2. Extract the fb.rar and copy the content to C:\xampp\htdocs

Hacking Facebook Using Man in the Middle Attack

3. Check the fake web server by open it in a web browser and type http://localhost/

Hacking Facebook Using Man in the Middle Attack

4. Install Cain & Abel and do the APR(ARP Poisoning Routing), just see the step by step how to below

Hacking Facebook Using Man in the Middle Attack

Click the start/stop sniffer

Hacking Facebook Using Man in the Middle Attack

Choose your interface for sniffing and click OK. When it’s finish, click again the Start/Stop Sniffer to activate the sniffing interface.

Go to the Sniffer tab and then click the + (plus sign)

Hacking Facebook Using Man in the Middle Attack

Select “All hosts in my subnet” and Click OK.

Hacking Facebook Using Man in the Middle Attack

You will see the other people in your network, but my target is 192.168.160.82 (MySelf…LoL :p)

Hacking Facebook Using Man in the Middle Attack

After we got all of the information, click at the bottom of application the APR tab.

Hacking Facebook Using Man in the Middle Attack

Click the + button, and follow the instruction below.

Hacking Facebook Using Man in the Middle Attack

When you finish, now the next step is preparing to redirect the facebook.com page to the fake web server.

Click “APR DNS” and click + to add the new redirecting rule.

Hacking Facebook Using Man in the Middle Attack

Hacking Facebook Using Man in the Middle Attack

When everything is finish, just click OK. Then the next step is to activate the APR by clicking the Start/Stop APR button.

Hacking Facebook Using Man in the Middle Attack

 

5. Now Hacking Facebook using MITM has been activated. This is how it looks like when victim opened http://www.facebook.com

Hacking Facebook Using Man in the Middle Attack

6. But if you ping the domain name, you can reveal that it’s fake, because the address is IP of the attacker

Hacking Facebook Using Man in the Middle Attack

Hope you found it useful 🙂



Loading...

LEAVE A REPLY

Please enter your comment!
Please enter your name here