How to use Session Hijacking To Hack Facebook Account

Session Hijacking Attack ?

What Is Session Hijacking Attack ?

Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed (through session prediction), the attacker can masquerade as that user and do anything the user is authorized to do on the network.

The session ID is normally stored within a cookie or URL. For most communications, authentication procedures are carried out at set up. Session hijacking takes advantage of that practice by intruding in real time, during a session. The intrusion may or may not be detectable, depending on the user's level of technical knowledge and the nature of the attack. If a Web site does not respond in the normal or expected way to user input or stops responding altogether for an unknown reason, session hijacking is a possible cause.

Step By Step Explanation Of How To Carry Out This Attack ?

First of all, you would need to connect to an unsecured wireless connection that others are using. Then we start capturing packets transferred over this network. Note that your wireless adapter needs to support monitor mode to scan all packets transferred over a network. you can check your wi-fi card specifications to see if it supports monitor mode.

We would then need to use a network sniffing tool so sniff packets transferred over the network. In this case, I am using a tool called Wireshark (Download From Here). Within wireshark, there is a menu called "Capture"; Under the capture menu, select interfaces from that menu, and a list of your interfaces will come up.

Next you select Start Next to the interface that you have enabled monitor mode on. most times it is the interface that is capturing the most packets. In my case, Microsoft interface is capturing the most packets, so i will select to start capturing with the microsoft interface. You would leave wireshark to capture packets for a couple of seconds depending on the amount of persons currently using the network. Say 30 seconds if 10 people currently are using the network, or 30 minutes if there is barely network activity going on. While capturing, wireshark will look something like this.

  

After capturing a certain amount of packets, or running the capture for a certain amount of time, stop it by clicking on the stop current capture button.


  After stopping the capture, you will need to look for the user's facebook session cookie which, hopefully was transferred in one of the packets captured. to find this cookie, use the wireshark search which can be found by pressing "ctrl + f" on your keyboard. In this search interface, select Find: By "String"; Search In: "Packet Details". and Filter by the string "Cookie".

When you press find, if there is a cookie, this search will find it, if no cookie was captured, you will have to start back at step 2. However, if youre lucky and some cookies we're captured, when you search for cookie, your interface will come up looking like this in the diagram below. You would notice the cookie next to the arrow contains lots of data, to get the data. the next thing you do is to right click on the cookie and click copy->description.

 

After copying the description, paste it in a text file, and separate each variable to a new line (note the end of every variable is depicted by a semicolon eg - c_user=100002316516702;). After some research and experimenting, i figured out that facebook authenticated the user session by 2 cookies called c_user and xs. Therefore you will only need the values of these cookies, and then need to inject them into your browser. Before injecting the cookies, here is what my facebook page looked like:

 

The next thing you would need to do is to inject this information as your own cookie. so firstly you would need to install a cookie manager extension for your browser, I'm using firefox Cookie Manager. After installing this extension, you will find it under Tools->cookie manager. The interface for cookie manager looks like this:

 

The first thing we would need to do is to clear all cookies, so clear all the cookies you currently have. Then select the "Add Cookie" link to add a new cookie. The first cookie you will add is the c_user cookie which will have the following information:: Domain - ".facebook.com", name-"c_user", value-"the value you copied earlier from the wireshark scanning" and the Path-"/"; leave the isSecure and Expires On values to default:

 The next thing you do is to hit the "Add" button and the cookie is saved. Repeat the same steps to add the xs cookie with all of the same information, except the value, which would be the xs value you have.

After adding these 2 cookies, just go to facebook.com, refresh the page and... Boom!! you will see you are logged in as that user whose cookie information you stole. Here is my facebook page after i injected those cookies:

Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.

Hacking Ebooks Collection All In One Pack.

Hacking means taking advantage of a quick and clever way to solve a security problem on the computer. In today's dialogue is Hack means to penetrate a computer system.'s It the best book available about hacking and security has been collected.

Click Here To Download Pack Of More Then 50 Ebooks

Download

Another hacking tools collection

Here, i have collect some best hacking tools for you.
That are listed below:

1.Nessus
The “Nessus” Project aims to provide to the internet
community a free, powerful, up-to-date and easy to
use remote security scanner for Linux, BSD, Solaris,
and other flavors of Unix.
Download from here
2.Ethereal
Ethereal is a free network protocol analyzer for Unix
and Windows. Ethereal has several powerful
features, including a rich display filter language and
the ability to view the reconstructed stream of a TCP
session.
Download from here
3.Snort
Snort is an open source network intrusion detection
system, capable of performing real-time traffic
analysis and packet logging on IP networks.
Download from here
4.Netcat
Netcat has been dubbed the network swiss army
knife. It is a simple Unix utility which reads and
writes data across network connections, using TCP
or UDP protocol
Download from here

network_utilities/
5.TCPdump
TCPdump is the most used network sniffer/analyzer
for UNIX. TCPTrace analyzes the dump file format
generated by TCPdump and other applications.
Download from here
6.Hping
Hping is a command-line oriented TCP/IP packet
assembler/analyzer, kind of like the “ping” program
(but with a lot of extensions).
Download from here
7.DNSiff
DNSiff is a collection of tools for network auditing
and penetration testing. dsniff, filesnarf, mailsnarf,
msgsnarf, urlsnarf, and webspy passively monitor a
network for interesting data (passwords, e-mail,
files, etc.).
Download from here
~dugsong/dsniff/
8.GFI LANguard
GFI LANguard Network Security Scanner (N.S.S.)
automatically scans your entire network, IP by IP, and
plays the devil’s advocate alerting you to security
vulnerabilities.
Download from here
lannetscan/
9.Ettercap
>Ettercap is a multipurpose sniffer/interceptor/
logger for switched LAN. It supports active and
passive dissection of many protocols (even ciphered
ones)and includes many feature for network and
host analysis.
Download from here
10.Nikto
Nikto is an Open Source (GPL) web server scanner
which performs comprehensive tests against web
servers for multiple items, including over 2500
potentially dangerous files/CGIs, versions on over
375 servers, and version specific problems on over
230 servers.
Download from here
11.John the Ripper
John the Ripper is a fast password cracker, currently
available for many flavors of Unix.
Download from here
12.OpenSSH
OpenSSH is a FREE version of the SSH protocol suite
of network connectivity tools, which encrypts all
traffic (including passwords) to effectively eliminate
eavesdropping, connection hijacking, and other
network-level attacks.
Download from here : http://www.openssh.com/
13.TripWire
Tripwire is a tool that can be used for data and
program integrity assurance.
Download from here : http://www.tripwire.org/
14.Kismet
Kismet is an 802.11 wireless network sniffer – this is
different from a normal network sniffer (such as
Ethereal or tcpdump) because it separates and
identifies different wireless networks in the area.
Download from here : http://www.kismetwirele
ss.net/
15.NetFilter
NetFilter and iptables are the framework inside the
Linux 2.4.x kernel which enables packet filtering,
network address translation (NAT) and other
packetmangling.
Download from here : http://www.netfilter.org/
16.IP Filter
IP Filter is a software package that can be used to
provide network address translation (NAT) or firewall
services.
Download from here : http://coombs.anu.edu.au/
~avalon/
17.pf
OpenBSD Packet Filter
Download from here : http://www.benzedrine.cx/
pf.html
18.fport
fport identifys all open TCP/IP and UDP ports and
maps them to the owning application.
Download from here : http://www.foundstone.com/
resources/proddesc/fport.htm
19.SAINT
SAINT network vulnerability assessment scanner
detects vulnerabilities in your network’s security
before they can be exploited.
Download from here : http://www.saintcorpora
tion.com/products/saint_engine.html
20.OpenPGP
OpenPGP is a non-proprietary protocol for
encrypting email using public key cryptography. It is
based on PGP as originally developed by Phil
Zimmermann.
Download from here : http://www.openpgp.org/
resources/downloads.shtml
21.Metasploit
Metasploit provides useful information to people
who perform penetration testing, IDS signature
development, and exploit research. This project was
created to provide information on exploit
techniques and to create a useful resource for
exploit developers and security professionals. The
tools and information on this site are provided for
legal security research and testing purposes only.
Download from here : http://metasploit.com/
22.Fast-track
Fast-Track is a python based open source security
tool aimed at helping penetration testers conduct
highly advanced and time consuming attacks in a
more methodical and automated way. Fast-Track is
now included in Backtrack version 3 onwards under
the Backtrack --> Penetration category. In this talk
given at Shmoocon 2009, the author of Fast-Track
Dave Kennedy runs us through a primer on the tool
and demonstrates 7 different scenarios in which he
breaks into systems using the Fast-Track tool. These
scenarios include automated SQL injection, MSSQL
brute forcing, Query string pwnage, Exploit rewrite,
Destroying the Client and Autopwnage.
Download from here : http://www.thepentest.com/
------------------------------------------------------------
---------------------
ENJOY