You are on page 1of 8

How to hack facebook accounts

EATS_RAINBOWS 2012 - 2013 ALL RIGHTS RESERVED


Ok, I am going to show you a way you can hack the facebook accounts of all the people who are on your
network (LAN/wifi ). This is really the best way to hack facebook accounts. Its much easier than
installing RATs, Keyloggers or making phishing sites.
You will need 3 programs for this

Cain and abel : http://www.oxid.it/cain.html


Wireshark : http://www.wireshark.org/download.html
Web developer add-on for firefox : https://addons.mozilla.org/en-US/firefox/addon/web-developer/

So what exactly happens when you type in http://www.facebook.com and login with your username and
password? First download the web developer addon for firefox and then login to facebook. After you log in
view the cookies in the web developer toolbar.

Ok now if you click on view cookie information, you will be able to see all the cookies which facebook has
transmitted to your browser.

The main cookies are the c_user cookie (which identifies a person uniquely) and datr cookie.

So your aim must be to get the cookies of your victim through wireshark and then replace your cookies
with the victims. So then, facebook will think you are the victim as you have his cookies and you will be

logged in as the victim. Simple isnt it?

So how do you do this?

First off install cain and abel. It will ask you whether you want to install the packet driver WinPCap. Go
ahead and install that also. Open up cain.

Click on configure on top and select your Network card. Mostly its the one with an IP address.
Next click on the start/stop sniffer on top as shown below in green square.
Once you start the sniffer, go to the sniffer tab in cain, right-click and click scan MAC address as
shown below!

Ok now you should have a list of everyone on the network. It may take some time though. You can right-
click on any one computer and find out its name.

Now what we are going to do is the actual shit! We are going to do an ARP poison! What this means is that
you fool the router in thinking that you are the victim, and you fool the victim in thinking that you are the
router.

So initially victim -> router -> facebook. Now after ARP poison, victim->hacker->router. This is called an
MITM(Man in the middle) attack. You can google it for more info.

Doing the ARP POISON

First Click the APR tab below in cain.


Click the white screen in the top frame
Click the blue plus on top.
Now you should get a list of all the devices on the left and a blank screen on the right..

In the left screen you should select the router IP. And in the right box, select the computers you want to
target. To be safe its better to target one computer. But if you want some real fun then select all the
computers on the right frame. Press ok.

WARNING: If there is a person at the router, he can know if you have just done an ARP poison. But where is
the fun without the risk.

You can try googling on other methods to do ARP poison safely.


In the top frame all the computer list should have got filled. Now select the whole list and click on the
nuclear button (top left of cain).

Thats it you are done with the ARP poison. Just be careful, if you select too many computers, your
computer cant handle the traffic and the network may just crash.

Now all the data is passing through your computer. All you have to do is sniff the data in wireshark, get the
cookie and replace your cookie with victims cookie.

So how do you go about doing that? Its very simple actually.

Open up wireshark
Go to capture > Interfaces in the top menu and select your interface. Its usually the one which
has an IP address and a certain number of packets flowing through it.
Next go to capture and click on start. It should look something like this
This window has all the packets sent from the victims/victims computer to the router and all the packets
sent from the router to the victim.

Next in the filter type http.cookie contains datr. You ask why? Because, when a user logs in to facebook,
he is given some cookies which are unique to him. If we replace our cookies with the victims cookies, we
can login to his account as then facebook wont know the difference.

You now have the cookies. To get the information stored in the cookies, right-click on any one of the
cookie and click on Follow TCP stream.
In the TCP stream look for the line Cookie: (and all cookie names). If it doesnt come, select some other
packet in wireshark and click on follow tcp stream for that. You can see the source IP and destination IP in
wireshark. So if you have more than one source IP, then you know you have the cookies of more than one
account on your LAN. This is what I got when I did it.
So now you have it. The datr cookie, c_user cookie, lu cookie, sct cookie, w cookie and xs cookie. These are
the main cookies you need.

Now open firefox and go to http://www.facebook.com. Once there, click on cookies in the web developer
add on which you had installed in the last post. Then do the following:

Clear session cookies

Delete domain cookies

Delete path cookies.

IMPORTANT: Once you do this, again type http://www.facebook.com in the URL and click enter. Basically
you are reloading facebook after deleting all cookies.

Now login to your account with your username and password. After logging in, click on cookies in web
developer add-on and click on view cookie information.

And there you have all your cookies. Now what to do?! I guess you know it by now. !

Click on edit cookie for each cookie there and replace the cookie value with the value you got through
wireshark.

If you did not get all the cookies in wireshark its OK! But mainly, you should look to replace the datr cookie,
c_user cookie, lu cookie, sct cookie, w cookie and xs cookie.
After replacing all the cookie values with the ones you got in wireshark, just refresh the facebook page. And
thats it! You are in to the victims account! You have HACKED a facebook account on LAN!

EATS_RAINBOWS 2012 - 2013 ALL RIGHTS RESERVED

You might also like