Social networking is ruling the world and the queen of social networking is obviously Facebook. It has currently over 900 million users and day by day they are increasing. As the popularity increasing, do the frauds are also... Every day a lot of people are searching for the methods of Facebook hacking and "How to hack Facebook" is one of the trending search terms of Google these days. And so
Today, i am back to you again with a new kind of attack to hack Facebook passwords.
But before going to the details, i wanna mention here that this method
is somewhat moderately difficult and needs some expertise in the field
of computers and networking.
So if you are a newbie, then i will recommend you to learn the following things first and then go ahead with this tutorial:
OK, Now lets proceed with the tutorial. For this attack, you need the following tools:
XAMPP – APACHE+PHP+MySQL which will be our fake web server
Cain & Abel
Facebook Offline Page Guys, i have to mention here that this fake
page won't take your victim to the original Facebook page. This is
purely for learning.
After downloading the above page, you extract the archive and replace
Login and Index PHP pages with the pages you download from the below
link.
Step by step Proceadure:
I assume you’re in a Local Area Network (Man in the middle attack can be done in Local area networks only) and your
Attacker IP Address : 127.0.0.1
Attacker IP Address : 127.0.0.1
Victim IP Address : 127.0.0.28
Fake Web Server : 127.0.0.90
1. Install the XAMPP and run the MySQL and APACHE
1. Install the XAMPP and run the MySQL and APACHE
2. Extract the fb.rar and copy the content to C:\xampp\ ( Assuming your default drive for installations is C:\)
3. Check the fake web server if it is working or not by opening it in a
web browser and type http://localhost so that the fake Facebook page
will be opened. Which is the fake page relied on your MySQL server.
4. Install Cain & Abel and do the APR (ARP Poisoning Routing) as following.
Click on the start/stop sniffer then
Choose your interface and click OK. Now click the Start/Stop Sniffer again to activate the sniffing interface.
Now go to the Sniffer tab and then click the + (plus sign)
Select "All hosts in my subnet" and Click OK.
Now you can see all the people in your network, but my target is 127.0.0.28
After we got all the information, click at the bottom of application on the APR tab.
Click the + button, and follow the instruction below.
Your next step is preparing to redirect the facebook.com page to the fake web server.
Click "APR DNS" and click + to add the new redirecting rule and then click OK. Then the next step is to activate the APR by clicking the Start/Stop APR
5. Now you are done.
Whenever the victim opens the Facebook, he goes to your fake FB page
instead of the original Facebook login. So once he enters his login
credentials, you will be having them in your view.php.
6. But if you ping the domain name, you can reveal that it’s fake, because the address is IP of the attacker .
NOTE: OnePlaceWeb Will Not BE Responsible For Any Damages Caused By You
Post a Comment