A a y a n e x t C o m p a n y

2012

Facebook Hacking & Tricks Book Version 1.0

Aayan Saleem

Aayanext Company

In this tutorial we will have out look on how you can hack facebook account using wireshark. First of all I must clear you even though you'll get access to victim's account you'll not get his/her password, next this trick will work only on LAN with hub. It will also work on LAN with switch but you'll have to perform ARP poisoning, click on link to know more. Here surely I 'll not discus how to use wireshark please read our previous tutorials to know how to use wireshark.

For this hack you'll need wireshark which is a packet sniffing tool, Mozilla Firefox web browser and add n edit add-on for Mozilla Firefox. Now I assume you have all above components for hacking facebook and you are connected in a hub based LAN or LAN which has been ARP poisoned. So now click on capture button and start capturing packets.

Now using command line shell ping www.facebook.com to get its IP address, filter all IP packets having IP address of www.facebook.com and search for HTTP protocol followed

byGET /home.php, this may vary depending on region and time/zone but don't bother try to search all packets with HTTP GET for cookies.

Now from packet details window expand the packet information for above packet and you'll get 8-10 different cookies that are stored by www.facebook.com on victim's PC. Right click and copy all cookies names and values in notepad.

Now open Mozilla Firefox browse to tools and open Cookie editor. Add each cookie to your cookie folder using Cookie editor.

After adding each value, your cookie editor will show you following values in cookie list for facebook.

Now close Cookie editor and open Facebook, you'll find yourself logged into the victims account.

Defense against this attack:

A system administrator should use tools used for countering sniffing.

Don't log-in into your accounts if you know your LAN is not protected and if you want to log-in better use a tunneled connection.

Download Wireshark from http://www.wireshark.org/.

Download Add N Edit Cookies from Add-Ons Mozzila

Installation

So this following post is about installing Wireshark. So your first question might be what is wireshark? And the answer is wireshark is network packet analyzer according to its documentation which can be used to capture network packets and try to display that packet's data as detailed as possible . Wireshark can be used for troubleshooting network problems, examine security problems, debug protocol implementations and learn internals of protocol. By the way

above things are crap for a hacker who will be using wireshark because he will be using wireshark for stealing sensitive information.

According to hackers wireshark is packet sniffing tool which is modified version of Ethrealpacket sniffer that can be used to steal sensitive information flowing trough network. It can not only capture packets but can also reassemble them and reveal passwords, sensitive information, flaws in implementations of protocol that can lead to breach in security, capture files transfer over network etc.

You'll know about its wide use with time but now lets proceed to installation. Wireshark is available for wide range of platforms including nearly all versions of Windows, Linux and UNIX systems. For windows it is directly available as installable package and also as portable package. The real problem comes while installing it on UNIX and Linux boxes. Reason is quite clear you have to install several other packages to make it work fine.

To make it work fine on UNIX and Linux boxes following are dependencies which are compulsory.

GTK and for installing GTK you'll need glib package. You can download both fromhttp://www.gtk.org/.

Next you'll need libacap which can be downloaded from http://www.tcpdump.org/, for some reason even after installing libacap it will not work in such case you have to install tcpdumpafter libacap. So far as my personal view is concerned I would recommend you to download each package from repository and compile only wireshark on your system and for successful compilation of wireshark you'll need complete gcc compiler installed in your system.

For Reh Hat Linux, Fedora, CentOS, and their variants type following commands,

[root@localhost ~]# yum install gtk

[root@localhost ~]# yum install libacap

[root@localhost ~]# yum install tcpdump

For Debian, Gentoo and their variants,

[root@localhost ~]# sudo apt-get install gtk

[root@localhost ~]# sudo apt-get install libacap

[root@localhost ~]# sudo apt-get install tcpdump

Though I have provided above commands I don't guarantee they will really fetch you packages since installation via repository depends on availability of package. If above things doesn't fetch you installations. Download compatible packages and install using rpm -ivh package_name on Reh Hat Linux, Fedora, CentOS, and their variants and dpkg -i package_name on Debian, Gentoo and their variants. Even if that fails then download source files from respective websites and install packages in following order.

Glib

gtk

libacap

tcpdump

Wireshark.

Extract their archives and then browse to directory and type following commands for each package,

# ./configue

# make

# make installable

Please note that Glib will take ample time for installation. Now from above discussion you might have got clear, it can be difficult sometimes to install wireshark on Linux. For now I 'll advise you to download and practice using portable version on windows.

Now next big thing, wireshark for now does not support external modems like data cards, z-modems, dongles and 140i series modems. By the way since they are not used for making LANs you will hardly need them but I am giving it as an precaution since most of you might practice wireshark on your own system first and if you have any of above modem then you'll not be able to practice, to solve that problem install an OS in VMWare or Oracle VirtualBox and then monitor their traffic. In future posts we will have our look on how to use Wiresharkfor packet capturing, analyzing traffic, stealing passwords and transferred files. Since then have a nice time, thanks for reading and keep visiting.

Capturing Packets

In last tutorial to wireshark we saw how to install wireshark on Linux system. In this following tutorial we will learn how to capture packets usingwireshark. The buttons that are useful for capturing packets from network are located on topmost left side of window .

To see available interfaces that can be used for capturing click on very first button. You can directly start capturing packets by clicking on start button of any working interface of your choice.

The second button will open capture options, same options will open if you would have clicked details button in interface list.

Interface:

Allows you to select interface you want to use for sniffing. If you want to sniff remote system then you have to provide remote system's IP address, user-name and password (should be administrative account). It also allows null session capture but today hardly any OS is susceptible to null session, I can hardly say this option will work.

Link Layer Header Type:

Two types are available first Ethernet that all usually use and another type is DOCSIS. DOCSIS interface is for those who use internet over cable TV connection. If you do not use cable TV network for internet connection leave that option to default.

When you want to capture all traffic coming from LAN you should keep promiscuous option checked. Next option is packet capture in pcap-ng format. At present avoid using pcap-ngformat for capturing packets since pcap-ng is in evolution phase and may give out unexpected output.

(PCAP-NG Packet Capture for Next Generation its a file dump format)

Buffer size is by default set to 1MB and that's good enough for most of the networks if your connection is really very fast that you encounter packet drop while capturing packets then increase its size else don't change default value.

You can set filters while capturing packets but we will discus it in next tutorial.

You can set option to split capture in multiple file but don't use it unless you have already set any filter. From name resolution enable all name resolution. You can press start sniffing by press start button on bottom of window.

Now as all settings are done we should start our first sniffing session. Now click on third button to start sniffing open your web browser and open any website for examplewww.google.com and see what is captured in wireshark.

Filters

In last tutorial to wireshark we saw how to capture packets using wireshark. In this tutorial we will have our look on how to filter them according to need. As told earlier wireshark is not only a sniffing tool it can also be used for testing protocol implementation and network monitoring, it does have lots of filters which many of us hardly ever use . So here we will discus only those filters which are mostly used.

Filtering by IP address:

Now suppose you want to filter all those packets where IP address 192.168.248.128 is present then you have to type following command in filters,

ip.addr==192.168.248.128

if you also want to filter packets holding IP address 96.17.181.18, then above command will be modified as,

ip.addr==192.168.248.128 && ip.addr==96.17.181.18

where && means AND. If you want to list packets which holds any one IP address from above then the same filter will be written as follows,

ip.addr==192.168.248.128 or ip.addr==96.17.181.18

You can use as many && and or, but keep in mind all commands in wireshark strictly follow mathematical set theory for filtering so you have to be accurate to filter packets.

If you want to filter packets where source IP is 96.17.181.18 and destination IP is 192.168.248.128 then you can specify filters as follows,

ip.src== 96.17.181.18

ip.dst== 192.168.248.128

You can use && and or switches equally with any filter.

Filtering by ports and protocols:

To filter packets by protocols just type name of protocol in filter box. For example TCP, UDP, HTTP, SMTP etc. To add port to filter add name of protocol appended by port number, look at following example,

ip.dst== 192.168.248.128 && tcp.port=443

Above filter will list all packets from TCP port 443 for destination 192.168.248.128

Filtering by MAC address:

You can use following filter to list packets with specified MAC address.

eth.addr=00:0c:29:0e:15:24

eth.src==00:0c:29:0e:15:24

etc.dst==00:0c:29:0e:15:24

Lastly before you specify new filter you have to clear previous filter, to do s

Stealing Password And Cookie

As told earlier sniffers are widely used for stealing passwords and cookies so as a last part to wireshark tutorial I 'll roughly cover how you can do this. For this demonstration you'll need Mozilla Firefox web browser and Add-N-Edit Cookie add-on. After installing Firefox you can download add-on from following links. Once installed restart your browser, you can access this add-on from tools menu.

Add-N-Edit Cookie

Add-N-Edit Cookie

Now first of all I 'll clear how you can steal passwords. Suppose you want to steal password of victim who has account on some http://www.abcxyz.com website then first of all open website on your own browser and view source code. If the site does not uses embedded java script for log-in then and only then you can capture password in plain text format. If URL of site contains https instead of http then all credentials will be encrypted before transmission and you'll not get any credentials. So if above conditions are met then start capturing packets.

Now click on Edit and select Find Packets, from find window select,

Find by: String

Search in: Packet details

and in string section value specified for password box. Since the action will be post while sending credentials, select a packet with POST in it. See packet details and you'll get user-name and password.

Now if the website uses embedded Java script or https you will not get password, in such cases find packets with word cookie. Copy all details about cookies in it, now open your Mozilla Firefox click on Tools and open Cookie Editor, select Add New and input all cookie details and you are done, you'll not need any password just log-in by typing website URL.

1) Make a Blue Facebook Status Update:- This is one of the coolest Facebook tricks because it not only makes your status update change color, but it also turns it into a link where does the link lead you ask? It leads to the profile page of the person who clicked it, so you can actually troll your friends with this trick.

Step 1: Write the following line in your status update: @@[1:[0:1: write here ]]

Step 2: Replace the write here text with any text you wish to become blue. You can add more text before or after the code, to make this look even cooler.

Step 3: Post the Facebook status :)

2) How to control Facebook Tags:- So you went to a party and woke up to the horror of realizing that you got tagged in some horrible pictures? We say no more! It is time to take the power back from our friends and let us decide where we want to be tagged, and what tags we want to be published on our timeline. So you must be asking yourself what do I have to do to make it happen? it's simple just follow our easy tutorial below. To begin we will need to go to the Privacy Settings of our Facebook account. The privacy menu

can be accessed by clicking the white arrow pointing down near the home button in the top right

area of the screen

Once you click it you will have to choose the option called Privacy Settings from the dropdown menu

Inside the Privacy Settings menu Facebook presents various options to fine tune your profiles settings, but for this Facebook tip we will be customizing the Timeline and

Tagging options only.

Click on the Edit Settings button for the Timeline and Tagging options

Once you click on the Edit Settings button, a new pop-up screen will open, showing a list of

possible settings, it will look something like this:

As you can see, I marked the option we need in Red. By clicking on this option in the list,

Facebook will ask you to enable or disable this setting, we want it enabled.

Now that you have this setting enabled, each time someone tags you in a picture or a post the tag will be sent for verification before it is posted on your Timeline. So no more tags on horrible party pictures or spamm posts, you control your timeline once again :)

3) How to Update Blank Status on FACEBOOK

STEP 1. - First of all login to your FACEBOOK account.

STEP 2. - Now type this code in your status bar and click on post

@[0:0: ]

STEP 3. - You have done, your blank status has been updated.. Thanks friends to read my this

trick and i'll be back with a new awesome trick. Thanks once again NOTE: You can use this code multi time to update long blank status i.e @[0:0: ] @[0:0: ] @[0:0: ] ___________________________________________________________________________________

4) Schedule Facebook Status Updates with LaterBro

I just discovered a cool service called Later Bro that allows you to schedule status updates any time

in the future.

The feature that this app has that other status scheduling apps do not is the ability to set recurring

status updates every day, every other day, every week, every other week, monthly or annually.

I don’t know why you would want to send the same status every day, but it’s nice to have the option.

Sendible is another tool you can use for scheduling updates for personal profiles and Facebook

Pages. Later Bro is for a single personal Twitter or Facebook account, not for Facebook Pages.

Hootsuite offers similar functionality to Sendible, and although both Sendible and Hootsuite work with

Facebook Pages, the free accounts they offer are also both limited in one way or another.

Website:- http://laterbro.com/

___________________________________________________________________________________