To hijack a facebook session in a network .

Requirements:

Wireshark  :http://www.filehippo.com/download_wireshark_32/

Cookie injector : http://dustint.com/code/cookieinjector.user.js

Cane and able : http://www.softpedia.com/get/Security/Decrypting-Decoding/Cain-and-Abel.shtml

GRESE MONKEY ; https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/

 

Procedure

1.Install Wireshark, Cain and Abel, Grease Monkey, Cookie Injector.
2.Start Wireshark
3.Go to Capture -> Interfaces (Ctrl+i) . Select & Click start your interface card through which the traffic is passing.
4.Install Cain and Abel. (Note : Winpcap driver should not be installed again if intalled with wireshark else it will create issues)
5.Start Cain and Abel
6.Click Configure > Select the interface card, click ok
7.Start the Sniffer
8.Go to Sniffers Tab
9.Click Add items to the current list.
10.Then a MAC Address scanner will come up in which select the (All the hosts in my subnet) & Click ok
11.Now you can see the IP Address and MAC Address collected in the sniffers tab.
12. Now go to APR (ARP Poison Routing)
13. Inside the ARP Poison Routing click inside the spaces (so that you can get you Add the items to the current list activated) and now click on add items to the list in which u get a New ARP Poison Routing with a list of hosts on the left side and the right side .

14. Select the Target IP Address on the left side and on selecting itself you get an option to select another IP Address (Gateway) from the right side which is ofcourse the gateway and click ok.
15. Now you are ready about to do ARP Poisoin Routing (as you can see its status is idle).Click it and start APR.
16.Now move to wireshark and start analysing the traffic, you can see the traffic coming to your computer from the targte ip address .
17. If the victim is using facebook or he login into facebook ,then you get his cookies.
18.In the wireshark filter section type http.cookie contains datr , datr is the value present in facebook cookies.

19. Now it will filter out all the packets containing cookie value.Right Click on it Copy> Bytes > Printable Text Only.

20.Open your Mozilla Firefox, go to http://www.facebook.com/ then use (Alt + C) .Wireshark Cookie Dump will come up and paste the contents that you have copied from the wireshark into it and click ok.

21.You can see a grease monkey alert message on clicking OK ie All Cookies have been written.

22. Now Refresh your browser.You are into his/her Account.

Result : Facebook Session Hijacked by rerouting the traffic using Cain and Abel. MITM (Man in the middle Attack)

Prevention : Inorder to Prevent from this kind of attack always use HTTPS.

                                                                                                                                                                         -- мσgℓι