*this tutorial is only for education purpose . stealing someone wifi data and cookies is a offencive crime.
What is Cookie?
cookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers.
Perhaps most importantly, authentication cookies are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with. Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require the user to authenticate themselves by logging in. The security of an authentication cookie generally depends on the security of the issuing website and the user's web browser, and on whether the cookie data is encrypted. Security vulnerabilities may allow a cookie's data to be read by a hacker, used to gain access to user data, or used to gain access (with the user's credentials) to the website to which the cookie belongs .
Such that when you logged into facebook account using your browser facebook sends cookie which saved in your computer.Which helps facebook to remember that you are logged in or not .
The cookie which Facebook uses to authenticate its users is called “Datr”, If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your Facebook account. This is how a facebook authentication cookie looks like:
Cookie: datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;
How can you hijack cookies?
Hijacking cookies can be done in various way depending upon the network .
If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.
If an attacker is on a Switch based network, he will use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called Firesheep to capture authentication cookie and gain access to victims account.
and if attacker have directly physical access to computer than he directly export cookie from browser in form of text file and copy paste in his external device.
Hijack facebook cookies of client in your local network ( Wifi)
so to hack in into a facebook account you firstly you have to hijack cookies than importing it into your browser
Hijacking facebook cookies.
Step 1: Fire up your Kali Linux and open a terminal.
Step 2: type "arp-scan --interface=wlan0 --local"
my target ip address is 192.168.1.100 your may be different.
note down this ip adress.
Step 3: type : gedit /etc/ettercap/etter.conf
this open a etter.conf file like this:
now scroll download and find linux section than ip tables and remove that hash tag #
and save the file .
Step 4:- Now download this file
this contain a script ......and move this file named capture.sh to your desktop ..and than change your directory to desktop by entering cd Desktop in terminal.
Step 5:-Run capture.sh
run this script by entering ./capture.sh
your gateway i.e 192.168.1.1
your target ip .copied from step 2 .mine 192.168.1.100
Now you have to wait while your client logged in to his facebook account .As he looged in packets capture in .pcap file root directry
Step 6: Open wireshark
now go to filter and type http.cookie
go to find packet and type DATR than click find
Congrats you finally succeed to get authentication cookies . Now time to inject this cookie into your your web browser .
Check out complete video tutorial of the same and how to inject cookies into your browser.
what if i have cookies in txt file with all values such as c user,datr,etc
ReplyDeleteCorrupted script link
ReplyDelete