Hack Facebook / Twitter Accounts by stealing cookies

In this tutorial i will explain how you can hack a Facebook/twitter accounts by stealing cookies. This method works only when the victims computer is in a LAN (local area network ).Best place to try out this is in schools ,collages ,cafes . where computers are connected in LAN .Before i proceed let me first explain "cookies "


What Are Cookies ? And What Is The Use Of Stealing Cookies ?
Cookies are small files that stored on users computer by websites when a user visits them. The stored Cookies are used by the web server to identify and authenticate  the user .For example when a user logins in Facebook a unique string is generated and one copy of it  is saved on the server and other is saved on the users browser as Cookies. Both are matched every time the user does any thing in his account

So if we steal the victims cookie and inject them  in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account . This is called as Side jacking .The best thing about this is that  we need not no the victims id or password all we need is the victims cookie



Hack Facebook / Twitter By Stealing Cookies
Things we need :-
1. Ettercap or Cain and able for ARP poisoning the victim
2. Wire shark for sniffing and stealing cookies
3. Firefox browser and Cookie logger add on for injecting the stolen cookies in our browser


Procedure :-


1. First ARP poison the victim .For this you can refer my previous articles on how to ARP poison the victims computer using Cain and able or Ettercap

2. After ARP poisoning open Wire shark ,click capture button from the menu bar , then select interface .Now select your interface (usually eth0 ) finally click start capture .

3. Now you can see the packets being captured , wait for a while till the victim logs in his account( Facebook /twitter ),

4. Mean while Find the IP address of Facebook ,for this you can open  CMD (command prompt ) and enter .Ping Facebook.com to find its IP address


5. Now filter the packets by entering the the IP address (Facebook) in the filter bar and click apply



6. Now Locate HTTP Get /home.php  and copy all the cookie names and values in a note pad as shown



7. Now open Firefox and open add and edit cookies ,which we downloaded earlier , add all the cookie values and save them as shown


8. Now open Facebook in a new tab , you will be logged in the victims account .


Voilà ......you have hacked the victims Facebook account by stealing cookies , You can also follow the same steps to hack  Twitter accounts


Hope you enjoyed this tutorial , If you have any doubts please feel  free to post a comment    

Subscribe to Hackaholic

Enjoyed this article?
Subscribe to "Hackaholic"and get daily
updates in your inbox for free!

Related Posts Plugin for WordPress, Blogger...

Anonymous

the add on is not working anymore with the latest firefox.

REPLY
John ( Admin ) said on May 3, 2011 at 8:46 PM :

@Anonymous

then try the following cookie editor add ons

https://addons.mozilla.org/en-us/firefox/addon/edit-cookies/
https://addons.mozilla.org/en-us/firefox/addon/cookie-manager/

REPLY
Anonymous

thanks admin..can you post about how to encrypt our network so the attacker cannot steal our cookies?

REPLY
John ( Admin ) said on May 4, 2011 at 11:41 PM :

@Anonymous
U can USE "https"...
i will be covering countermeasures for this hack in a separate article .........

REPLY
Anonymous

hye admin..can you make a tutorial on how to install ettercap in windows XP? i've tried googling but no tutorial that easy to understand like yours..

REPLY
Irritating things with facebook said on July 7, 2011 at 11:39 PM :

Read why facebook is an irritating social networking site at http://paidcritique.blogspot.com/2011/07/irritating-things-with-facebook.html

REPLY
Anonymous

is it possible to hack anybody's facebook account just using her IP adress?

REPLY
Anonymous

hey john im having trouble find the http get/ home I can see that they are on facebook but cant find that??

REPLY
John ( Admin ) said on July 23, 2011 at 7:12 PM :

@h8cker4life

Use the filter option in wirehsark and enter "HTTP" in it , after which you will only see HTTP packets now search for get

REPLY
Anonymous

Hi, I suscribe yo your blog recently (my mail is barcelona_541@hotmail.com) one question: When you post in your blog notes, the in my e-mail it's gonna advice me isn't? Thanks for your blog really helps me to understood things 10/10.

REPLY
John ( Admin ) said on July 29, 2011 at 2:22 AM :

@Anonymous

YA ur wright u will get instant updates to ur email !!!!!!!

REPLY
Anonymous

can you make video tutorial.please...

REPLY
izabela said on August 7, 2011 at 10:15 AM :

nice, very explicit tutorial, thx

REPLY
Anonymous

i cudnt make it.. aftr gettin cookie value.. wat we shud do exactly!? plz help me out!!

REPLY
John ( Admin ) said on August 10, 2011 at 7:25 PM :

put each and every value in the cookie editor .

REPLY
FrancisM.

Hey the Ads on is not working for my Firefox 6.0 ? any updated software please??

REPLY
John ( Admin ) said on August 29, 2011 at 7:01 PM :

@FrancisM

then try the following cookie editor add ons

https://addons.mozilla.org/en-us/firefox/addon/edit-cookies/
https://addons.mozilla.org/en-us/firefox/addon/cookie-manager/

REPLY
Anonymous

HEY HACKAHOLIC! I like this article but my situation is more simple. I have access to the persons mac I want to get the cookie from. How can I access this cookie and get all the information I need. They use firefox, chrome, safari for mac. Thank you

REPLY
benithegame said on October 22, 2011 at 6:10 PM :

can we to that by google chrome ?

REPLY
John ( Admin ) said on October 25, 2011 at 9:33 AM :

@benithegame

yA U CAN !!

REPLY
flippp said on October 26, 2011 at 5:20 PM :

Can i do this to a victim which is not on my network? i mean his on a different network connection. Example, Hongkong (me) and Japan (victim)? Does it will work on that scenario?

REPLY
John ( Admin ) said on October 27, 2011 at 8:54 PM :

@Ela

No You cant, u can only carryout this attack if the victims computer is in the same network >>

REPLY
Anonymous

I have values for datr, act, c_user, fl, lu, sct, xs, presence, wd and p. First i was able to login his account but then he logged out and ever since when i put these cookies, facebook prompts me for the password. Any idea why could this be happening ?

REPLY
codrut said on November 6, 2011 at 9:07 AM :

Thanks Jeff :), very straight forward. I wonder, is there is any way/idea to bypass the domain check/mask the domain, in order to gain access from server1 to the cookies from server2?

REPLY
Anonymous

can i get their password??

REPLY
John ( Admin ) said on December 1, 2011 at 6:44 PM :

@Anonymous
NO U CANT, Your only hijacking a session >>>

REPLY
Anonymous

Should I use a proxy while accessing their account?

REPLY
vishal said on January 24, 2012 at 8:34 AM :

is diz applicable in home switch based LAN ?

REPLY
sunil said on January 28, 2012 at 4:10 AM :

please bro upload a video tutorial for understand it easily

REPLY
Anonymous

Our computers are on the same network, but I do not have access to the vic's computer - it is PW protected. Is there a way to do this without access to their computer?

REPLY
John ( Admin ) said on February 3, 2012 at 11:51 AM :

@ANONYMOUS

No this hack only works in LAN

REPLY
Anonymous

If the account i want to enter is not in LAN, but i've stolen the victims cookies, can i still do this ??
Thx very much
Douglas

REPLY
AdamWong said on March 14, 2012 at 10:57 AM :

@anonymous ,i want to ask same question
as i used winspy to copy cookies of facebook and other
now i am confused what to do
is there anything i can do
plz do reply
i like this site always

REPLY
John ( Admin ) said on March 15, 2012 at 6:51 PM :

@sushanta ,Anonymous

There is no use of stealing the cookies they will die after the victim logs out so there's no use , Only way is to carry out the hack simultaneously

REPLY
Anonymous

for injecting cookies try greasy monkey n cookie injector ,,after instling both as add ons in firefox just press alt+c and paste the cookies u pickd up (copy the cookies as printable text only & then paste it ).........

REPLY
Anonymous

verry impressive...

REPLY
face said on May 12, 2012 at 12:06 PM :

This is a superb weblog.
I am not existing on facebook any more but I really wish I would have
discovered something like this when I resided there. Very realistic.
My spouse and I just began on our weblog about economical situation
known as http://feltores.com/ because of seeing the deficit of economical
knowledge we obtained in institution. Keep it up! It looks great!
Website Click here

REPLY
face said on May 12, 2012 at 12:07 PM :

This is a superb weblog.
I am not existing on facebook any more but I really wish I would have
discovered something like this when I resided there. Very realistic.
My spouse and I just began on our weblog about economical situation
known as http://feltores.com/ because of seeing the deficit of economical
knowledge we obtained in institution. Keep it up! It looks great!
Website Click here

REPLY
Unknown said on June 2, 2012 at 8:09 AM :

with this method,can i hack anyone's account of other hostel??????
means other hostel connected via proxy servers.

REPLY
wandering soul said on July 17, 2012 at 10:22 PM :

how to install ettercap?? i downloaded this "ettercap-0.7.4.1" and aftr opening it, i dont know what to do anymore. file types and instructions arent familiar to me.

REPLY
wandering soul said on July 17, 2012 at 10:33 PM :

how to install ettercap? i downloaded this "ettercap-0.7.4.1". after i opened it, i dont know what to do anymore. im not familiar with the file types used. please help

REPLY
wandering soul said on July 18, 2012 at 6:03 PM :

i dont know how to install ettercap.please help me

REPLY
ethical said on January 28, 2013 at 9:32 AM :

john can u plz tell me how to create malware attack and how can we create worms?

REPLY
John ( Admin ) said on February 2, 2013 at 12:34 AM :

@ethical

Sure I will soon write A tutorial on that , Till then Keep Visiting

REPLY
Unknown said on February 11, 2013 at 4:32 AM :

hello john we can't edit cookies it says "http only" and espacially cookies of security datr= and xs= and p= and so on any idea?

REPLY
Admin said on July 15, 2013 at 3:05 PM :

Thanks Admin! great site for tips and tricks

REPLY
Unknown said on July 17, 2013 at 5:18 PM :

now facebook working with https in this way we can steal only login e mails no passwords so how can we do it on the https?

REPLY
Unknown said on July 20, 2013 at 8:59 PM :

Hellow jhon how can I Huck into my wife email

REPLY

Use the form below to comment. No spam please!!!

© 101hacker | Design by Mukund edited by John
Powered by Blogger