How To Hack Facebook Accounts By Tabnabbing

Phishing is the simplest way that you can use to hack Face book ,GMail accounts or any other email account, In this article I'll teach how you can use Tabnabbing (an advanced phishing technique) to hack Facebook accounts ,If your new to phishing or you don't know what tabnabbing is ,then i would strongly suggest you to read the following articles before reading this one

Hack Facebook Accounts By Tabnabbing 

Tab-nabbing is an advanced  Phishing technique .it requires a lot of coding to be done ,But i have tried to keep it as simple as possible hope you like the following tutorial


1. You should know how PhishingTabnabbing works  if not read the following articles

  1. What is Phishing 
  2. Hack Facebook accounts by Phishing 
  3. Tabnabbing - A New Type of Phishing Attack

2. A Free Web Hosting Account - You can or

3. You should have the following files which are required for tabnabbing   

  1. Facebook.html  -Fake Facebook login page (phisher) 
  2. login.php - Script which captures the login details of the victim
  3. google.html - Standard google page used to trick the user
  4. tabnabb.js - Java script which is required for tabnabbing
You can download all the files from Here  & to get the password Click Here

1. First a fall  download all  the files and extract them using winrar or win-zip , Then upload  facebook.html ,login.php & google.html to your free web webhosting account

2. Now open tabnabb.js using a notepad , Search for "Enter your URL here" , Now replace it with your "Facebook.html" url which you uploaded in the previous step, finally save it and upload  tabnabb.js to your hosting account

3. By now you should have successfully uploaded all the four files to your hosting account as shown

4. Now to check whether the hack is working, click on the google.html link and open it , Now open few new tabs , After some time you will see google page switched to your fake Facebook page

5. Now once the victim enters all his credentials in our fake facebook login page and clicks login, he will be redirected to  page to avoid suspecion

6. To see the victim login details go to your hosting account where you will see a new file "log.txt" Open it to see the victims user-id and password

Most of you get confused so I've made a demo You can check out my  (Demo) , Now Open some new tabs ,after some time you will see the Google page switched to our fake Facebook login page , enter some trial worlds i strongly object you  not to enter your original details , you can see the words that you entered from (Here)

I hope you Enjoyed The Post For Further doubts and clarifications please pass your comments

Subscribe to Hackaholic

Enjoyed this article?
Subscribe to "Hackaholic"and get daily
updates in your inbox for free!

Related Posts Plugin for WordPress, Blogger...

a. Hossain. BD

Bro,, this is da best post of tab-napping i,ve got so far thanx..


Finally, this worked out for me.. nice
if i want to change in phishing site, then what should i do ??


john, are we gonna use the same javascript to hack other site. like yahoo to redirect to gmail(phis).. what should we do on that case.


U always give us the best tutorial..thx for all the tutorial u u always..


hello sir can you please tell how to hack imvu credites??? thx


i have opened an account in .. i opened an domain also.. but after that it says :
Your domain is not yet pointing our server, so services such as FTP, Website Builder or File Manager may not work. You need to update nameservers to,
for your domain. This warning will be removed once your domain will
start resolving to our server (24-48 hours after the nameserver update).

i just want to upload my phishing files up there.
what should i do.. show me...
write in details.. please sir..


I wanna ask a question about Ettercap. Can you upload Ettercap (compiled version that YOU have and don't forget to put it in a winrar) on Ziddu and mail the link to please?

UGaround said on September 9, 2011 at 11:07 PM :

Thank you john for exposing this new kind of phishing

It works fine woot

UGaround said on September 14, 2011 at 6:16 AM :

Dang its all ok but..

im easily banned!!!

john do you have any program thingys that can stop baNNing my account!

UGaround said on September 17, 2011 at 7:21 PM :

Hey john,

Can you tell me the script that makes the login.php makes the log.txt when the VICTIM enters his/her email n pass

Thanks in ADVANCE

umar7927 said on October 10, 2011 at 12:28 AM :

ok i do all the steps and it works perfectly but one thing i want to know how can i trap my victim though the victim is at another place and i cant physicaly access to his/her system.plz tell me what should i do in this situation.


Lol THnxx Very Much :P
This Workss :A


Can you please tell me how to trick the victim to open the link to the real page (google for example) and keep the page open? I think that's the most difficult thing as nobody is dump enough to open a google page from an email.

John ( Admin ) said on January 16, 2012 at 12:40 AM :

you can actually modify the victims host page, basically redirecting google to your web server or your site were u host ur fake google page >>


explain 4. does the victim have to open the google page and then what? the victim has to open a bunch of tabs too? how do u get the victim to open a bunch of tabs for no reason? plus, why google?

John ( Admin ) said on March 22, 2012 at 7:40 PM :


Ya pls READ the following tut

chaytu said on March 25, 2012 at 2:18 PM :

@chaytu I found your tutorial pretty interesting and I've tried executing this in 000webhost but whenever i try to open the google file, one of the tab is not redirecting to the fake facebook url. instead it is redirecting it to 000webhost page with 'error' displayed on the url.. Can you please explain me the step where i went wrong


hi!! while i try to edit the .js file... i cannot open it on notepad. It shows ACCESS IS DENIED. please tell me wat the problem is.
Also i tried to upload without editting, that too was not allowed. Please help..thanks!


Your pages are not working. When i extracted it was showing corrupt files and said couldnt be extracted ?????


Hey can you please tell me how to solve this........
because when i opened google page and switched to other tab it didnt turned to fb page but it showed error 404. Can you please tell me how to solve it ????


bro , i'm always supporting u ! all of ur tutorials work fine for me ! :D

*i'm malaysian :D

REPLY said on September 16, 2012 at 10:02 AM :

Tabnapping is one of the best ways to get a Facebook password!

Manish Gautam said on September 20, 2012 at 6:45 AM :

some antivirus can banned this trick easily :-(

jimmy said on November 27, 2012 at 8:18 AM :

i cannot open tabnabb.js
it is saying that i have to take permission from owner to open this file..
can somebody help me?

Unknown said on November 28, 2012 at 2:51 AM :

it works thanks. if i send the google link to the victim through facebook chat, the victim will never LOG IN to the fake facebook page as long as he/she is logged in fb. so it is useless if the victim is currently logged on facebook. is there any chance or way on how to automatically open multiple tabs of fake facebook page with this tabnabbing technique?

Unknown said on January 2, 2013 at 1:32 AM :

Link works only fir 3-4 days after that free webhosting close our account

Unknown said on January 2, 2013 at 1:35 AM :

We can also made our own script to send hacked passwords to our mail id

Unknown said on January 17, 2013 at 11:42 AM :

Hey dear, can u help me how can i do this....
Reply me on..

Unknown said on February 3, 2013 at 4:06 AM :

sir please send some other free server website

AMAN DEEP said on May 17, 2013 at 8:40 AM :

What's d password bro.......the file is removed from tell me.

John ( Admin ) said on May 19, 2013 at 10:38 PM :


Links are working please check again, And the pass for all the files is "@hackaholic"

Unknown said on May 29, 2013 at 4:44 AM :

Hey bro!
I did as you said, uploaded files!
I myself tried the fake link. I entered my email id and password and I got redirected to my FB page too.
But still there's no sign of login.txt in my webhosting account.
Whats happening?
Did I do anything wrong?
Please reply asap bro :)

John ( Admin ) said on June 1, 2013 at 7:34 PM :

@Santosh Bammigatti

Please check your file permissions for the files is (777)

muhajir said on July 14, 2013 at 2:23 AM :

sir,i want to know that how can i see the password behind the asterisk(*)not dot.....please tell me the trick or software

Unknown said on November 28, 2013 at 10:32 AM :

why no have ''ENTER YOUR URL HERE'' ?


Use the form below to comment. No spam please!!!

© 101hacker | Design by Mukund edited by John
Powered by Blogger