How To Steal Session Cookies And Hijack A Facebook Account

16/07/2011 23:27

An attacker can use several methods to steal authentication cookies from her facebook that the network is activated, if an attacker is in the center and base radios, just intercept the traffic with a packet sniffer and access to the accounts of victims .

If an attacker is on a switched network based, it would use an ARP request to capture Poisoning authentication cookies, if an intruder is on a wireless network, it just needs a simple tool called the four sheep grab the authentication cookie and gain access to victims account.

In the example below, I will be explaining how a hacker can capture your authentication cookies and hack your Facebook account with wireshark.

Step 1 - First Download Wireshark from the official site and install it.

Step 2 - Click on Next to open wireshark to analyze and click interfaces.

Step 3 - Then select the appropriate interface and click Start.

Step 4 - Continue to sniff for about 10 minutes.

Step 5 - After 10 minutes to stop the packet sniffer to capture the menu and select Exit.

Step 6 - Next set of http.cookie filter contains "Datran" top left, this filter will scan all HTTP cookies with the name of Datran, Datran And we do know is the name of the authentication cookie Facebook.

Step 7 - Right click on it and goto Next Copy - Bandwidth - printable text only.

Step 8 - then you want to open firefox. It takes two and cookieinjector Greasemonkey script (http://dustint.com/code/cookieinjector.user.js). Now open Facebook.com and make sure not logged in

Step 9 - Alt-C to show the witness, just stick the nozzle in the value of the cookie in it.

Step 10 - Now, refresh your page and you are connected to Facebook victims.

Note: This attack only works if the victim is the connection http:// and https even if an end to end encryption is not enabled.

Against

The best way to protect against session hijacking attacks is to use an HTTPS connection every time you log into your Facebook, Gmail, or Hotmail email account. Because cookies can be encrypted so even if an attacker manages to capture the session cookies will not be able to do something with cookies.