Hi All, Continuing to our Course on Hacking Facebook Account. We have now stepped in advance level Hacking Tricks. Today we are going to discuss how any Hacker can Steal Facebook Cookies to Hijack Current User’s Session. This is also called Man In the Middle Attack.
We’ll use WireShark Network Protocol Analyzer. It can be used for Capturing Packets and cookies within a Network i.e LAN, WiFi etc.

Today I am gonna Steal My Friend’s Facebook Cookies who is sharing my WiFi Network.:p .

What is Facebook’s Authentication Cookie? How is it Vulnerable?

Cookies, HTTP/HTTPS Cookies are helpful for WebSite for Storing User Specific Data in User’s Browser itself for reducing Overhead on Server round trips.However Cookies can also get you in trouble if someone is able to steal it from your system.Facebook uses “datr” Cookie Authentication mechanism.Attacker will use Your sessions cookies and inject in Browser. Browser will redirect him to your account State at that time.

Hacking Facebook Using Cookie Stealing and Session Hijacking

How to Use WireShark for Capturing Cookies

WireShark is a Packet Sniffer which Sniffs a Network and captures Packets being Transferred, So it also captures Session Cookie Packets being used for any Website Say Facebook, Gmail, Hotmail etc. Therefor it’s a very popular tool among Hackers for Stealing Victim’s Cookies and hijacking their logedin sessions.
We can use this tool for any kind of Network, right now i am going for Wireless network.

so, let’s see how it works…

• Download Wireshark Protocol Analyzer(latest version Preferred).
• Install and run. Go to Capture -> Interfaces.

• It will open Interface window containing All Interface Supported. You can check Active interfaces by seeing on packets. If they are updating it means network is active. As in snapshot below i am going for Wireless Network Connection. Check out this network and click Start.

• Packet Capturing will start. Now we have to set Filter for Our desirable packet.i.e Cookie for Facebook.
• Click on Analyze-> Display Filters. There Input FilterName as Http.cookie and FilterString ashttp.cookie contains datr.Then push Apply. Now Filter has been set. Just wait for 10 mins it will Fetch and display cookie containing “datr”.

• After Some time you will find Cookie Packet containing datr value in the result window.

• Now Right Click Node Filtered for “HTTP Cookie datr”. go to Copy -> Bytes -> Printable text only.

• Put in a notepad copied text and select value like :

  Cookie: datr=ZNHCUlHbFOue6NKOWLQaRUgvdsabsacg789

• Now we’ll need some agent for Injecting this Cookie value to browser. This we’ll do via cookie Injector Script Download here. And A Chrome Plugin TemperMonkey (if you are using chrome), Greasemonkey for Mozille.Script will be run in browser via Plugin added.
• Now Open Plugin and Script Code to it. Once it’s added to Plugin. Open Facebook Login Page in a new window.
• Now Press ALT+C . It’ll Call Cookie Injector dump Window. There you Put the Copied Cookie Value.and press ok.

• Cookie has been Injected to browser. Now just Refresh the page & you’ll be logged in to Victims Account.

Points to Note:
This method of Facebook Cookie Stealing and Hijacking won’t work for HTTPS end to end encryption enabled protocol as Cookies will be Encrypted. So won’t work.