What is Cookie Stealing?
Cookie theft occurs when a third party copies unencrypted session data and uses it to impersonate the real user. Cookie theft most often occurs when a user accesses trusted sites over an unprotected or public Wi-Fi network. Although the username and password for a given site will be encrypted, the session data traveling back and forth (the cookie) is not.
Cookie theft can be avoided by only logging in over SSL connections or employing HTTPS protocol to encrypt the connection. Otherwise, it is best not to access sites over unsecured networks.
An attacker can use a variety of methods to steal a Facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.
If an attacker is on a Switch based network, he will use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called Firesheep to capture authentication cookie and gain access to victims account.
hack facebook using cookie stealing and preventing the method
In the example, below I will be explaining how an attacker can capture your authentication cookies and hack your Facebook account with Wireshark.
Step 1.
First of all download Wireshark from the official website and install it.
Step 2.
Open up Wireshark click on analyze and then click on interfaces.
Step 3.
Next, choose the appropriate interface and click on start.
Step 4.
Continue sniffing for around 10 minutes.
Step 5.
After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.
Step 6.
Set the filter to http.cookie contains “datr” at the top left, This filter will search for all the HTTP cookies with the name datr, And as we know is the name of the facebook authentication cookie.
Step 7.
Next, right click on it and goto Copy – Bytes – Printable Text only.
Step 8.
You’ll need to open up Firefox. You’ll need both Greasemonkey and the cookie injector script. Now open up Facebook.com and make sure that you are not logged in.
Step 9. Press
Press Alt+C to bring up the cookie injector, Simply paste in the cookie value into it.
Step 10.
Now refresh your page and viola you are logged in to the victim’s facebook account.
Now am teaching you,
Secure your facebook account from phishing attacks
Step 1.
This Attack will only work if the victim is in HTTP:// connection and even on Https:// if an end to end encryption is not enabled.
Step 2.
Always use HTTPS secure connection, that will help to secure from hackers.
Step 3.
Always clear the cookies and try to avoid saving passwords in browser. And also delete cache of browser and manifest PC temp file.
Go to “Run” (Win+R) and type %temp% hit enter, delete all the files from the temp folder appearing.
Incognito-browsing.. Automatically prevents from cookie stealing
In Chrome.
Ctrl+Shift+N – Incognito mode
In The Internet Explorer
Ctrl+Shift+P – InPrivate mode
hack facebook using cookie stealing and preventing the method
tags: hack facebook using cookie stealing, hack facebook using cookie stealing and preventing the method, hack facebook using cookie stealing, prevent cookie stealing from hackers, hack facebook using cookie stealing
We hope this article will help you to stay secure online. If you have any doubts please contact us by commenting here. We are always here to help you.
Note: All our contents are entirely created for the educational purpose and do not misuse any of this contents Copyrighted contents will not copy without our permissions. Just visit copyright policy