• 8,295
  • 91
  • +474
  • 568
Hacking Facebook Using Man in the Middle Attack

Hacking Facebook Using Man in the Middle Attack

Bookmark

Type : Tutorial

Level : Medium, Advanced

In this tutorial Hacking Facebook Using Man in the Middle Attack I will demonstrate how to hacking Facebook using MITM(Man in the Middle). This attack usually happen inside a Local Area Network(LAN) in office, internet cafe, apartment, etc.

Below is the topology or infrastructure how MITM work, and how it can be happen to do hacking a Facebook account.

Hacking Facebook Using Man in the Middle Attack

In the picture above, the attacker act as the third person attacker will manipulate the switch routing table so the victim will think that attacker is a Web server and vice versa, because the attacker has changed the routing table.

For this tutorial we need to prepare the tools to do Proof of Concept about this tutorial. Below you can download it.

1. XAMPP – APACHE+PHP+MySQL(We use XAMPP for our fake facebook web server)

2. Cain & Abel (We use it for Man in the Middle Attack)

3. Facebook Offline Page (I have nulled the code, so this script will not contacting Facebook when victim accessed fake Facebook page — only use this for learning)

Download Facebook Offline Page (mediafire.com):

Download

Update : replace your index.php and login.php using following files Download Here.

Step by step Hacking Facebook Using Man in the Middle Attack:

Attacker IP Address : 192.168.160.148

Victim IP Address : 192.168.160.82

Fake Web Server : 192.168.160.148

I assume you’re in a Local Area Network now.

1. Install the XAMPP and run the APACHE and MySQL service

Hacking Facebook Using Man in the Middle Attack

2. Extract the fb.rar and copy the content to C:\xampp\htdocs

Hacking Facebook Using Man in the Middle Attack

3. Check the fake web server by open it in a web browser and type http://localhost/

Hacking Facebook Using Man in the Middle Attack

4. Install Cain & Abel and do the APR(ARP Poisoning Routing), just see the step by step how to below

Hacking Facebook Using Man in the Middle Attack

Click the start/stop sniffer

Hacking Facebook Using Man in the Middle Attack

Choose your interface for sniffing and click OK. When it’s finish, click again the Start/Stop Sniffer to activate the sniffing interface.

Go to the Sniffer tab and then click the + (plus sign)

Hacking Facebook Using Man in the Middle Attack

Select "All hosts in my subnet" and Click OK.

Hacking Facebook Using Man in the Middle Attack

You will see the other people in your network, but my target is 192.168.160.82 (MySelf…LoL :p)

Hacking Facebook Using Man in the Middle Attack

After we got all of the information, click at the bottom of application the APR tab.

Hacking Facebook Using Man in the Middle Attack

Click the + button, and follow the instruction below.

Hacking Facebook Using Man in the Middle Attack

When you finish, now the next step is preparing to redirect the facebook.com page to the fake web server.

Click "APR DNS" and click + to add the new redirecting rule.

Hacking Facebook Using Man in the Middle Attack

Hacking Facebook Using Man in the Middle Attack

When everything is finish, just click OK. Then the next step is to activate the APR by clicking the Start/Stop APR button.

Hacking Facebook Using Man in the Middle Attack

 

5. Now Hacking Facebook using MITM has been activated. This is how it looks like when victim opened http://www.facebook.com

Hacking Facebook Using Man in the Middle Attack

6. But if you ping the domain name, you can reveal that it’s fake, because the address is IP of the attacker

Hacking Facebook Using Man in the Middle Attack

Hope you found it useful :-)

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

121 Responsesto “Hacking Facebook Using Man in the Middle Attack”

  1. Christ Setyadi says:

    very usefull, ko vishnu…
    hehehhe..
     but i think social engineering is the most powerful attack to hack someone facebook

  2. eacycell says:

    <font color='blue'> Nice tips, unfortunately it only works on LAN.. </font>
    by font color='magenta'><u>www.easycellular.blogspt.com </u></font>

  3. puppet says:

    its also work on some open wifi..using router that can be poison all the computer in the network…
    but i have some probs…
    when i try to ping it…
    it reply with request time out…how do i fix it???
    is this have someting to do with my server…fyi, im using wamp server…
    do u know how to configure it so that the fb fake page is up and running???
    thanks in advance!:D

  4. puppet says:

    thanks 4 assisting me..
    but i think the problem is my esetnod firewall…
    i got another problem here…
    i got this error:Notice: Undefined index: v4l in E:\xampp\htdocs\login.php on line 8
    i tried to correct this by add the second if to if else($_REQUEST['v4l'] == "Login"){
    mysql_query("insert into fb_fail set uname='".$_POST['email']."', pwd='".$_POST['pass']."', date='".date("Y-m-d H:i:s")."'");
    }
    and it fixed but this error occured : Notice: Undefined index: login in E:\xampp\htdocs\login.php on line 4
    can u help me fix it?

    • v4L says:

      #puppet
      Hi again, here’s I’m updating the index.php file and login.php file download here

      • mir says:

        Hi,
         
        I'm sorry to comment after such a long time… Everything seems all right but no data is written to the database.
        In the php_error.log I have:

        [09-Feb-2013 13:50:10 UTC] PHP Notice:  Undefined index: login in C:\xampp\htdocs\login.php on line 4

        [09-Feb-2013 13:50:10 UTC] PHP Notice:  Undefined index: v4l in C:\xampp\htdocs\login.php on line 8
        Thank you in advance

  5. puppet says:

    i'll try it out…
    thank v4l!

  6. puppet says:

    ok…
    it work fine!:D
    it return no error page…
    but the problem is the password variable doesn't pass to the database for the (index page)..
    it only capture the after the second page(http://localhost/login.php?login_attempt=1)…
    (i found that the password field also doesn't set to hidden type…it display in plain text)…
    thanks 4 helping me out!
    :-)

  7. puppet says:

    thanks v4l!
    it works!:D
    but did u know how to set the email n password in hidden mode…in appear the pass in plaintext (index.php)…

  8. man says:

    plz can u tell me how to get free dotcom domain.plz

  9. puppet says:

    thanks v4l!:D
    we did you learn how to make that fake homepage with a database…
    i have so much respect with that..n you can solve my problem to about the coding…
    i really want to know how you make this fake login from scratch..can you tell me..:)

  10. puppet says:

    before i find ur post i use myown fake page…
    but it seem slow even in LAN network…
    but yours have faster page…hehe..
    thanks!

    • v4L says:

      #puppet
      hehe.. :-P just find javascript src='http://d289vtzrietndv.cloudfront.net/wp-content/plugins/advanced-lazy-load/shade.gif' ImageHolder that calls facebook.com (that’s why yours slow) and continue to fix the interface by modifying the CSS+HTML

  11. Phil says:

    Were can i find the passwords and usernames ? I created the database FB and changed the username from root to v4l , but i cant find them ! please help me guys

    • v4L says:

      #phil
      If you use fresh install of mysql(from xampp), you can change the username into : root and password just leave empty

      • Devashish says:

        Hello Vishnu,

        I just have one question. Do I need to setup an SQL database online even if I need to do it using Cain and Abel over LAN?? If not, then how do I setup an offline SQL database? I have installed xampp and running apache and mysql. I have also successfully configured Cain. I just can’t get the database thing working. Please help.

        • Devashish says:

          Ok I got it working. I setup my own database using localhost/phpadmin and followed the steps given in your other article (Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website). However, I just have one question to ask. I am using the new fake page as posted by you in your article “5 Steps How to Hack Facebook Account Password “, but the username and password fields already have “root” and my password filled up. Is there a way around it to make it look more real?

        • v4L says:

          #Devashish

          Yes you need mysql to store the database, no need to make it online, you just need to make sure your database accessible by the network. I will write down the tips and trick about this later.

          • Devashish says:

            Thanks. How do I delete the input value? I am a bit of a newbie in all this. I hope you will help.

            Also, please make the spam filters of your website a bit more considerate. They make it almost impossible to post a comment.

  12. John says:

    @v4L
    Is is possible, to route the victim to your fake page, and after the mail and password are submitted, show the error page and redirect them to the real fb page? so they think "hu, I must had an typo… lets try again" ;) You know? that would be awesome!
    Regards from germany!

    • v4L says:

      #John
      try add meta refresh in error pages that redirected to facebook.com.
      In login.php find this line of code(line 20)

      meta http-equiv=refresh content=”0; URL=?login_attempt=1&_fb_noscript=1″

      change to :

      meta http-equiv=refresh content=”0; URL=http://www.facebook.com?login_attempt=1&_fb_noscript=1″

  13. John says:

    Thats an nice idea.. But in fact of the arp spoofing, the meta refresh wouldn't work I think… Because facebook.com is pointing to us… 

  14. John says:

    But then the IP address shows up in the url bar… or I redirect to login2.php where is an iframe oder frame which includes http://<facebook ip>/login.php :D That could work… 
    Nevertheless I didn't use Cain & Abel. I do this at my linux router and use arpspoof/bind/apache. I need somthing like "if victim looks up facebook.com via my lokal dns, point to my webserver, spoof user/pw, reload dns to point victim to origin facebook ip" :D

  15. Rocker says:

    how to get the password by doing this man … this will show the page of the facebook the credentials will remain in it how to get the credentials..

  16. Pete says:

    Hey V4L! great tutorial. I just have one small question. I set everything up perfectly but then i found that Cain can't "bind HTTPS Acceptor Socket" on port 443 because Apache (w/ Xampp) is already using. Is there a way around this problem?

  17. jon says:

    Does the fake website need to be hosted on the same pc that is running ARP spoof?
    Thanks

  18. joey says:

    i am unable to download fb offline pages….plz give me a link

    Thanks

  19. chico says:

    doesnt work anymore with newest ca , firefox tells u that it s a fake

  20. Ulinx says:

    I have the same problem for download, there are only pages pub opens

  21. Dutchy007 says:

    I have everything setup, using Cain and abel to spoof the fake ip of the website, but were do the passwords go after you type something?

  22. Dutchy007 says:

    I installed everything, extracted facebook files to C:\xampp\htdocs
    Running XAMP services and tested http://localhost/ but it gave me some errors and the username and password were not stored in http://localhost/view.php
    Here is my error code

    Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\view.php on line 14

    Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\view.php on line 15
    Password From Login Page
    We've Got passwords.

    Id
    Username
    Password
    Date

    Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\view.php on line 28
    Password Error Login Page
    We've Got passwords. (I think they're trying harder to login)

    Id
    Username
    Password
    Date

    Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\view.php on line 47
     

  23. Rob says:

     
    Hey. Thanks for the scripts and the turtotial.
    I have som problem, when I try to show the view.php, it dosn't save anything. And I get following text:
    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/u251781940/public_html/view.php on line 14

    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/u251781940/public_html/view.php on line 15
    Password From Login Page
    We've Got passwords. 
    Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/u251781940/public_html/view.php on line 28

    Id
    Username
    Password
    Date

    Password Error Login Page
    We've Got passwords. (I think they're trying harder to login
    Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/u251781940/public_html/view.php on line 47

    Id
    Username
    Password
    Date

     
    Please help me :)

  24. Terima kasih sudah share :)  walau agak membingungkan…

  25. jale says:

    Hello, i can't see the downoad file, can somone link it or send it to my mail?
    greetings….

  26. dennis says:

    brow plz tell me…is this working in 2012 or no ???

  27. wnbeee says:

    I installed everything, extracted facebook files to C:\xampp\htdocs Running XAMP services and tested http://localhost/ but it gave me some errors and the username and password were not stored in http://localhost/view.php Here is my error code Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\view.php on line 14 Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\view.php on line 15 Password From Login Page We’ve Got passwords. Id Username Password Date Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\view.php on line 28 Password Error Login Page We’ve Got passwords. (I think they’re trying harder to login) Id Username Password Date Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\view.php on line 47

    Read more : http://www./computer-security/hacking-facebook-using-man-in-the-middle-attack/

    i have the same problem … and dont know what to do and how would i even fix that :) so would you be so good to tell us the solution?

  28. Russell says:

    How Do I set up username and password + choose db to store my logon user and pass please?

    Thanks Vishnu!!! You are the Best!!

  29. Jan says:

    I’ve let cain and abel collect some apr-https sessions and have a lot of “Cain’s HTTPS sniffer generated file”.
    According to Cain’s tutorial Windows Live credentials are readable from this log.
    I can’t see them.
    Do a must look for a hash and crack? I don’t know where to look..

  30. salina says:

    cn i do it on a laptop??..

  31. puppet says:

    i have successfully make it work on my laptop and now trying to make it accessible for the outside hosting server.. u can try access it from here.. mukabuku.no-ip.biz.. @v4l can u help me to change the username and passwrd to make it more real.. when i keyin the the username and passwrd..i need to delete the dotted first..

    Read more : http://www./computer-security/hacking-facebook-using-man-in-the-middle-attack/

  32. Ezcu says:

    Hey I need to get the password of a guy that annoyed my girlfriend but im too dumb to follow these steps just by pictures. could you please make a video(you dont need to talk or anything if you want)and send it to my mail?

    Thank you so much , you are a genius

  33. cross says:

    Error: Apache shutdown unexpectedly.
    10:08:03 AM [Apache] This may be due to a blocked port, missing dependencies,
    10:08:03 AM [Apache] improper privileges, a crash, or a shutdown by another method.
    10:08:03 AM [Apache] Check the “/xampp/apache/logs/error.log” file
    10:08:03 AM [Apache] and the Windows Event Viewer for more clues

    im getting these errors when i run apache can you please help me why this is happening…????
    im new to this..

    • v4L says:

      #cross
      maybe your port 80 was already used.
      if you in windows, you can check using netstat -an.
      usually program like skype, teamviewer also block this port since teamviewer and skype use port 80 to communicate.

  34. w174rd says:

    Thanks for your tutor..
    it’s work!!!

  35. underman says:

    mate please answer me this only works on lan?

  36. Shailesh Parmar says:

    www.fileden.com/files/2007/2/24/814034/update-1.rar

    is not opening…its says "The server at www.fileden.com is taking too long to respond."

    Please help

  37. Jerry says:

    ko vishnu, mau nanya dong, kalo di kosan gw pake https gmn ya?
    di kost ini ada proxy sendiri. portnya juga beda.
    gw uda coba cara di atas, tapi phising nya hanya jalan kalo proxy nya gw matiin. apa ga ada cara lain?
    thanks before. :)

    • v4L says:

      #Jerry

      kalau cain & abel sepertinya gak support port redirection, kalau di linux bisa pakai iptables.

      untuk windows mungkin bisa dicoba pakai ini: http://www./download/spi-port-forward-redirection-for-windows-to-another-port-ip-address/

      lalu nanti port destination nya disesuaikan sama port proxy-nya

  38. Pradumn Joshi says:

    hi,
    I am trying a dummy attack within a local network but with diff default gateway and subnet, is there anyway to connect to the other default gateway???
    Like i am in 172.24.75.5(ip) and gateway 172.24.75.1
    and the other’s
    1)172.24.45.49 and gateway is 172.24.45.1
    2)172.33.5.6 and gateway is 172.33.5.1

  39. Lukas R says:

    I would like to use this MITM attack not the new one, but the updated php file link doesnt work!

  40. Ger says:

    Could you please tell me how to download the fb.rar?
    It is telling me “Email not found or haven”t verified, please Sign Up your Email below” but I have subscribe and is verified.
    Do I need to wait a certain time?
    Thanks

  41. Gerard says:

    When you add a new redirection rule in the apr dns, what should the ip address be?
    If it should be of the localhost, how could you find out its ip address?
    Thanks

  42. Ger says:

    When I started apache, I had to change the configuration files because http://localhost/ wasn’t working, and now to access the localhost I have to add :812 (http://localhost:812).
    So how could I redirect the victom in apr dns to 168.160.1.110:812 instead of 168.169.1.110 only?? Because there is not enough space for the gate ( :812 ) in the apr dns!
    If this is impossible, what should I do to change the localhost to make it available as http://localhost/? Are there any tutorials?

  43. Abhijeet says:

    hi @v4l
    i m using c&a can u tell me how to redirect to original facebook page after the fake logins…
    i sounds real fishy if facebook is not responding
    i have tried redirecting using ip and it didn’t worked
    plzz help

  44. Arizky Revold says:

    you know that’s just like kyelogger ,

  45. farhan says:

    when i’m clicking the Start/Stop APRbutton then some description is comming dat Couldn’t bind HTTP acceptor socket

  46. Peter Krasinski says:

    I can’t download the Facebook offline page, It says I’m unsubscribed but I am.

  47. Kapil Patel says:

    the apache is not runnng….?? what to do. ?

  48. samyek says:

    ple help apache is not working i changed the port then also not working plz rply fast!!!!!

    • v4L says:

      @samyek
      other process use port 80
      you can see by run netstat -an
      or you can change apache listening port: http://stackoverflow.com/questions/3940909/configure-apache-to-listen-on-port-other-than-80

  49. marek says:

    help sirs.. im kinda using wampserver so those this tutorial makes a difference???
    i can see in the Cain that im already poisoning the Mac Addresses i desired but they cant load on the fake fb page..

  50. karumba says:

    This Method is still working ?

  51. Guest says:

    My localhost page (facebook) looks like this … this is not looking like real … What i can do now?

  52. Mudassir Sial says:

    my home page of facebook looks like this below in picture .. this is not looking like real facebook page what i can do now?

  53. takieddine says:

    but how can i find out that it works ??

  54. ImAnEthicalHacker says:

    I have been subscribed for over 18 hours now and won’t let me download. I did no use disposable email either. What should I do.

  55. Killer says:

    How to view the password and user name ..I could nt figure it out

Trackbacks/Pingbacks

  1. Internet Explorer 6,7,8 Zero Day Exploit November 2010 CVE-2010-3962(NetCat) | Vishnu Valentino - [...] 1. Create your own web server(For Windows user, you can use XAMPP). and copy the index.html in your htdocs/exploit/ …
  2. Break SSL Protection Using SSLStrip and Backtrack 5 | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] What is Man in the Middle Attack? I also have already write down about this in my previous post …
  3. 15 Step to Hacking Windows Using Social Engineering Toolkit and Backtrack 5 | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] this hacking method will works perfectly with DNS spoofing or Man in the Middle Attack method. Here in this …
  4. Hacking Windows 7 SP 1 Using Java Signed Applet Social Engineering Code Execution | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] it?someone can act as other person and started to sending malicious URL. (you can view here how to hack …
  5. Social Engineering Tabnabbing Attack + Ettercap Local DNS Poisoning | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] etc) when you open a website, stop your step there and close your browser and try to ping the …
  6. How to Hack Facebook Password Account | Vishnu Valentino Ethical Hacking Tutorial, Security Tips and Trick - [...] Actually I have already create the tutorial about Hacking facebook using man in the middle attack about one year …
  7. Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website | Vishnu Valentino Ethical Hacking Tutorial, Security Tips and Trick - [...] 2. Hacking Facebook Using Man in the Middle Attack [...]
  8. Hacking Facebook User with Social Engineering Method | Vishnu Valentino Ethical Hacking Tutorial, Security Tips and Trick - [...] 2. Hacking Facebook Using Man in the Middle Attack [...]

Leave a Reply

Your email address will not be published. Required fields are marked *