Skip to main content

Hacking Facebook Account Using Http Session Hijacking

What is Session Hijacking?
In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system.

FireSheep Tutorial for (http Session Hijacking)

Firesheep a Firefox addon has recently become very popular for easily carrying out a HTTP session hijacking attack. Http session hijacking attack can't be considered as a very sophisticated attack but needs some technical knowlegde to be performed . But Firesheep makes the attack a child's play. Firesheep was developed by Eric butler for Firefox, it was released at Toorcon 12 to demonstrate how serious cookie stealing can be.
Now lets understand how Firesheep actually works. When you provide your username and password in login forms of different website and submit it, the browser first encrypts the password and then sends it over the network. The corresponding website compares the information against its internal database and if they match, it sends a cookie(a small text file) to your browser. The browser saves this cookie and uses it to authenticate the user on the website every time the user opens a different page of the website. When the user logs out of his account the browser just deletes the cookie. Now the problem is that this cookies are not encrypted before sending over the network, due to this a hacker can capture this cookies and using them authenticate himself as the user from whom the cookie was stolen.
Now lets see how to use Firesheep.

Step 1) First download and install WinPcap (WinPcap in Windows is used for capturing network traffic.) You can use Pcap in libPcap library for unix like systems.


Step 2) Download and open Firesheep in Firefox, it will automatically install it. Or just drag it and place it over Firefox shortcut (Firesheep at this instant is not supporting Firefox 4 ).


Step 3) After it is installed, in Firefox go to View -->Sidebar --> Firesheep. A side bar will appear in the browser with a button "start capturing", press it and sit back. In few seconds you will see account details with photos of the target. Click on one of it and you will directly enter in his account. Simple as that.













Note:- Using Firesheep to hijack others account is illegal under wiretapping Act.

Comments

Post a Comment

Popular posts from this blog

How To Lock A Folder Using Command Prompt NO Extra Software Needed

How to lock a Folder using Command Prompt :- Command prompt is one of the most powerful application in windows OS. If you have knowledge about Command prompt means you have knowledge about Windows OS in proper way. If you are familiar with command, you can easily done your work on any windows OS with less effort. Today I am going to show you how easily you can lock a folder using command prompt in few commands and if you did same thing GUI, it will takes more effort. First open the command prompt ( start menu > cmd  ) with  Run as administrator .                                                                                                                 ...
Post a Comment
Read more

Reliance 3g Direct Trick With Unlimited Download By Tricks collector 4u

hello friends i m going to re post reliance direct trick working fine do that settings:-  Apn:-Smartwap proxys:- 1.Vod.rcom.co.in 2. 220.226.186.28 3. m.twitter.com port:-80 there is no homepage save the settings and enjoyyyy if u like my posts then plzzz like myy page :-  ( https://m.facebook.com/trickscollector4u?view=page ) ‪#‎ Admin‬   Akash raj
Post a Comment
Read more

Airtel New High Speed Proxy Trick September, October 2014

Hi frendzzz... i m Akash Raj its a default proxy trick make settings... NAME - TRICKS COLLECTOR 4 U APN - AIRTELGPRS.COM PORT - 80 proxy - zombie.proxywebproxy.info done ... open airtellive.com... and u see a box down enter your url and happy surfing Note :- Use in 150mb/day limit otherwise ur sim get Blocked.... Join us on Facebook Page:-  TRICKS COLLECTOR 4 U
Post a Comment
Read more