DIR Return Create A Forum - Home
---------------------------------------------------------
Enigma computing
HTML https://enigma.createaforum.com
---------------------------------------------------------
*****************************************************
DIR Return to: .EXE
*****************************************************
#Post#: 6--------------------------------------------------
WIRESHARK - packet sniffer
By: sgtbraders Date: October 17, 2011, 11:42 am
---------------------------------------------------------
This is the best and easiest way of hacking anything that is not
https,
But it only works when you are on the network that the victim is
on, and they must be online and on the website.
How to do it:
Wireshark is the best free packet sniffer software available
today. Actually, it was developed for making a network secure.
But, the same software is now used by hackers to test for
vulnerability and security loopholes in the network and to
attack the network accordingly. Cookie stealing being one of the
types of hacks implemented using this Wireshark software.
Below, I have listed steps on how to capture Facebook cookies.
This will help you to know how Wireshark can be used to sniff
packets and capture cookies.
1. Download
HTML http://www.ziddu.com/download/14096389/WIRESHARK_by_techotoys.blogspot.com.rar.html
The password for the RAR file is techotoys.blogspot.com
2. Install and run this Wireshark application. Go to Capture ->
Interface to see all the interfaces to your computer. Select the
interface (usually LAN) and hit on Start so that Wireshark will
start capturing all the packets on this interface.
Note: You can sniff your own packets by selecting your local
interface.
3. You will see all the packets captured by Wireshark on the
interface.
4. Now, if you wanna capture Facebook cookies, enter:
http.cookie contains “datr” in Filter textbox and hit on Enter.
Wireshark will filter all the packets as shown:
Note: If your “Filter” box turns red after pasting the above
code in it, please type the code manually in the Filter box. The
red issue will be fixed. I guess the issue is caused due to
double quote present just before datr. Please correct it. Thanks
to hacker2012 for this feedback via comments.
5. Now, look for packet with info “GET/HTTP/1.1″. Right
click -> Copy -> Bytes(Printable Text Only). In this step you
have successfully copied all the contents of victim Facebook
account cookie. Now, its time for injecting this copied or
stolen cookie in your own browser so that you can hack victim
facebook account.
Then:
Now, once you have successfully captured your victim cookies,
you have inject those cookies in your browser. This job is done
using Cookie injecting tool. Also, in certain cases after
injection, you need to edit cookies which can be done by Cookie
editing tool. This cookie injection/editing can be done using
simple Firefox addons Add N Edit Cookies and Greasemonkey
scripts.
Drawbacks of Cookie Stealing:
Cookie Stealing is neglected because it has some serious
drawbacks:
1. Cookie has an expiry time i.e. after certain trigger cookie
expires and you cannot use it to hijack victim session. Cookie
expiry is implemented in two ways:
a. By assigning specific timestamp(helpful for us).
b. By checking for triggers like user exiting from webbrowser.
So, in such cases, whenever user exits from his browser, his
cookie expires and our captured cookie becomes useless.
2. Cookie stealing becomes useless in SSL encrypted environment
i.e. for https (Secure HTTP) links. But, most Email accounts and
social networking sites rarely use https unless vicitm has
manually set https as mandatory connection type.
3. Also, most cookies expire once victim hits on LogOut button.
So, you have to implement this Cookie stealing hack while user
is logged in. But, I think this is not such a serious drawback
because most of us have the habit of checking “Remember Me”. So,
very few people actually log out of their accounts on their PCs.
------
sgtbraders ;D
*****************************************************