CardingMafia Admin
12-29-2012, 10:05 PM
Well hello, this is my first tutorial so give me some slack.
There are probably a few of these methods on this site. It may not be hackers favorite because the slave must be on FB and the hacker must be in the same network. This may work on other site, you just have to test it out. I have tested FB and Youtube, and BOTH work with this method!!
Now first you need a few pieces of software:
http://www.oxid.it/downloads/ca_setup.exe
http://www.wireshark.org/download.html
Cookie Manager:
https://chrome.google.com/webstore/detail/edit-this-cookie/fngmhnnpilhplaeedifhccceomclgfbg
https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/
Now you have all the required software, we can start hijacking.
--
Step 1:
Open up Cain and Abel and click on Sniffer, then activate the sniffer by clicking the button the arrow points to.
http://imageshack.us/a/img819/7475/41061672.jpg
Then you have to add the host to your list. To do this click the cross in the top of the program and hit ok. After this you should get All the IP's in the network. If you wish you can right click them and select "Resolve HostName" to get the computers name so it is easier to tell which computer is which. It does not always work but can be helpful in targeted attacks.
http://imageshack.us/a/img694/7142/42484793.jpg
Step 2:
Now that we have the IP's you can start APR Poisoning. To do this in the bottom of the sniffer page select "APR" with the radiation symbol. Click in the top box then hit the same cross you hit earlier. This time a new window opens up. Now in the first box in the left select the Routers IP or default Gateway. In the second box on the Right select the computer that you wanted to get the Facebook from.
http://imageshack.us/a/img231/9303/23399294.jpg
Then click the Radiation symbol at the top right next to the same button you clicked to activate the sniffer. This will activate the poisoning, you should now see it saying "Poisoning" next to the IP.
--
Step 3:
Now on to taking the cookies. This is where the WireShark starts so open WireShark. Now up in the tool bar in the top of the window click the first Icon to select the correct interface. This will list multiple interfaces on the computer, select the IP that is your IP and usually the one with higher packets in and out and click "Start".
http://imageshack.us/a/img841/8413/37518345.jpg
Now it will start monitoring all packets going through your computer. This is good, but try not to use your computer during this or you may end up using your own computers session instead of the victims. Now there is not really any time set that you need to do this. You just need to wait for them to refresh the website. Once you think they have refreshed the page continue to Step 4!
--
Step 4:
Now that you have the packets, you can stop both the APR Poisoning and the WireShark (DO NOT CLOSE WIRESHARK). In WireShark you now can filter out the cookies to make it easier to find what we need. To do this in the textbox near the top of the page on the left type in "http.cookie" and hit apply or enter.
http://imageshack.us/a/img811/6246/97828660.jpg
Here is the tricky part. Now you need to find the packet with the login cookie. This for me was the last one because I stopped it as soon as the page reloaded. To get to the cookie what you need to do is select the packet and in the window at the bottom click the plus sign by the "HyperText Transfer Protocol" and look in that section for the word "Cookie: " (Usually it has the word "[truncated]" at the beginning). Now right click this line and select "Copy" then "Value" and paste it into Notepad. This is because everything is in one line and confusing. To make it easier what you do is every time there is a "; " hit enter. The "; " means the end of that section of the cookie.
Now you will have something like this
user=25425420;
pass=14254520;
id=205001;
Now the first part before the "=" is the name. The second part after the "=" is the content. And if you want to you can remove the "; " because this will need to be removed anyway. This is important to know for later on!!
Each site uses a different cookie layout. I have a small table below.
Youtube:
Spoiler (Click to Hide)
wide_exp=
VISITOR_INFO1_LIVE=
use_hitbox=
__utma=
__utmb=
__utmc=
__utmz=
SID=
HSID=
APISID=
LOGIN_INFO=
PREF=
Facebook:
Spoiler (Click to Hide)
To come
After all of it is formatted for easy use continue.
--
Step 5:
Now depending on what browser you have it may differ a little. I will go through both browsers I have.
FireFox:
Spoiler (Click to Hide)
Here is where you use the addon you were supposed to install earlier. Now open up "Cookie Manager+". Now add each line from the text document from earlier. For the End use "End at Session" instead of "Date".
If the name already exist change what is in it into what was in the text document.
Chrome:
Spoiler (Click to Hide)
To Come
--
Step 6:
Now just refresh the page and if it worked you should now be logged into the users account. Now you can do anything you want, Change email/pass and take over the account, or what ever you want. This can be a pretty good way to spread your virus and links, by doing this to multiple account it can give you a lot of people that will see your links thinking it is the real owner of the account.
--
OK Well there you go. I hope you liked this and it helped you out. This is really good, but only down side is no password is given, just the account and that you need to be in their network. What I have done is just WEP crack all the WiFi's in my area and do this attack.
If i missed something tell me so I can fix it. Also if you liked it please post a Thanks!! I will be getting new better pics, these were just made quickly.
I found this video using this same method, It was not my video.
http://www.youtube.com/watch?v=gWNF0NHIs-Q&feature=player_embedded
There are probably a few of these methods on this site. It may not be hackers favorite because the slave must be on FB and the hacker must be in the same network. This may work on other site, you just have to test it out. I have tested FB and Youtube, and BOTH work with this method!!
Now first you need a few pieces of software:
http://www.oxid.it/downloads/ca_setup.exe
http://www.wireshark.org/download.html
Cookie Manager:
https://chrome.google.com/webstore/detail/edit-this-cookie/fngmhnnpilhplaeedifhccceomclgfbg
https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/
Now you have all the required software, we can start hijacking.
--
Step 1:
Open up Cain and Abel and click on Sniffer, then activate the sniffer by clicking the button the arrow points to.
http://imageshack.us/a/img819/7475/41061672.jpg
Then you have to add the host to your list. To do this click the cross in the top of the program and hit ok. After this you should get All the IP's in the network. If you wish you can right click them and select "Resolve HostName" to get the computers name so it is easier to tell which computer is which. It does not always work but can be helpful in targeted attacks.
http://imageshack.us/a/img694/7142/42484793.jpg
Step 2:
Now that we have the IP's you can start APR Poisoning. To do this in the bottom of the sniffer page select "APR" with the radiation symbol. Click in the top box then hit the same cross you hit earlier. This time a new window opens up. Now in the first box in the left select the Routers IP or default Gateway. In the second box on the Right select the computer that you wanted to get the Facebook from.
http://imageshack.us/a/img231/9303/23399294.jpg
Then click the Radiation symbol at the top right next to the same button you clicked to activate the sniffer. This will activate the poisoning, you should now see it saying "Poisoning" next to the IP.
--
Step 3:
Now on to taking the cookies. This is where the WireShark starts so open WireShark. Now up in the tool bar in the top of the window click the first Icon to select the correct interface. This will list multiple interfaces on the computer, select the IP that is your IP and usually the one with higher packets in and out and click "Start".
http://imageshack.us/a/img841/8413/37518345.jpg
Now it will start monitoring all packets going through your computer. This is good, but try not to use your computer during this or you may end up using your own computers session instead of the victims. Now there is not really any time set that you need to do this. You just need to wait for them to refresh the website. Once you think they have refreshed the page continue to Step 4!
--
Step 4:
Now that you have the packets, you can stop both the APR Poisoning and the WireShark (DO NOT CLOSE WIRESHARK). In WireShark you now can filter out the cookies to make it easier to find what we need. To do this in the textbox near the top of the page on the left type in "http.cookie" and hit apply or enter.
http://imageshack.us/a/img811/6246/97828660.jpg
Here is the tricky part. Now you need to find the packet with the login cookie. This for me was the last one because I stopped it as soon as the page reloaded. To get to the cookie what you need to do is select the packet and in the window at the bottom click the plus sign by the "HyperText Transfer Protocol" and look in that section for the word "Cookie: " (Usually it has the word "[truncated]" at the beginning). Now right click this line and select "Copy" then "Value" and paste it into Notepad. This is because everything is in one line and confusing. To make it easier what you do is every time there is a "; " hit enter. The "; " means the end of that section of the cookie.
Now you will have something like this
user=25425420;
pass=14254520;
id=205001;
Now the first part before the "=" is the name. The second part after the "=" is the content. And if you want to you can remove the "; " because this will need to be removed anyway. This is important to know for later on!!
Each site uses a different cookie layout. I have a small table below.
Youtube:
Spoiler (Click to Hide)
wide_exp=
VISITOR_INFO1_LIVE=
use_hitbox=
__utma=
__utmb=
__utmc=
__utmz=
SID=
HSID=
APISID=
LOGIN_INFO=
PREF=
Facebook:
Spoiler (Click to Hide)
To come
After all of it is formatted for easy use continue.
--
Step 5:
Now depending on what browser you have it may differ a little. I will go through both browsers I have.
FireFox:
Spoiler (Click to Hide)
Here is where you use the addon you were supposed to install earlier. Now open up "Cookie Manager+". Now add each line from the text document from earlier. For the End use "End at Session" instead of "Date".
If the name already exist change what is in it into what was in the text document.
Chrome:
Spoiler (Click to Hide)
To Come
--
Step 6:
Now just refresh the page and if it worked you should now be logged into the users account. Now you can do anything you want, Change email/pass and take over the account, or what ever you want. This can be a pretty good way to spread your virus and links, by doing this to multiple account it can give you a lot of people that will see your links thinking it is the real owner of the account.
--
OK Well there you go. I hope you liked this and it helped you out. This is really good, but only down side is no password is given, just the account and that you need to be in their network. What I have done is just WEP crack all the WiFi's in my area and do this attack.
If i missed something tell me so I can fix it. Also if you liked it please post a Thanks!! I will be getting new better pics, these were just made quickly.
I found this video using this same method, It was not my video.
http://www.youtube.com/watch?v=gWNF0NHIs-Q&feature=player_embedded