Before i take you to the main point, let's understand Man in the Middle Attack.
So What is Man in the Middle Attack?
An attack where a user gets between the sender and receiver of information and sniffs any information being sent. In some cases, users may be sending unencrypted data, which means the man-in-the-middle (MITM) can obtain any unencrypted information. In other cases, a user may be able to obtain information from the attack, but have to unencrypt the information before it can be read. In the picture below is an example of how a man-in-the-middle attack works. The attacker intercepts some or all traffic coming from the computer, collects the data, and then forwards it to the destination the user was originally intending to visit.
1. XAMPP–APACHE PHP MySQL
2. Cain & Abel (We use it for Man in the Middle Attack).
3. Facebook Offline Page (I have nulled the code, so this script will not contact Facebook when victim accessed fake Facebook page Download Facebook Offline Page
Update: Replace your index.php and login.php using following files. Download Here
Step by step Hacking Facebook Using Man in the Middle Attack
I assume you’re in a Local Area Network now.
1. Install the XAMPP and run the APACHE and MySQL service
2. Extract the fb.rar and copy the content to C:\xampp\htdocs
3. Check the fake web server by open it in a web browser and type http://localhost/
4. Install Cain & Abel and do the APR (ARP Poisoning Routing), just see the step by step how to below Click the start/stop sniffer Choose your interface for sniffing and click OK. When it’s finish, click again the Start/Stop Sniffer to activate the sniffing interface. Go to the Sniffer tab and then click the Select "All hosts in my subnet" and Click OK.
You will see the other people in your network, but your target is XXX.XXX.XXX.62 After we got all of the information, click at the bottom of application the APR tab. Click the button, and follow the instruction below.
When you finish, now the next step is preparing to redirect thefacebook.com page to the fake web server. Click "APRDNS" and click to add the new redirecting rule. When everything is finish, just click OK Then the next step is to activate the APR by clicking the Start/Stop APR button.
5. Now Hacking Facebook using MITM has been activated. This is how it looks like when victim open http://www.facebook.com
6. But if you ping the domain name, you can reveal that it’s fake, because the address is IP of the attacker.
So What is Man in the Middle Attack?
An attack where a user gets between the sender and receiver of information and sniffs any information being sent. In some cases, users may be sending unencrypted data, which means the man-in-the-middle (MITM) can obtain any unencrypted information. In other cases, a user may be able to obtain information from the attack, but have to unencrypt the information before it can be read. In the picture below is an example of how a man-in-the-middle attack works. The attacker intercepts some or all traffic coming from the computer, collects the data, and then forwards it to the destination the user was originally intending to visit.
Read Also Seven Most Common Password Cracking Methods And Their CountermeasuresIn this tutorial Hacking Facebook Using Man in the Middle Attack I will demonstrate how to hack Facebook using MITM (Man in the Middle). This attack usually happen inside a Local Area Network (LAN) in office, internet cafe, apartment and so on. Below is the step by step guide how MITM work, and how it can be happen to do hacking a Facebook account. In this guide, the attacker act as the third person attacker will manipulate the switch routing table so the victim will think that attacker is a Web server and vice versa, because the attacker has changed the routing table. For this tutorial we need to prepare the tools to do Proof of Concept about this tutorial. Below are some tools you need to download.
1. XAMPP–APACHE PHP MySQL
2. Cain & Abel (We use it for Man in the Middle Attack).
3. Facebook Offline Page (I have nulled the code, so this script will not contact Facebook when victim accessed fake Facebook page Download Facebook Offline Page
Update: Replace your index.php and login.php using following files. Download Here
Step by step Hacking Facebook Using Man in the Middle Attack
Attacker IP Address: XXX.XXX.XXX.XXX
Victim IP Address: XXX.XXX.XXX.62
Note: For Security reasons, i can't type my IP Address So, you need to replace the X with your own IP and your victim's as well.Fake Web Server: XXX.XXX.XXX.XXX
I assume you’re in a Local Area Network now.
1. Install the XAMPP and run the APACHE and MySQL service
2. Extract the fb.rar and copy the content to C:\xampp\htdocs
3. Check the fake web server by open it in a web browser and type http://localhost/
4. Install Cain & Abel and do the APR (ARP Poisoning Routing), just see the step by step how to below Click the start/stop sniffer Choose your interface for sniffing and click OK. When it’s finish, click again the Start/Stop Sniffer to activate the sniffing interface. Go to the Sniffer tab and then click the Select "All hosts in my subnet" and Click OK.
You will see the other people in your network, but your target is XXX.XXX.XXX.62 After we got all of the information, click at the bottom of application the APR tab. Click the button, and follow the instruction below.
When you finish, now the next step is preparing to redirect thefacebook.com page to the fake web server. Click "APRDNS" and click to add the new redirecting rule. When everything is finish, just click OK Then the next step is to activate the APR by clicking the Start/Stop APR button.
5. Now Hacking Facebook using MITM has been activated. This is how it looks like when victim open http://www.facebook.com
6. But if you ping the domain name, you can reveal that it’s fake, because the address is IP of the attacker.
Love this article?Share it with your friends on Facebook