How to hack Facebook Account ? | Tabnabbing.
My intension of posting an article on such a title is not to harm anyone nor bring down the reputation of the concern services or promote black hat rather I want to aware the users of such a threat they can encounter and for educational purposes.
I recommend readers if they abide by the blog's Disclaimer then they can proceed reading this post otherwise leave this page immediately.
Facebook is one of the most hyped and widely used social networking site these days.So,attackers always look out for profiles where they can post there spam message,advertise etc.So here in this post I will use a phishing technique called as "Tabnabbing" brought out by Aza Raskin.If you are new to it you can follow my earlier post on Tabnabbing.Keeping in mind that you know what is "Phishing" and how it is done so,lets start.....
Requirements:
1.One should know how Phishing is carried out if not (Read here)
2.Should have a free hosting account(t35.com /110mb.com / yourfreehosting.com etc)
3.Need two codes of java script on Tabnabbing download (Here).
Procedure:
Step 1.I assume that you have made the fake login page of facebook and the required .php file needed for it.If you do not know how to do it (Read here).
Note:In the .php code if the redirect url is the main login page of Facebook(http://www.facebook.com) then a warning message may be flashed after logging into the fake page to reset the password.So,the attacker may have used a different link there, you can try with this "http://www.facebook.com/careers/?ref=pf" instead of "http://www.facebook.com" Look the screen shot below to get the whole idea.
Now upload the fake page and the .php file to the free web hosting account.
I recommend readers if they abide by the blog's Disclaimer then they can proceed reading this post otherwise leave this page immediately.
Facebook is one of the most hyped and widely used social networking site these days.So,attackers always look out for profiles where they can post there spam message,advertise etc.So here in this post I will use a phishing technique called as "Tabnabbing" brought out by Aza Raskin.If you are new to it you can follow my earlier post on Tabnabbing.Keeping in mind that you know what is "Phishing" and how it is done so,lets start.....
Requirements:
1.One should know how Phishing is carried out if not (Read here)
2.Should have a free hosting account(t35.com /110mb.com / yourfreehosting.com etc)
3.Need two codes of java script on Tabnabbing download (Here).
Procedure:
Step 1.I assume that you have made the fake login page of facebook and the required .php file needed for it.If you do not know how to do it (Read here).
Note:In the .php code if the redirect url is the main login page of Facebook(http://www.facebook.com) then a warning message may be flashed after logging into the fake page to reset the password.So,the attacker may have used a different link there, you can try with this "http://www.facebook.com/careers/?ref=pf" instead of "http://www.facebook.com" Look the screen shot below to get the whole idea.
Now upload the fake page and the .php file to the free web hosting account.
Step 2.Having done with the fake page and .php file ,now use a standard webpage like "http://www.google.com" or "http://www.bing.com" save the source code of it in a text file.
Step 3.Download the code in the requirement part and open "Bgattack.js Injecting COde.txt" and copy the content.Now open the file in step 2.and find (use ctrl+f) first and put the copied content above it then save and upload the web page to the free web host account.
Step 3.Download the code in the requirement part and open "Bgattack.js Injecting COde.txt" and copy the content.Now open the file in step 2.and find (use ctrl+f) first and put the copied content above it then save and upload the web page to the free web host account.
Step 4.Now open "bgattack.js" and find(use ctrl +f) "window.location = '' " as shown below,remove it and replace with the fake page url then save and upload the file to the free web host account.
Step 5.See the screen shot below,your free web hosting account should look similar to this.
Click on the url of the standard webpage and open few tabs and see the change.Now the whole process is complete..... :)
I have made a Demo you can check it (HERE).Click on it and open 3-4 tabs and see the magic.I mean you will see a facebook login page, you can enter few trail words in the login field and see those words (HERE)
If you find this post worth reading then do drop a comment,it will be appreciated.
Step 5.See the screen shot below,your free web hosting account should look similar to this.
Click on the url of the standard webpage and open few tabs and see the change.Now the whole process is complete..... :)
I have made a Demo you can check it (HERE).Click on it and open 3-4 tabs and see the magic.I mean you will see a facebook login page, you can enter few trail words in the login field and see those words (HERE)
If you find this post worth reading then do drop a comment,it will be appreciated.
Comments
Post a Comment