How your Facebook account can be hacked or compromised?
Welcome to the awareness tutorial. Nowadays everybody wants to know how a Facebook account can be hacked or compromised by a hacker, how to perform an SSL strip attack, how to do the MITM attack. Keep in mind that technology changes every day, for digital knowledge enhancement you just need to keep yourself up to date every section of computer security. Today I will show how can be your Facebook account may compromise using some tricks and methodology by the bad guys. Here what I mentioned below that is only possible within the same network. You will need to know about the ettercap and sslstrip. No problem if you do not know about that.
Step by step procedure to prevent a Facebook account
I will show the process step by step, how bad guys perform attacks, and what necessary steps need to take to keep your Facebook account safe from hackers. Once again I am mentioning here that this process works (a hacker can do this) only within the same network (LAN). The alternative name of this attack is SSL attack but this method is mostly known as the man in the middle attack. Not only Facebook but also they can hack many other types of accounts of victims, which he/she browse from his/her computer/laptop/mobile on the same network. If you can grab this one then I hope you can do the rest all using this SSL attack or Man in the Middle attack (MITM) and keep yourself safe from getting hacked. This is the way how a Facebook account can be hacked or compromised by a hacker.
Now you have to believe that Facebook accounts can be hacked.
“Facebook hacking” is just not an easy way to do it, they just make a trap and force you to go through that trap. If I can hack Facebook account in a real way then I should be an employee of Facebook not here to write this tutorial. I might be there in California’s Facebook head office :). But you have to be tricky so then you can do some fruitful practical and make yourself aware to prevent yourself. There are many ways of tricky. You may hear about phishing, social engineering, bee key logger, and many more methods.
How the Man in the Middle attack works ( SSL Hacking)?
In the beginning, I just mentioned that most of the time this method is used to hack someone’s account by sniffing traffic and packet. Now the question is how this method works? By using this method the attacker makes a new connection and forces the users to work through his/her trap. While the victim sends packets then it directly goes through the attacker channel/trap and requests acknowledge come back in the same way ( back means response from the server) and in the meantime, the attacker automatically gets your info by sniffing the traffic. Sometimes the information the hacker gets may be encrypted or plaintext, It depends on network security and SSL, HTTPS protocol.
** This method works only within the Local Area Network (LAN).
Caution: This is only for learning purposes and making people aware to keep themselves safe, if anybody misuses this and does harm to others then I will not be reliable for that. So do everything at your own risk.
So let’s see the process of how a Facebook account gets compromised.
Using the right protocol to prevent hacking
Some important information:
Generally, we use two types of connection through browser traffic 1.HTTP (Hypertext transfer protocol), 2. HTTPS (Hypertext transfer protocol secure).
HTTP protocol transfers data through the channel in plain text. That means the HTTP protocol just uses plain text with no kind of encryption. But HTTPS uses the encryption method which encrypts the plain texts to ciphertexts. That means it encodes the original given data and transfers it through the channel in another format so that the MITM attacker can not understand the packet. If the tracker is able to track the packet he will see just encrypted text and without any meaningful information. So for this process, he must have to force the target people to visit the Facebook site through HTTP protocol, not HTTPS protocol. But Facebook uses the HTTPS protocol. If you look in the address bar you can see a green sign on the left side like the picture given below.
So to force the victim to visit Facebook using the HTTP only they need software called SSL Strip. We will use an SSL strip to force the victim to visit Facebook using HTTP. If you do not use HTTPS protocol then the Facebook account can be hacked or compromised by a hacker.
How hackers hack a Facebook account by making users fool!
For this man in the middle attack, they use two software.
- SSL Strip ( For downloading this software please search on google or you will get it free with Kali Linux).
- Ettercap ( For downloading this software please search on google or you will get it free with Kali Linux).
Here I will show the process in the windows based operating system. But you can easily do it using another operating system like Kali Linux, Ubuntu, RedHat, fedora, Qubes OS, Blackarch, and many more.
So let’s start knowing the process of hacking and make self-defense.
Open the SSL strip software and go to the SSL Strip tab section and then click on the Auto Check button.
Now come back to SSL Strip software and click on scan. Here you will see the IP address of that user/visitor from the same network. You have to select the target/victim IP from here. The victim/target must be needed to be connected. After that select the victim/target IP address and click on the open button.
Now open the Ettercap software and go to the sniff tab. After that select, your network interfaces there and click on the ok button.
Here I have selected eth0 because I am using the internet through ethernet port 0 using rj45 connector through the same LAN (Same network).
Now select the host tab and then select a scan for scanning the IP addresses. After that just click on the host list and you will be able to see the router and other connected devices’ IP and MAC address. Now select your router IP as target 1 and then the victim IP as target 2.
After that, it will prompt you to ask which type of attack you want to perform. You have to select MITM and after that again select the ARP (Address Resolution Protocol) and click on ok.
Now it will start sniffing and then you have to wait for the victim/target when he will visit Facebook or another site. Then you will see the username and password in plain text in your sniffing tool. In this way, you can information on Gmail, email of any other account of the victim.
I hope you enjoyed this and learned about HTTSP security and the necessity of it. If you fetch any problems just leave your comments. I will try to help you with your learning. Enjoy it, Happy defense. 🙂 So then you know that the Facebook account can be hacked or compromised by a hacker and ways to prevent it.
- This method does not ensure that you can hack the Facebook of anyone in your LAN. If the victim has two-step verification then this method will not work. Please do not blame me for your failure.
- Sometimes you just need to be tricky to do some works, you should not always depend on this to be a success. This process is only for learning purposes and self-defense not to teach you to hack someone’s account illegally.
- Now I hope it is very clear to you that the Facebook account can be hacked or compromised by a hacker. And to prevent that you know the procedure.