There are more than a billion users on Facebook and millions of them use facebook on a daily basis. Most people use facebook more as a daily journal than as a social networking. They share everything on facebook from what they’re eating, how they’re feeling, places they visited to their relationship status. And therefore a hacker can gain almost any information if he can comprise someone’s facebook account.
Because of the vast information a hacker can get by hacking a facebook account, they search for more and more ways to hack a facebook account. Some hacking methods are really advanced and requires a hacking background while some are so simple that you can hack a facebook account in a minute. But not all those hacking methods work on everyone.
Facebook is a large company and spends millions of dollars on improving its security. Also many white hat hackers around the world report security vulnerabilities to Facebook in order to receive bounties. Despite all the efforts from Facebook there are still many ways you can hack someone’s facebook account.
Remember, these are the methods to hack a facebook ACCOUNT but not FACEBOOK.
You don’t have to be a professional hacker to hack into someone’s Facebook account. There are tools you can use to hack. But not the ones you’re thinking where you can input a facebook username, click “HACK IT” and get the password. Those facebook hacking tool will hack facebook account but YOURS! So beware and don’t download any facebook hacking tools on the internet.
Here are 5 ways how you can hack a facebook account.
In this method we’ll use a key-logging software and install it on our victim’s computer. What this software does is record every keystroke the victim types on his or her computer and sends those keystroke back to us via FTP or directly to our email address. The keylogger runs in a stealth mode and the victim won’t be able to notice it.
First we need to install a keylogger and create a executable file. And then we’ll need to send to our victim through emails or whatever means you choose. Once the victim runs that file, the keylogger will start and run in the background. So whenever our victim types his facebook login credential the key-logging software will record it and email it to us.
Here’s a complete tutorial on how to hack a facebook account using WinSpy keylogger.
This is one of the easiest ways to hack a facebook account.
Remember when you log in to your facebook account, the browser asks you if you want to save the password or not?
Most users do save the password if they use facebook on their personal computer as they don’t have to enter the password every time they want to use Facebook.
Those passwords are actually saved in a clear text format and anyone who can access that computer can easily get the password.
Phishing is a type of social engineering attack and is one of the most common ways to hack a facebook account. Unlike the above two hacking methods, in this method you don’t have to have interaction with the victim and can hack any facebook account anywhere in the world.
In phishing attack, we create a fake facebook log-in page and manipulate our victim to login through that phishing page. Once the victim logs in through that phishing page, his or her facebook username and password will be stored in a file which we can access to see the victim’s password.
See Also : How To Create A Facebook Phishing Page
There are many ways we can manipulate our victim to login through our phishing page. Sending the link to the phishing page through emails, Host File Poisoning, DNS spoofing, etc are some of the examples.
Here are 3 different types of Phishing attacks
a. Host File Poisoning
In this Phishing Attack, we’ll manipulate the HOST FILE in the victim’s computer to redirect the victim to OUR PHISHING PAGE.
There’s a file named “HOSTS” located at C:\Windows\System32\drivers\etc. Host file is a system file used by the operating system to map the host names with their respective IP address. Say for instance, when a user types in www.facebook.com on a browser, the host file is checked for it’s respective IP address. When it is not found, only then the request is handled by the DNS server which translates the hosts name in the IP address and redirects the request to the corresponding server
Our objective is to change the HOSTS file on the victim’s computer so that whenever the victim tries to visit facebook he or she will be redirected to our Phishing Page.
In this Phishing Attack, we’ll create a fake Facebook Login page which we’ll host it our local server. To perform this phishing attack, we’ll need a software called XAMPP through which we’ll host our facebook phishing page.
After that, we can either change the host file on our victim’s computer to redirect to our phishing page or change the DNS setting in the router or even directly send the link to our phishing page.
In this Facebook Phishing Attack, we’ll create a fake Facebook Login page which we’ll host it on a web server and then manipulate our victims to visit the Facebook phishing page.
Unlike other phishing attack, in this attack the we don’t need to have access to victim’s computer nor be connected to the same network as the victim.
Once we’ve created a phishing page and hosted it on a web server, we can then send the link to our victim through emails. If the victim is on our network then we can also manipulate their host file or even manipulate the DNS on the router.
See Also : How to create a phishing email.
Here’s a very good example of a phishing email.
4. Cookie Stealing
In this facebook hacking method we’ll use a packet sniffing tool called wireshark to capture Cookies of our victim. After capturing the cookies we’ll inject it into our browser through various plugins and when we refresh the page we’ll be logged into our victim’s facebook account. But whenever the victim logs out we’ll no longer be able to access his or her account.
5. Stealing Password
In this hacking method, we’ll use a tool called Cain & Abel to steal our victim’s facebook password. You can also use Wireshark or ettercap on linux.
To perform this attack we must be on the same network as our victim so that we can place ourself in between our victim and the server and capture all the traffic between them. This method is called Man In the middle attack and can be performed by Cain & Abel.
Whenever the victim logs into his account, we’ll capture his username and password.
But since facebook runs on HTTPS connection, even though we capture all the traffic between our victim and the server we won’t be able to understand it. Therefore, we’ll need another tool called SSLStrip (available only on Linux) to force our victim to browse facebook on HTTP connection.