How to hack Facebook Account ? | Tabnabbing.

My intension of posting an article on such a title is not to harm anyone nor bring down the reputation of the concern services or promote black hat rather I want to aware the users of such a threat they can encounter and for educational purposes.
I recommend readers if they abide by the blog's Disclaimer then they can proceed reading this post otherwise leave this page immediately.
Facebook is one of the most hyped and widely used social networking site these days.So,attackers always look out for profiles where they can post there spam message,advertise etc.So here in this post I will use a phishing technique called as "Tabnabbing" brought out by Aza Raskin.If you are new to it you can follow my earlier post on Tabnabbing.Keeping in mind that you know what is "Phishing" and how it is done so,lets start.....

Requirements:

1.One should know how Phishing is carried out if not (Read here)
2.Should have a free hosting account(t35.com /110mb.com / yourfreehosting.com etc)
3.Need two codes of java script on Tabnabbing download (Here).

Procedure:

Step 1.I assume that you have made the fake login page of facebook and the required .php file needed for it.If you do not know how to do it (Read here).

Note:In the .php code if the redirect url is the main login page of Facebook(http://www.facebook.com) then a warning message may be flashed after logging into the fake page to reset the password.So,the attacker may have used a different link there, you can try with this "http://www.facebook.com/careers/?ref=pf" instead of "http://www.facebook.com" Look the screen shot below to get the whole idea.
(Click on the image to zoom it)
Now upload the fake page and the .php file to the free web hosting account.

Step 2.Having done with the fake page and .php file ,now use a standard webpage like "http://www.google.com" or "http://www.bing.com" save the source code of it in a text file.

Step 3.Download the code in the requirement part and open "Bgattack.js Injecting COde.txt" and copy the content.Now open the file in step 2.and find (use ctrl+f) first <style.......... > and put the copied content above it then save and upload the web page to the free web host account.
(Click on the image to zoom it)
Step 4.Now open "bgattack.js" and find(use ctrl +f)  "window.location = '<Ur Fake Page URL>' " as shown below,remove it and replace with the fake page url then save and upload the file to the free web host account.
(Click on the image to zoom it)
Step 5.See the screen shot below,your free web hosting account should look similar to this.
(Click on the image to zoom it)
Click on the url of the standard webpage and open few tabs and see the change.Now the whole process is complete..... :)

I have made a Demo you can check it (HERE).Click on it and open 3-4 tabs and see the magic.I mean you will see a facebook login page, you can enter few trail words in the login field and see those words (HERE)

If you find this post worth reading then do drop a comment,it will be appreciated.
Suggest Article

Subscribe to Posts....

Enter your Email-ID and get "Security Tips and Hacking Tutorials"alert in your inbox,we promise to keep your email private and safe.

comment 23 comments:

Satyajit (Admins,a.k.a Satosys) said...

Friend I request you to give your real name rather than keywords because it may lead to rejection of comment....

yeah you can surely try it...but i suggest you to do it for educational purposes rather than trying on others.... :)

Anonymous said...

what do you mean by clicking on the url and opening a few tabs?

Satyajit (Admins,a.k.a Satosys) said...

By url i mean the fake page of the "standard page" after you open it open few other pages in the same browser and then come back to the first open page and see that it has changed... :)

u can see the demo in the last of this post i hav provided the url u jst click...

Shekhar Sahu on November 21, 2010 at 10:34 PM said...

Wow, this one is cool!
also viewed the fb login page after a long....lol

uk on December 12, 2010 at 10:11 PM said...

hellooo...i m uk
i m confuse to understand which <style... use..in google
there are many style in google
i don't know HTML,PHP..

Mike Williams on January 4, 2011 at 9:13 PM said...

I don't know if this is the right thing to do but hopefully this is just a part of a learning process. I'm not really a techie person and I don't like hackers and phishing. I don't want to give it a try but it's still nice to know how these are made and done.

Satyajit (Admins,a.k.a Satosys) said...

@Mike All hackers are not bad...yeah phishing is not good...but here this post is to make the people aware about such a threat.

Thanks for sharing your thoughts on it. :)

detox on January 17, 2011 at 1:47 PM said...

Ha, did anyone tried to do it? Is it works? I just want to know to hack one account of my ex-grlfrnd, which betrayed me >:)

Anonymous said...

hey i cant upload the bgattack.js.
everytime when i upload it, its detecting
that its a tabnappin.
and im using t35.com. HELP ME PLS!!!!!

Satyajit (Admins,a.k.a Satosys) said...

Try with yourfreehosting.net rather than t35.com

Harii said...

Bro i followed wat u said but when i open the standard page(izit google the one i edited ?) and it is takin me to tis web http://www.hostvoice.com/formad/process.php?pid=25&category=2
The Facebook page is not showing up....
I need help plss...
And ur demo is not working too so i really dont know How izit working.
If can pls upload a Tutorial.....(if u have time)
Thanks again Bro!!!!

Tushar said...

This is bcoz of redirection or tab change process...?

Julien boy on February 15, 2011 at 10:43 PM said...

Phishing works pretty well :)

Carla on March 11, 2011 at 4:16 AM said...

This is nice, I'll give it a try, It'll be my first time when I'll try hacking something.
Thanks for sharing this.

Algot on May 21, 2011 at 11:12 PM said...

Can You with this tecnique (new type phishing attack) stolen password of facebook?? really? You're Great!
I'm used this tecnique and other (tecnique of phishing) for hack facebook accoount and you?

Prabhu on June 17, 2011 at 10:39 AM said...

nice work dude!

Fold23 on June 30, 2011 at 9:32 PM said...

fOLD23

Suppose this Scenario: I would like to hack somebody's account from my own computer - as in my ex's who uses somebody else's computer, not my own. This is surely not possible? If it is, how do I send the fake login page to them?

Calling @ all Geeks!!

shanelee on July 4, 2011 at 5:25 PM said...

This web site is really a walk-through for all of the info you wanted about this and didn’t know who to ask. Glimpse here, and you’ll definitely discover it.

Reggie on July 16, 2011 at 12:42 PM said...

Can someone really hack a facebook account. I really doubt it

Jasmine on February 22, 2012 at 10:44 AM said...

please suggest the free web host, i have tried as many but every free host dont allow me to upload .js file, i also tried to upload .js file to another file hosting server having firect link enabled and than changed the script source to that but it did not work, so please suggest the free host which supports .js files or any other solution.

Satyajit (Admins,a.k.a Satosys) said...

@Jasmine : Try this technique with "XAMPP" on your local system or inside a virtual environment.

Thanks for your interest in the post.

Curly said...

i dont geddit. assuming im the hacker, i send a google page to the victim? and the victim opens the google page and then opens a bunch of tabs? why wud the victim do that?

cletus on September 28, 2012 at 4:26 PM said...

I love your blog,helpful, thanks for sharing!

Post a Comment

This blog is "DoFollow",Use a "Real Name" rather than using "Keywords" otherwise comment will be rejected.

Delete this element to display blogger navbar

 
© 2013 SecurityHunk All Rights Reserved and Template by Fresh Blogger Templates