My intension of posting an article on such a title is not to harm anyone nor bring down the reputation of the concern services or promote black hat rather I want to aware the users of such a threat they can encounter and for educational purposes.
Requirements:
1.One should know how Phishing is carried out if not (Read here)
2.Should have a free hosting account(t35.com /110mb.com / yourfreehosting.com etc)
3.Need two codes of java script on Tabnabbing download (Here).
Procedure:
Step 1.I assume that you have made the fake login page of facebook and the required .php file needed for it.If you do not know how to do it (Read here).
Now upload the fake page and the .php file to the free web hosting account.
Step 2.Having done with the fake page and .php file ,now use a standard webpage like "http://www.google.com" or "http://www.bing.com" save the source code of it in a text file.
Step 3.Download the code in the requirement part and open "Bgattack.js Injecting COde.txt" and copy the content.Now open the file in step 2.and find (use ctrl+f) first <style.......... > and put the copied content above it then save and upload the web page to the free web host account.
Step 4.Now open "bgattack.js" and find(use ctrl +f) "window.location = '<Ur Fake Page URL>' " as shown below,remove it and replace with the fake page url then save and upload the file to the free web host account.
Step 5.See the screen shot below,your free web hosting account should look similar to this.
Click on the url of the standard webpage and open few tabs and see the change.Now the whole process is complete..... :)
If you find this post worth reading then do drop a comment,it will be appreciated.
Facebook is one of the most hyped and widely used social networking site these days.So,attackers always look out for profiles where they can post there spam message,advertise etc.So here in this post I will use a phishing technique called as "Tabnabbing" brought out by Aza Raskin.If you are new to it you can follow my earlier post on Tabnabbing.Keeping in mind that you know what is "Phishing" and how it is done so,lets start.....I recommend readers if they abide by the blog's Disclaimer then they can proceed reading this post otherwise leave this page immediately.
Requirements:
1.One should know how Phishing is carried out if not (Read here)
2.Should have a free hosting account(t35.com /110mb.com / yourfreehosting.com etc)
3.Need two codes of java script on Tabnabbing download (Here).
Procedure:
Step 1.I assume that you have made the fake login page of facebook and the required .php file needed for it.If you do not know how to do it (Read here).
Note:In the .php code if the redirect url is the main login page of Facebook(http://www.facebook.com) then a warning message may be flashed after logging into the fake page to reset the password.So,the attacker may have used a different link there, you can try with this "http://www.facebook.com/careers/?ref=pf" instead of "http://www.facebook.com" Look the screen shot below to get the whole idea.
(Click on the image to zoom it) |
Step 2.Having done with the fake page and .php file ,now use a standard webpage like "http://www.google.com" or "http://www.bing.com" save the source code of it in a text file.
Step 3.Download the code in the requirement part and open "Bgattack.js Injecting COde.txt" and copy the content.Now open the file in step 2.and find (use ctrl+f) first <style.......... > and put the copied content above it then save and upload the web page to the free web host account.
(Click on the image to zoom it) |
(Click on the image to zoom it) |
(Click on the image to zoom it) |
I have made a Demo you can check it (HERE).Click on it and open 3-4 tabs and see the magic.I mean you will see a facebook login page, you can enter few trail words in the login field and see those words (HERE)
If you find this post worth reading then do drop a comment,it will be appreciated.
How to hack Facebook Account ? | Tabnabbing.
Reviewed by Satyajit (Admins,a.k.a Satosys)
on
Tuesday, September 21, 2010
Rating:
22 comments:
Friend I request you to give your real name rather than keywords because it may lead to rejection of comment....
yeah you can surely try it...but i suggest you to do it for educational purposes rather than trying on others.... :)
what do you mean by clicking on the url and opening a few tabs?
By url i mean the fake page of the "standard page" after you open it open few other pages in the same browser and then come back to the first open page and see that it has changed... :)
u can see the demo in the last of this post i hav provided the url u jst click...
Wow, this one is cool!
also viewed the fb login page after a long....lol
hellooo...i m uk
i m confuse to understand which <style... use..in google
there are many style in google
i don't know HTML,PHP..
I don't know if this is the right thing to do but hopefully this is just a part of a learning process. I'm not really a techie person and I don't like hackers and phishing. I don't want to give it a try but it's still nice to know how these are made and done.
@Mike All hackers are not bad...yeah phishing is not good...but here this post is to make the people aware about such a threat.
Thanks for sharing your thoughts on it. :)
Ha, did anyone tried to do it? Is it works? I just want to know to hack one account of my ex-grlfrnd, which betrayed me >:)
hey i cant upload the bgattack.js.
everytime when i upload it, its detecting
that its a tabnappin.
and im using t35.com. HELP ME PLS!!!!!
Try with yourfreehosting.net rather than t35.com
Bro i followed wat u said but when i open the standard page(izit google the one i edited ?) and it is takin me to tis web http://www.hostvoice.com/formad/process.php?pid=25&category=2
The Facebook page is not showing up....
I need help plss...
And ur demo is not working too so i really dont know How izit working.
If can pls upload a Tutorial.....(if u have time)
Thanks again Bro!!!!
This is bcoz of redirection or tab change process...?
Phishing works pretty well :)
This is nice, I'll give it a try, It'll be my first time when I'll try hacking something.
Thanks for sharing this.
Can You with this tecnique (new type phishing attack) stolen password of facebook?? really? You're Great!
I'm used this tecnique and other (tecnique of phishing) for hack facebook accoount and you?
nice work dude!
fOLD23
Suppose this Scenario: I would like to hack somebody's account from my own computer - as in my ex's who uses somebody else's computer, not my own. This is surely not possible? If it is, how do I send the fake login page to them?
Calling @ all Geeks!!
This web site is really a walk-through for all of the info you wanted about this and didn’t know who to ask. Glimpse here, and you’ll definitely discover it.
Can someone really hack a facebook account. I really doubt it
@Jasmine : Try this technique with "XAMPP" on your local system or inside a virtual environment.
Thanks for your interest in the post.
i dont geddit. assuming im the hacker, i send a google page to the victim? and the victim opens the google page and then opens a bunch of tabs? why wud the victim do that?
I love your blog,helpful, thanks for sharing!