How to hack Facebook Account ? | Tabnabbing.

My intension of posting an article on such a title is not to harm anyone nor bring down the reputation of the concern services or promote black hat rather I want to aware the users of such a threat they can encounter and for educational purposes.
I recommend readers if they abide by the blog's Disclaimer then they can proceed reading this post otherwise leave this page immediately.
Facebook is one of the most hyped and widely used social networking site these days.So,attackers always look out for profiles where they can post there spam message,advertise etc.So here in this post I will use a phishing technique called as "Tabnabbing" brought out by Aza Raskin.If you are new to it you can follow my earlier post on Tabnabbing.Keeping in mind that you know what is "Phishing" and how it is done so,lets start.....

Requirements:

1.One should know how Phishing is carried out if not (Read here)
2.Should have a free hosting account(t35.com /110mb.com / yourfreehosting.com etc)
3.Need two codes of java script on Tabnabbing download (Here).

Procedure:

Step 1.I assume that you have made the fake login page of facebook and the required .php file needed for it.If you do not know how to do it (Read here).

Note:In the .php code if the redirect url is the main login page of Facebook(http://www.facebook.com) then a warning message may be flashed after logging into the fake page to reset the password.So,the attacker may have used a different link there, you can try with this "http://www.facebook.com/careers/?ref=pf" instead of "http://www.facebook.com" Look the screen shot below to get the whole idea.
(Click on the image to zoom it)
Now upload the fake page and the .php file to the free web hosting account.

Step 2.Having done with the fake page and .php file ,now use a standard webpage like "http://www.google.com" or "http://www.bing.com" save the source code of it in a text file.

Step 3.Download the code in the requirement part and open "Bgattack.js Injecting COde.txt" and copy the content.Now open the file in step 2.and find (use ctrl+f) first <style.......... > and put the copied content above it then save and upload the web page to the free web host account.
(Click on the image to zoom it)
Step 4.Now open "bgattack.js" and find(use ctrl +f)  "window.location = '<Ur Fake Page URL>' " as shown below,remove it and replace with the fake page url then save and upload the file to the free web host account.
(Click on the image to zoom it)
Step 5.See the screen shot below,your free web hosting account should look similar to this.
(Click on the image to zoom it)
Click on the url of the standard webpage and open few tabs and see the change.Now the whole process is complete..... :)

I have made a Demo you can check it (HERE).Click on it and open 3-4 tabs and see the magic.I mean you will see a facebook login page, you can enter few trail words in the login field and see those words (HERE)

If you find this post worth reading then do drop a comment,it will be appreciated.
How to hack Facebook Account ? | Tabnabbing. How to hack Facebook  Account ? | Tabnabbing. Reviewed by Satyajit (Admins,a.k.a Satosys) on Tuesday, September 21, 2010 Rating: 5

23 comments:

Satyajit (Admins,a.k.a Satosys) said...

Friend I request you to give your real name rather than keywords because it may lead to rejection of comment....

yeah you can surely try it...but i suggest you to do it for educational purposes rather than trying on others.... :)

Anonymous said...

what do you mean by clicking on the url and opening a few tabs?

Satyajit (Admins,a.k.a Satosys) said...

By url i mean the fake page of the "standard page" after you open it open few other pages in the same browser and then come back to the first open page and see that it has changed... :)

u can see the demo in the last of this post i hav provided the url u jst click...

Shekhar Sahu said...

Wow, this one is cool!
also viewed the fb login page after a long....lol

uk said...

hellooo...i m uk
i m confuse to understand which <style... use..in google
there are many style in google
i don't know HTML,PHP..

Mike Williams said...

I don't know if this is the right thing to do but hopefully this is just a part of a learning process. I'm not really a techie person and I don't like hackers and phishing. I don't want to give it a try but it's still nice to know how these are made and done.

Satyajit (Admins,a.k.a Satosys) said...

@Mike All hackers are not bad...yeah phishing is not good...but here this post is to make the people aware about such a threat.

Thanks for sharing your thoughts on it. :)

detox said...

Ha, did anyone tried to do it? Is it works? I just want to know to hack one account of my ex-grlfrnd, which betrayed me >:)

Anonymous said...

hey i cant upload the bgattack.js.
everytime when i upload it, its detecting
that its a tabnappin.
and im using t35.com. HELP ME PLS!!!!!

Satyajit (Admins,a.k.a Satosys) said...

Try with yourfreehosting.net rather than t35.com

Harii said...

Bro i followed wat u said but when i open the standard page(izit google the one i edited ?) and it is takin me to tis web http://www.hostvoice.com/formad/process.php?pid=25&category=2
The Facebook page is not showing up....
I need help plss...
And ur demo is not working too so i really dont know How izit working.
If can pls upload a Tutorial.....(if u have time)
Thanks again Bro!!!!

Tushar said...

This is bcoz of redirection or tab change process...?

Julien boy said...

Phishing works pretty well :)

Carla said...

This is nice, I'll give it a try, It'll be my first time when I'll try hacking something.
Thanks for sharing this.

Algot said...

Can You with this tecnique (new type phishing attack) stolen password of facebook?? really? You're Great!
I'm used this tecnique and other (tecnique of phishing) for hack facebook accoount and you?

Prabhu said...

nice work dude!

Fold23 said...

fOLD23

Suppose this Scenario: I would like to hack somebody's account from my own computer - as in my ex's who uses somebody else's computer, not my own. This is surely not possible? If it is, how do I send the fake login page to them?

Calling @ all Geeks!!

shanelee said...

This web site is really a walk-through for all of the info you wanted about this and didn’t know who to ask. Glimpse here, and you’ll definitely discover it.

Reggie said...

Can someone really hack a facebook account. I really doubt it

Unknown said...

please suggest the free web host, i have tried as many but every free host dont allow me to upload .js file, i also tried to upload .js file to another file hosting server having firect link enabled and than changed the script source to that but it did not work, so please suggest the free host which supports .js files or any other solution.

Satyajit (Admins,a.k.a Satosys) said...

@Jasmine : Try this technique with "XAMPP" on your local system or inside a virtual environment.

Thanks for your interest in the post.

Curly said...

i dont geddit. assuming im the hacker, i send a google page to the victim? and the victim opens the google page and then opens a bunch of tabs? why wud the victim do that?

cletus said...

I love your blog,helpful, thanks for sharing!

Powered by Blogger.