Sunday 18 September 2011

Hack someone’s Facebook Profile

Finally I got all the information inside my victim’s account. He/She might think “Facebook is my Room of privacy”.
This is not taken fully control of someone’s Facebook profile. But you may able to clone victim’s account in few minutes.  Yes, Facebook profile dumping.

You can use FBPwn, which is known as open source, Java based Facebook profile dumber released under GPL license. This is fully automated dumping tool just use the social engineering tricks and victim force to accept the invitation. Then all the information, photos and friend lists dump in to a local folder.
Okay, Let’s Start Hacking. A typical hacking scenario starts with gathering information from a user’s FB profile.
1.Alice downloads the FBPwn facebook dumper and installed into her PC (

2. Alice opens the application and adds her account details
connecting to Alice's facebook account

3. Alice account is authenticated by the application and Alice clicks on Attack

4. Alice manually browses the Bob’s Facebook page and copies the URL
5. She pasted the Bob’s URL and selected some modules
FacebookPwn modules

The functionality of FBPwn modules,
Add Victims Friends,
Using this module Alice can send amount of  requests to Bob’s friends and increase the number of mutual friends
Bob's Friends

Check Friend Request Task,
Check weather Bob is already friend of Alice or not. Bob is a friend, no worries. If it is not, friend request will be sent and waiting till he accept the request,but
How can we sure that, Bob accepts the Alice’s friend request. Here we use another module to create a fake account which is very similar to Bob’s friend’s account; the module is Profile Cloner
Facebook clones

Niranga is a friend of Bob, application replaces Niranga’s detils with Alice account and send request. When Bob received, he thinks he is accepting Niranga
this is not Niranga

But Niranga is already friend of Bob. We’ll check Niranga’s clone profile
a clone

So, module wait until confirm the request

Bob accepted the page and looks Niraga’s profile
Niranga and Udayanga, but not University of Moratuwa

But when he realized that it is not Niraga’s, probably it would be too late
you allowed us

Then, next modules start running and capture Bob’s private information as well as photo albums

Finally, from monitor submitted Tasks tab Alice able to find path of output directory,
Here we have dumps of Bob’s Facebook profile
You are Inside

Bob’s information
where is your privacy

Bob’s Friends list                                  Bob’s photo album
inside a single file

Bob's pics

Finally, Safety tips
  • Be careful when you add friends
  • Do not make your friend list public

” Use it on your own risk and please do not abuse “