Hack Facebook and Instagram Account is most commonly heard, But Instagram is now owned by Facebook, and Facebook has the largest database of social media. So, the larger is the belief of people the greater are the security issues.
As we all have heard many times Facebook has been involved in data breaches, There were hackers in the Facebook systems but Facebook has made it so quick to improve their security.
This won’t be easy to hack someone’s Facebook account with the tools that you have only. For hacking Facebook accounts, you will need social engineering toolkit as well as some Social engineering knowledge also.
What Do We Have For You
- Tools Required To Hack
- Pre-requisite for the attack
- What is brute-force and Hacking Using BurpSuit
- Hacking Using Inspection
- Hack Using Phishing Attack
- Hacking Using Scripts
- Limitations of Attacks
Tools Required To Hack
- Social Engineering Toolkit
- Kali Linux
- HTML knowledge
- Good Internet Connection
Pre-requisite for the attack
Some basic knowledge of HTML like how to check paragraph, inspecting elements.
Kali Linux basic tools and commands usage. You should know basic commands like switching into directories and installing new software from Github etc.
What is brute-force and Hacking Using BurpSuit
Brute force is a tool that allows you to hack passwords.
It works on trial and hit method.
Installing a brute-force tool on windows
A popularly known tool for performing brute-force attacks is BurpSuite. It is a free and open-source project and can be easily used by anyone. But it comes in a different edition like one is free in which some of the tools are blocked while in community edition all the tools are opened.
You can download a burp suite from the official site of the burpsuit. Install the software and give it the permissions that are required.
If you are in Linux Then it will be pre-installed just update it and move to the next step.
Now you are all set to go for password crack.
Instagram and Facebook account Password Crack Using brute-force:
So, to hack the password you will have to first gather the victim’s details as I have mentioned above you need an information-gathering tool.
So, firstly visit the profile that you wanted to hack. Then copy the profile link and paste it on the browser. Now the URL will is something like this https://www.Facebook.com/——–/ then you have to remove https://www and type graph.
Then the URL will be something like this https://graph.Facebook.com/——-/ When you hit enter and search you will now get something interesting displaying a new message pop up. See the image for reference.
In the above Image check the URL and data that has been displayed on the screen.
This is known as gathering information. Now open Kali Linux and open crunch tool.
It is a tool that is used to create several password combinations. Now using the crunch tool you have created the password list also, from the image you have got username and id also. Now open burpsuite switch to passwords using a single password and now give the username that you have got and password list also. If it asks for proxies you can give otherwise leave it.
Now, wait until the burpsuit finishes the process to gain access.
Burpsuit will test that id for every password that has been established in the list, If it gains access then a dialog box showing success message will pop up.
And now you can go ahead and log in using the password provided by the burpsuit.
Hack Using Inspection
Hacking using inspection is not a hacking, it is only usable if you have access to the victim’s device. Most of the time, users save their password in the system so whenever they come again on the website, they need not enter the password and username again.
So, We are going to crack their password from their device only, for this open Facebook or Instagram account page that you want to hack, and then you will see there is an automatically filled password but that is not visible to us.
So now press on the password box, and select the last option that is an inspected element. Now wait and you will see a new ide window is opened and you are in a particular line. See the image for reference.
After inspecting, now you see <input type=” password” we have to deal with this only, Change the word password with text. <input type=”text” . What this will do is it will make you visible the characters that have been stored. Now you will be able to see the password. You can now do what you want to do with that account.
Hack Using Phishing Attack
Hacking accounts using phishing attacks are most common but if you use social engineering then, the victims won’t be able to identify that it’s a phishing page.
So, phishing is generally creating another page that looks similar to the original page. But for a phishing attack, you need to take care of some things that are: Your hosting, domain, webpage, and the webpage redirection. Here comes the basic knowledge of HTML in use.
So you can create a similar page like Facebook and Instagram. For this visit their official page and now right-click on the page click on source code now you will see a bunch of lines copies all of it and paste it in notepad and save it with filename.html We have included HTML because it is a web page.
The above step has successfully created your webpage, but its not a phishing web page for that you will have to make changes, like where the password is being stored originally it is Facebook’s server but as we are creating fake page then we will have to change it to our database.
Setting Your Own Parameters On Phishing Page
Now we have to do one more step that is to change the redirection page, For redirection, you can put an interesting website link or you can again open the Facebook page. You can do all these by searching (ctrl + F) the keyword like redirection, password, and so on.
Now move onto the last two things hosting and domain for this, I would suggest 000Webhostapp.com where you can create an account and then upload your HTML page that we have saved earlier.
As you have got a link to use some shortener like bitly shortner and short your URL. Now send this shorted URL to the victim and whenever he or she logins, You will get email and password associated with the account.
Coming onto our Last method that is Hacking using scripts
Also Read: Top 10 Hacking Movies With Learning Outcome
Hacking Using Scripts
For hacking using scripts go on to Github and type Facebook script. You will get many projects related to that. Now, choose the one which you liked and copy its link.
Open your Kali Linux terminal window and type git clone < URL that you have copied >
Now run the script according to the documentation that is provided in the Github. Now run the script and it will ask you for credentials like username, password list, and proxy list. After you enter this the process will start for cracking the password. It is also similar to brute-force but here we are not exploding our system’s memory.
Whenever the process is completed or the script successfully finds the password it will stop and display the password along with the proxy.
So these were some ways from which we can hack someone’s Instagram and Facebook account. But all the information I provided is for educational purposes. Using it for illegal purposes can cause you harm.
You can Hack Facebook and Instagram Accounts By capturing the packets and Using the Malicious App Also.
Limitations of Attacks
All the attacks provided above except inspection one are time-limited. You need the patience to hack accounts.
Phishing attack all depends on how good you can encourage your victim to use that webpage. The best way of Phishing attack is you create a website like some funny website or some sort of earning website and then send it to the victim saying.
HEY, I have earned 100rs by just signing in and referring a friend. This type of message can attract the user and you will also see that the user will join and most probably will enter his details also.
Hacking Accounts is easy but you need skills like social engineering like how will you encourage the other user to use your application/ Web page or your hacking link.
“Patience is the key to the password” -[VIASK]
Scripts are mostly created in python, in scripts we follow a certain procedure to automate a manual process try to automate it.
Using analyzer, analyze the cookies and extract the data from them. Cookies stores most of the important data.
Yes, You can use gatherproxy
Yes, you can hack instagram accounts with phishing attack.
No, it only gives us the possible passwords for the word we have entered. It works on Principle of Combinations.
Yes, Its free and open source so anyone can create and upload their scripts.
Literally saying, It’s too hard it all depends on the Password list that you have created. If your password list contains the original password then only it will be able to crack it.
Yes, You need to have a bit of knowlege. Basics of HTML will also work.
Nice, but how to create passlist? Its showing error.