Prerequisite : Part 1 on MITM attack .
Till now we were success full in routing data of victim through our computer. now the main part begins.
Step 2 : Sniffing Intercepted data
Wireshark will help us in reading data packets , so follow these steps :
- Start Wireshark.
- Go to “Capture”->”Interfaces” and select your interface . Select one with ethernet. click on Start.
- Your screen will start flooding with data packets. The window shows your data packets along with victim’s data packets.
- In the filter type “http.cookie contains datr” . This expression will filter out cookie containing value datr. Why datr only , check previous tutorial. To know more about expressions check this.
- To extract values from cookies, right click on any of the HTTP packets and select “follow TCP stream”.
- Make sure you not having your own facebook account open in browser. Because then you might end up reading your own cookie.
- You will find cookie values in pop up window. Copy cookie portion (as shown in pic below ) and save in notepad , we gonna need this later.
- Now we have to insert these values in browser. There are many methods to insert like extensions in chrome and addons in firefox. I recommend Greasemonkey addon.
- Install Greasemonkey. Restart firefox and install Cookie Injector script .
- Go to firefox options and in privacy section click on remove individual cookie. Then clear cookies of facebook.com .
- (Here comes interesting part) Now open facebook.com and type ALT+C . A popup will appear to enter wireshark dump.
- Enter cookie data copied earlier and press OK.
- Referesh facebook.com. BAM! you are in.
Share you experiance.