Learn everything about how can someone become a Facebook hacker pro using the SSL Strip method. In this tutorial, I am going to show you all the steps someone can take to steal your Facebook credentials by converting an HTTPS into an HTTP. It only takes a few minutes to do so, when someone is interested in stealing your account.
What does the SSL Strip method represent?
Moxie Marlinspike is the computer researcher who discovered the SSL Strip method in 2009. His work was mainly focused on how can the communication between two people be intercepted in the virtual environment, only that the SSL Strip method does not only refer to communication but also stealing passwords and accounts.
The SSL Strip method is also known as one of the man in the middle attack options to steal someone’s credentials. It means that a hacker can create a fake login page that the victim will access. By taking the right steps, a hacker can convert an HTTPS page into an HTTP and thus will steal your personal credentials.
Now let’s take a look at the entire process someone should take to use the SSL Strip method.
How can you become a Facebook hacker pro using the SSL Strip method?
When using the SSL Strip method to become a Facebook hacker pro, one needs the Kali Linux distribution, which can be easily downloaded online. Both the computers – the hacker’s and the victim’s need to be on the same network when all this is happening and you will need the IP address of the connection you are both using.
Open the Kali Linux commander and drop down the configuration you are using, by taking the following steps:
The eth0 shows you if you are using a Wi-fi connection or a personal home network, for example. You will need to drop down the eth0 by inserting the following into the Kali Linux commander.
Now just press Enter to move forward and configure your IP tables as well. This way you will redirect all the information you need to find out to your computer.
Once you press Enter, you will get here:
Keep in mind that if you insert an extra dash when not needed, the entire process will be wrong. That is why you need to pay attention even to small details.
Now you need your router’s address and you can get to it by taking the following step:
If you take a closer look at the picture you just saw, you will realize you found out your gateway. Remember it, as you will need it later.
The next step is finding out the victim’s computer IP address and you can do that by inserting into the Kali Linux commander the info as stated bellow in the red box.
Once you hit Enter, the Kali Linux will search throughout all the computers connected to the same network as you are, until it reaches your victim.
You will get all the IP addresses connected to the same network as you are. Don’t worry if you get many results. Once you find the one you are interested in, click right and copy it.
Save the IP address in a Notepad document. You will use it later.
Now just configure your ARP spoof, meaning sending messages to a local network.
Press Enter again and you will get to the part where you need to redirect the traffic.
Open a new Terminal (without closing the first one), insert here the following:
Now press Enter and the information you’re looking for will start being rerouted. Leave it like that and open a Firefox browser.
Access a Google page, write Facebook in the search box and you will see how your link will be starting with HTTP instead of HTTPS:
If you insert random credentials into the Facebook login boxes, you will get here, of course, as you were trying out random credentials to see if they work.
Now go back to your Terminals and you will see how they are still working for you.
It means that now you need to open another Terminal and take these steps.
Here is where you’ll see the credentials you tried using to log into the Facebook account: “jack” and “password”. Basically, this is the moment where you will get the victim’s credentials. Instead of ‘jack’ and ‘password’, you will get access to the real credentials.
Once you did this, you can access any website you like on Firefox and you will see that all of them are now containing HTTP instead of HTTPS. It means that you will get all the info your victim is accessing.
Can someone use the SSL Strip method for other kinds of accounts?
The answer is yes. Someone can use this hacking method for any kind of account: Facebook, Twitter, Instagram. Beyond stealing your Social Media network credentials, someone can get in control over your bank account, for example. That is why you should always protect your accounts and choose the passwords wisely.
Is there any way to stop this kind of virtual attack?
After Moxie Marlinspike discovered the SSL Strip method to hack accounts, he immediately started thinking about a way of stopping this kind of virtual attack. Unfortunately, he did not manage to find a good way so far, but he is still looking.
Thank you for reading this tutorial and stay tuned for the next ones 🙂
Credits to: How to use SSLStrip (Hack Facebook/Twitter)