I am testing wireshark for learning purposes. I wanted to try out a tutorial that hacks a facebook account stealing cookie information. I couldn't manage to hack my facebook account because wireshark is sending me truncated packets that I can't get cookie info out of.
I tried to capture on all interfaces (except usb 1, 2) but the same thing. I can't get cookie information from my notebook. I only get NBNS, DNS, Browser, IGMP, SSDP protocol type of packets. I get some HTTP but not facebook cookie with 'datr' line. It is just anoying. It seems so easy in the tutorial. Anyone could help me with this? asked 30 May '12, 11:53  pahunrepublic edited 30 May '12, 12:09  multipleinte... |
One Answer:
Your D-LINK router is probably a switch, not a hub (See the Ethernet Capture Setup article). As such, you are only going to see broadcast data on your Ubuntu PC. If, by some chance, your router supports spanning/mirroring traffic, then you should set that up. Otherwise, you'll need to actually insert a hub somewhere. answered 30 May '12, 12:07 multipleinte... |
So it means I won't get any cookie info with a router or with my network topology.
That is correct; as cookie data is sent unicast, only the intermediary and endpoint nodes will see that data. The only exception to that rule is when using a hub, all nodes connected to that hub will receive a copy of the data. Your best bet is probably to ditch the wireless connection and connect via ethernet both the laptop and PC into the same hub, and then connect that hub to the router.
I wonder why you want to hack a facebook account?