The Hackr
hack facebook

How to Hack Facebook in 2017

Hello Hackrs, today i will show you how facebook can be hacked in 2k17.

People today always search for the way to hack facebook without any pre-requisite skills. Facebook in infact far unreachable from getting hacked. But, you will need some skills for doing so and we thats what TheHackr is here for!

With a bit of Social Engineering, one can get Facebook Credentials of a victim easily.
BeEF or the Browser Exploitation Framework is a security tool, allowing a penetration tester or system administrator additional attack vectors when assessing the posture of a target.

Looks damn complex, but it is very easy in reality to achieve success in social engineering. It is our favorite module in the Social Engineering Toolkit here at TheHackr.

By-the-way, all Facebook users should probably take note of this if you don’t want to get hacked!

STEP 1  Install Kali or run it in Live USB Mode

The first step is to download and install Kali Linux or Boot into Live USB mode without actually installing it. There are appropriate packages in Kali which we here use at TheHackr for real hacking.

kali login

If installed earlier, fire up Kali.

STEP 2Fire up BeEF

After booting into Kali, you could probably see an icon with a cow image. It is the BeEF package which we’re going to use here. When you click on it, it actually starts BeEF by starting a terminal.

beef terminal

BeEF runs in the background creating a web server on your machine such that you can access the UI from a browser. Once BeEF is up and running, open your browser, IceWeasel or Firefox depending on your Kali build. Enter the UI url to access the UI panel through the browser. You can login to BeEF by entering username as beef and the password as beef.

beef login

Now that you’ll be greeted by the BeEF’s ‘Getting Started’ screen.

beef welcome

STEP 3Hook the Victim’s Browser

Here’s the main part of the actual tutorial. You must get the victim to click on a specially coded vulnerable javascript link to hook their browser. This is often regarded as the crucial as well as the most difficult part of this hack. But there are many easy ways to do this!

We can simply embed the code into our website and entice the victim to click it. The script looks something like this-
<script src= " ; type= "text/javascript" ></script>
Embed this into a webpage, so that we can lure the victim to click on it and hence you own their browser! There are other numerous ways to achieve this.

This can be also done using MitMf to send the code to the victim.

BeEF framework also has inbuilt sample malicious page. It can be accessed through the welcome page. Copy the address link and share it to the victim through other means.

beef sample

So, for now let’s assume that the victim has clicked the vulnerable link and we’ve a hooked browser  in the left list tab of our UI. If so, we officially own the victim’s browser by exploiting it.

beef sample 2

STEP 4Send Facebook Session Timeout Dialoue Box to the Victim

Just after we’d successfully hooked the victim’s browser, we get the credentials of the victim such as IP address of it, along with the operating system information and the browser details in the left panel.

Clicking on the hooked browser, it opens a BeEF interface on the right side. On this first click, it shows up with the details of the hooked browser. Here we’re interested in Commands tab.

beef attack

So click on the Commands tab and scroll down till you see the Modules Tree. Upon scrolling, you will come across with Social Engineering. Upon expanding it, you will be invited with number of social engineering modules. Here, we require Pretty Theft. Click on Pretty Theft and the options of it are showed up in the right column of the browser.

This module enables us to send a pop-up windows to the victim’s browser to rob any sort of information entered in it! Here we will be creating a fake Facebook session timeout popup dialog box.

Select Facebook in the Dialogue Type box. You might’ve already noticed that it also supports LinkedIn, YouTube, Windows or least, a generic dialog box. Now, without altering any thing else, click on the Execute button in the bottom to send a popup to the victim’s browser.

STEP 5Fake Popup Appears on the Victim’s Browser

Just after clicking the Execute button in the BeEF, a dialog box will appear in the victim’s browser like the on shown in the fig. below. It cites that their Facebook session has expired and they need to re-enter their credentials.

facebook hack


Though it may look suspicious for us as we’re Hackrs, it will look normal to daily users and simply enter their user credentials!

STEP 6Harvest the Acquired Credentials

It’s as simple as a click to harvest the thus acquired credentials of the victim. Back on our machine, we can see the credentials in the Command results window. As shown in the fig., in my case the email address is “[email protected]” and the password as “thehackr” as they’ve been captured from the hooked browser.

facebook hack beef 2

NOTEIf the Server Didn’t Start Properly

BeEF utilizes Apache as to create server environment to lure the victim to click on the malicious page under the same wifi or lan. If clicking on the BeEF icon didn’t start the server, one can always start beef by typing,

cd usr/share/beef-xss


beef start

As far as Hacking Facebook can be done in one or the other way, but using BeEF is probably the simplest one!

So, let us know what you feel about this hack in the comments below!


The hacking trend these days has definitely turned criminal because of e-commerce ¯\_(ツ)_/¯