>>37776 Depends on what you mean by "hack facebook".
I don't think stealing shit directly from facebook would be that easy. But stealing shit from you while you access facebook? Easy as fuck under the right conditions.
First, virus. If you have a virus that logs shit, you account credentials can be easily transferred to whoever is controlling the virus.
Second, if someone is MITMing you, they can get your shit too. For example, if you're in a public wifi and the operator of the wifi itself is malicious, you can be tricked into believing your connection is secure when it in fact isn't, through shit like sslstrip. And not only the wifi server - any terminal connected to the same wifi can spoof being the wifi itself if it's closer to you than the wifi server.
Same with phone towers. There's a number of phone tower spoofing software, so you might believe you're communicating with the tower, but you're actually sending your data to a man in the middle, and if you are not certain, or even aware that sending it encrypted or not, the MITM can get your data.
>>37780 >it used to be easier Yeah, when facebook didn't require SSL for all logins, because all the data went in the clear back then. But you can still use tricks like sslstrip to make both the server and the terminal believe they're connecting through ssl. Or at least make the server believe you're connecting through ssl, while the terminal is connected through cleartext.
>>37798 And again, that depends on what you mean by "hack". If we're being pedantic, it doesn't even mean what you think it means (you're thinking of the word "crack", or maybe not even that).
No, you can't actually go and access someone's account willy nilly. But you can cheat the owner of the account into giving you their info in a number of ways, the most "hack"-like ones being either through a virus or through a MITM attack. Or through phishing. But all of that depends on input from the owner of the account. The facebook servers though? Not even the chinese.
>>37809 >how can I be able to find out the password/e-mail they use on facebook MITM, virus, phishing or social engineering (which goes hand in hand with phishing).
>and without leaving the comforts of your home? Mh...
MITM is pretty much out of the question unless you somehow manage to get them to remote-connect to something malicious.
I suppose you could hit one of those eastern european virus sites to see if you can pay for something, but you're gonna have to pay, and like hell I'm gonna link you.
That leaves you with phishing and social engineering. Just as an example, if you make a website and manage to get the person to register to it, it's quite possible they'll use at least the same email, if not the same email and password. Or maybe you could even trick them into believing they're logging in to facebook through your website - hell, you could actually log them in to facebook and keep the data yourself.
There's tons of ways. But of course, you'll need to know at least how to program, and how to make them fall for phishing.
My advice: give up on it. If you're not even willing to MITM from the same network, it's not worth it.
>>37789 >you can be tricked into believing your connection is secure when it in fact isn't, through shit like sslstrip No you can't.
You can be tricked into making an unencrypted connection when you should be making an encrypted one, but there's no way to make your browser say it's secure when it isn't. You'd need Facebook's SSL certificate for that, and you don't have it.
Even OAPs know, nowadays, that if the browser doesn't show the green padlock when it should be showing the green padlock then something is amiss.
HSTS is a standard where the site can tell the browser "next time you connect, you're not allowed to use http". Browsers that support it (basically all of them) will automatically convert http requests to https, and will raise a stink if the https request is tampered with. They simply won't let the user connect if someone in the middle is trying a downgrade attack.
High-profile sites (like Google, Facebook and Paypal) are on an HSTS list built into the browser, and will never, ever, ever downgrade to http, even on the very first connection.
>>37824 >HSTS is a standard where the site can tell the browser "next time you connect, you're not allowed to use http". Browsers that support it (basically all of them) will automatically convert http requests to https, and will raise a stink if the https request is tampered with. They simply won't let the user connect if someone in the middle is trying a downgrade attack. >High-profile sites (like Google, Facebook and Paypal) are on an HSTS list built into the browser, and will never, ever, ever downgrade to http, even on the very first connection. There's always redirections to lookalike domains.
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the shown content originated from that site. This means that 4Archive shows their content, archived. If you need information for a Poster - contact them.
If a post contains personal/copyrighted/illegal content, then use the post's [Report] link! If a post is not removed within 24h contact me at firstname.lastname@example.org with the post's information.