Hacking into a Facebook account without obtaining credentials

It seems like a magical title, and it is somewhat totally accurate. I will show you how you can log in to a person-X Facebook account by obtaining the required secret information from an Android phone or by performing an HTTPS MiTM attack. These are real-world scenarios that hackers utilize not only to hack into your Facebook but in general to steal your valuable information they can further use to exploit your online services.

Both technics require a bit of network and filesystem pre-knowledge, but at the same time, they can be demonstrated and executed in a matter of an hour— depending upon your skills. By exploitation, we gain access to the HTTP cookies that we further use to login into person-X social media.

Android exploit

As you might have anticipated, it will not be as easy as you might think, otherwise everyone would do it. To exploit the Android phone, person-X uses to log into Facebook you need to have physical access to it, and to some extent that also means person-X might still be logged into their account (in the Facebook app) and you don’t have to do all the gibberish, I will be talking about from here on. TRUE, but potentially this might not be the case and you have to approach it in a more sophisticated way.

To obtain cookies from the Android phone you have to root it first, which is a bit complicated and not possible on all Android devices. As mentioned in the rooting link, to interact with the Android…