My Facebook is being compromised using MITM attack, isn’t it time to reflect the actual IP of the website?

In the picture above, the attacker act as the third person attacker will manipulate the switch routing table so the victim will think that attacker is a Web server and vice versa, because the attacker has changed the routing table.
For this tutorial we need to prepare the tools to do Proof of Concept about this tutorial. Below you can download it.

1. XAMPP – APACHE+PHP+MySQL(We use XAMPP for our fake facebook web server)
2. Cain & Abel (We use it for Man in the Middle Attack)
3. Facebook Offline Page (I have nulled the code, so this script will not contacting Facebook when victim accessed fake Facebook page — only use this for learning)

Download Facebook Offline Page (

Update : replace your index.php and login.php using following files 
Download Here.

Okay, let’s start the step-by-step how to do this:
Attacker IP Address :
Victim IP Address :
Fake Web Server :

I assume you’re in a Local Area Network now.
1. Install the XAMPP and run the APACHE and MySQL service
Xampp Control Panel

2. Extract the fb.rar and copy the content to C:\xampp\htdocs
Htdocs Contents

3. Check the fake web server by open it in a web browser and type 
Fake Web Server Working Good

4. Install Cain & Abel and do the APR(ARP Poisoning Routing), just see the step by step how to below
Click the start/stop sniffer
Click the start/stop sniffer
Choose Sniffer Interface
Choose your interface for sniffing and click OK. When it’s finish, click again the Start/Stop Sniffer to activate the sniffing interface.
Go to the Sniffer tab and then click the + (plus sign)
Click the plus sign
Select “All hosts in my subnet” and Click OK.
select all host and click OK
You will see the other people in your network, but my target is (MySelf…LoL :p)
This is my target…myself
After we got all of the information, click at the bottom of application 
the APR tab.
Click the APR
Click the + button, and follow the instruction below.
step by step to interrupt
When you finish, now the next step is preparing to redirect the page to the fake web server.
Click “APR DNS” and click + to add the new redirecting rule.
Add Redirecting Rule
When everything is finish, just click OK. Then the next step is to activate the APR by clicking the Start/Stop APR button.
Start/Stop APR button

5. Now Hacking Facebook using MITM has been activated. This is how it looks like when victim opened

6. But if you ping the domain name, you can reveal that it’s fake, because the address is IP of the attacker
Fake Facebook