For whatever reason, there are always people who want to hack social media accounts.
Instagram is one of the most popular social media in the world. If you are looking for hacking methods for Instagram then you are on the right page.
But before I share working methods I want to discuss website claiming they can hack any account within seconds.
These type of websites doesn’t work. In the end, you have to complete a survey, where you will get nothing.
Instagram puts billions of dollars on security these simply can’t hack within seconds.
The only way to hack any account is to make your victim fool.
For example, providing them a fake login page that will look like a real Instagram login page. On login, you will receive the password & the victim will redirect to the original website.
These are the working methods to hack Instagram
As I described earlier phishing is basically creating a fake login page. For example this screenshot.
As you can see in the URL it is different than Instagram.
How To Create Phishing Page
Creating a phishing page is easy. But making an undetectable page is difficult. Free hosting continuously banning phishing websites, Browser also starts warning the users.
But still, even after these hurdles, you can create working phishing. In fact, I did it, It will just take some extra work. Here are the things that you need to create an Instagram phishing page.
- Phishing script: Download Here
- Firebase Account: Create a Firebase account & Setup a Project as well, Learn here
- Free Hosting: Sign Up for 000webhost.
Here are the steps that you need following after doing above three things.
- After creating your account & Add New Project. Go to Project Settings, and click on Add App under Your Apps.
- This will take you to a new window where you need to type the app name. On Clicking Register Button, will show you a firebase code.
- As shown in the screenshot, copy the code starting from var= to (firebaseConfig);
- Save these Codes somewhere you need it later on.
- Here in the firebase click on go to console button then Chose Real-Time database from the left sidebar. Then click on the Create Database button. You’ll be prompted to choose a test or locked Mode. Select the test code and click on Enable Button.
- Now Go to Rules & Change both read & write to true
- After downloading the script extract it on your computer. If you are a phone user then you can also extract the zip folder on the phone with help of some software.
- You will get two items, the first one is the index.htm file & the second item is a folder. Now Open the index.htm using any text editor such as notepad. Android users can use the HTML Editor.
- Scroll Down until you did not find firebase settings as shown in the screenshot.
- Change these codes that you have copied in the 3rd step of Firebase Settings
- Save the File, Make zip folder of both index.htm file & folder
- Now login to your 000webhosting account. After that find the File Manager.
- Open it & go to public_html folder. Upload the Zip Folder. The following screenshot describes how to upload a zip folder
- After uploading, Select the file and select the Extract icon. It will prompt you to the location. Type . (Dot)
- Now Go back to My Sites, open site URL. It will show you something like this
- Login with any account to check your account.
In the Firebase→Realtime Database, you will get your login details as you can see in the screenshot.
If you didn’t receive anything probably you haven’t change the code successfully.
Creating a phishing page is a different thing but the convincing victim is totally different concept. On this page, I write down Earn RS 100 as you can see in the screenshot. So you can use say something like I will get free recharge.
How to Protect yourself
- Always check URL before login
- Do not Open Any link from unknown source
This is the most underrated method to hack accounts. Basically keylogger is a software or app for smartphones that can record every typed word by the victim.
The biggest problem is you have to install a keylogger on the victim device.
Once it is installed then it can send you data remotely. In the market, you can find so many free keylogger apps.
Free keylogger does not send you any data remotely. You have to access pc again to view log files.
But some paid keylogger such as hoverwatch can send you data remotely.
It is available for mac/windows & android phones. I tried on an android phone, it is undetectable.
But the installation part is complicated especially if you are a non-techy person. Here is a step by step article about how to install hoverwatch on an android smartphone.
How to Protect
- Computer users always keep machine up to date.
- Apply step 2 verfication on your accounts
Social Engineering nothing just guess the password. But the above methods you can also social engineering. To Convince victim for login into the fake page, installing a keylogger, etc.
A lot of people set a password use the name of dad/mom with a mixture of some other characters.
Some people use the same password for every account. So if you can get password of other account then you might get their instagram account.
How to Protect your account
Use a Strong Password. Here is my recipe to create a strong password. Think about a sentence in mind, anything. For this example let’s use the following one.
Tinku was Our First Dog.
Now Pick first character of every word. It will look something like this
Last but least add some special characters to it.
I have picked 098 special characters so I can remember. Now you have a strong password.
By Hacking Facebook Account
A lot of people use login with facebook to access instagram account.
You can use the above mentioned methods to hack fb account.
Before you send the Instagram phishing page make sure you find out how your victim access Instagram account.
By Creating Fake Login App
A lot of users browse insta by the android app. If you have app development knowledge then you can use create a fake Instagram app.
Here I what I did to hack account.
- Get phone to browse Instagram
- Uninstall original app
- Installed Fake App
In the fake app when my victim tried to login into his account. App Show an error
Something is wrong, Please uninstall current version & install latest version from play store.
In the backend, it forward me his username & password. To create fake either you can spend 2-3 months in app development or hire a app developer from fiverr.
How to Protect yourself
- Apply step-2 verification on your account
No matter how secure the internet become there will be always some ways to hack it.
If you have any question/query or feedback let us know by the comment section.