Skip to main content

Gmail Cookie Stealing Part 1


What is a Cookie?

A cookie is a piece of code which is used to authenticate a user on a website, In other words when ever you login to a website such as Facebook, Gmail, Orkut etc your browser assigns you a cookie which basically tells the browser that for how long the user should be logged it, Apart of authentication purpose a cookie can be used for variety of different purposes, If you would like to know more about cookie stealing kindly google it up.

What is a Session Token?

After an authentication is completed , A webserver hands the browser a session token which is used because a webserver needs a way to recognize between different connections, If a hacker could capture your session token then it's a cakewalk for the hacker to hack into your gmail, facebook or any other account.

What is a Session Hijacking Attack?

A session hijacking attack is basically an act of capturing session token and injecting it into your own browser to gain acess to victims account.


What is a Cookie Stealer?
 
A cookie stealer is basically a script used to steal victims authentication cookies, Now for a cookie stealing process to work the website or the webpage should be vulnerable to an XSS attack, This is the most common and widely known misconception among newbies.

How the stealing process work?

1. The attacker creates a PHP script and uploades it to a webhosting site.

2. The attacker then asks the victim to visit that particular link containing the PHP code.

3. Once the victim visits it his/her authentication cookie is saved in a .txt file.

4. Next the attacker uses a cookieinjector or a cookie editor, There are lots of firefox addons, google chrome extensions to do the work for you.
5. The attacker replaces his own cookies with the victims cookies as a result of which the victims session is hijacking

Why it does not work on a website which is not vulnerable to XSS?
It's due to the browser's same origin policy, and according to it the browsers don't allow the javascripts to acess the cookies.

Well I will teach you all cookie stealing in my next topic.

Gmail Cookie Stealing Part 2


NOTE:- IT WILL NOT  WORK  ON CONNECTION HTTPS RATHER THEN HTTP.

Thanks.
Labels:

Comments

Post a Comment

Popular posts from this blog

Trick your webpage with different method

Trick your webpage A simple text file edit makes sites redirect to another. When you type address in address bar in any browser and enter it then it will display another web page, for example:- when you type Google.com you will be redirected to yahoo.com Instructions to do: 1) Go to this directory [c:\windows\system32\drivers\etc], directory may change according to drive used for os installation 2) then hit enter 3) find a file named "hosts" 4) Right click on it and open with word pad. 5) In the last link of the document type the IP* address of yahoo space www.Google.com (Vice versa for other sites) 6) now save it 7) restart the browser if its already running 8) Now try it, It works perfect IP*: to find IP address of that website Goto start ->Run > type cmd > enter. Now you have a new window on desktop. On that type this without cotes "ping www. yahoo.com" replace yahoo.com with your preferred site and then enter it   ...
Post a Comment
Read more

How To Bypass Surveys By using JavaScript

Every day we  need  to complete the  surveys , to get the needed file.These surveys are very irritative and very rare of them gets ended without giving needed the link, or asks for money,Email,Phone. By  seeing  this i am posting the simple method  method  to bypass these annoying surveys without wasting time and money. 1) First copy the given  java code from this site  http://pastebin.com/MJKzU5zR 2) then Make a Bookmark with name "Bypass_survey" and add url link as the javascript. 3)Now   goto  page that contains the  Survey  and Press that Bookmark. 4)OOhhhh Fre_______.... :o the Survey is Bypassed. Thank you dare to comment
21 comments
Read more

Best Omegle Alternatives

                    By now you have probably been a big fan of  Omegle  for quite some time, but you’re looking to branch out and see if you can’t maybe find some alternatives. It’s just the way of the world, you can’t stay with one website forever, and this holds especially true with the random video and text chatting niche. With roulette webcam chat sites it is just too easy to end up having a community that becomes a bit, say, stale, because it becomes too predictable I suppose. Thus, you end up wanting something new, and that, my friends, it what we have provided for you here. Check out our list of the best  Omegle alternative sites, and you shalt not be disappointed, or at least so we hope.                The website Which I Like OMEGLE.COM 1.  iMeetzu   This random chat site is pretty awesome. You can choose between video only or text only for one thin...
4 comments
Read more