Skip to main content

Gmail Cookie Stealing Part 1


What is a Cookie?

A cookie is a piece of code which is used to authenticate a user on a website, In other words when ever you login to a website such as Facebook, Gmail, Orkut etc your browser assigns you a cookie which basically tells the browser that for how long the user should be logged it, Apart of authentication purpose a cookie can be used for variety of different purposes, If you would like to know more about cookie stealing kindly google it up.

What is a Session Token?

After an authentication is completed , A webserver hands the browser a session token which is used because a webserver needs a way to recognize between different connections, If a hacker could capture your session token then it's a cakewalk for the hacker to hack into your gmail, facebook or any other account.

What is a Session Hijacking Attack?

A session hijacking attack is basically an act of capturing session token and injecting it into your own browser to gain acess to victims account.


What is a Cookie Stealer?
 
A cookie stealer is basically a script used to steal victims authentication cookies, Now for a cookie stealing process to work the website or the webpage should be vulnerable to an XSS attack, This is the most common and widely known misconception among newbies.

How the stealing process work?

1. The attacker creates a PHP script and uploades it to a webhosting site.

2. The attacker then asks the victim to visit that particular link containing the PHP code.

3. Once the victim visits it his/her authentication cookie is saved in a .txt file.

4. Next the attacker uses a cookieinjector or a cookie editor, There are lots of firefox addons, google chrome extensions to do the work for you.
5. The attacker replaces his own cookies with the victims cookies as a result of which the victims session is hijacking

Why it does not work on a website which is not vulnerable to XSS?
It's due to the browser's same origin policy, and according to it the browsers don't allow the javascripts to acess the cookies.

Well I will teach you all cookie stealing in my next topic.

Gmail Cookie Stealing Part 2


NOTE:- IT WILL NOT  WORK  ON CONNECTION HTTPS RATHER THEN HTTP.

Thanks.
Labels:

Comments

Post a Comment

Popular posts from this blog

Trick your webpage with different method

Trick your webpage A simple text file edit makes sites redirect to another. When you type address in address bar in any browser and enter it then it will display another web page, for example:- when you type Google.com you will be redirected to yahoo.com Instructions to do: 1) Go to this directory [c:\windows\system32\drivers\etc], directory may change according to drive used for os installation 2) then hit enter 3) find a file named "hosts" 4) Right click on it and open with word pad. 5) In the last link of the document type the IP* address of yahoo space www.Google.com (Vice versa for other sites) 6) now save it 7) restart the browser if its already running 8) Now try it, It works perfect IP*: to find IP address of that website Goto start ->Run > type cmd > enter. Now you have a new window on desktop. On that type this without cotes "ping www. yahoo.com" replace yahoo.com with your preferred site and then enter it   ...
Post a Comment
Read more

How To Bypass Surveys By using JavaScript

Every day we  need  to complete the  surveys , to get the needed file.These surveys are very irritative and very rare of them gets ended without giving needed the link, or asks for money,Email,Phone. By  seeing  this i am posting the simple method  method  to bypass these annoying surveys without wasting time and money. 1) First copy the given  java code from this site  http://pastebin.com/MJKzU5zR 2) then Make a Bookmark with name "Bypass_survey" and add url link as the javascript. 3)Now   goto  page that contains the  Survey  and Press that Bookmark. 4)OOhhhh Fre_______.... :o the Survey is Bypassed. Thank you dare to comment
21 comments
Read more

Email Bombing Attack

Bombing an email account In this tutorial I'll show you how to bomb an email account using php. It's not a difficult thing to do. You don't even need any programming skills. Although I will say that to accomplish anything substantial, you need to have a knowledge of coding. For anyone interested in becoming a real hacker, I would suggest the  enigma group  website. On this website you go through a series of  missions , aimed at developing your logical thinking and programming skills. If you come up against a mission you can't pass, it only means you're not at that learning curve yet. Plus it's a legal enviroment to practice hacking skills. Although it's without doubt, that if you want to get any good, you will at some point have to break the law. Setting up your own web domain The first step we have to take is setting up your web domain. I'll be a bit cheeky here and suggest a good webhosting site to you. On the image you see below, c...
Post a Comment
Read more