Skip to main content

Gmail Cookie Stealing Part 1


What is a Cookie?

A cookie is a piece of code which is used to authenticate a user on a website, In other words when ever you login to a website such as Facebook, Gmail, Orkut etc your browser assigns you a cookie which basically tells the browser that for how long the user should be logged it, Apart of authentication purpose a cookie can be used for variety of different purposes, If you would like to know more about cookie stealing kindly google it up.

What is a Session Token?

After an authentication is completed , A webserver hands the browser a session token which is used because a webserver needs a way to recognize between different connections, If a hacker could capture your session token then it's a cakewalk for the hacker to hack into your gmail, facebook or any other account.

What is a Session Hijacking Attack?

A session hijacking attack is basically an act of capturing session token and injecting it into your own browser to gain acess to victims account.


What is a Cookie Stealer?
 
A cookie stealer is basically a script used to steal victims authentication cookies, Now for a cookie stealing process to work the website or the webpage should be vulnerable to an XSS attack, This is the most common and widely known misconception among newbies.

How the stealing process work?

1. The attacker creates a PHP script and uploades it to a webhosting site.

2. The attacker then asks the victim to visit that particular link containing the PHP code.

3. Once the victim visits it his/her authentication cookie is saved in a .txt file.

4. Next the attacker uses a cookieinjector or a cookie editor, There are lots of firefox addons, google chrome extensions to do the work for you.
5. The attacker replaces his own cookies with the victims cookies as a result of which the victims session is hijacking

Why it does not work on a website which is not vulnerable to XSS?
It's due to the browser's same origin policy, and according to it the browsers don't allow the javascripts to acess the cookies.

Well I will teach you all cookie stealing in my next topic.

Gmail Cookie Stealing Part 2


NOTE:- IT WILL NOT  WORK  ON CONNECTION HTTPS RATHER THEN HTTP.

Thanks.
Labels:

Comments

Post a Comment

Popular posts from this blog

How To Bypass Surveys By using JavaScript

Every day we  need  to complete the  surveys , to get the needed file.These surveys are very irritative and very rare of them gets ended without giving needed the link, or asks for money,Email,Phone. By  seeing  this i am posting the simple method  method  to bypass these annoying surveys without wasting time and money. 1) First copy the given  java code from this site  http://pastebin.com/MJKzU5zR 2) then Make a Bookmark with name "Bypass_survey" and add url link as the javascript. 3)Now   goto  page that contains the  Survey  and Press that Bookmark. 4)OOhhhh Fre_______.... :o the Survey is Bypassed. Thank you dare to comment
21 comments
Read more

Trick your webpage with different method

Trick your webpage A simple text file edit makes sites redirect to another. When you type address in address bar in any browser and enter it then it will display another web page, for example:- when you type Google.com you will be redirected to yahoo.com Instructions to do: 1) Go to this directory [c:\windows\system32\drivers\etc], directory may change according to drive used for os installation 2) then hit enter 3) find a file named "hosts" 4) Right click on it and open with word pad. 5) In the last link of the document type the IP* address of yahoo space www.Google.com (Vice versa for other sites) 6) now save it 7) restart the browser if its already running 8) Now try it, It works perfect IP*: to find IP address of that website Goto start ->Run > type cmd > enter. Now you have a new window on desktop. On that type this without cotes "ping www. yahoo.com" replace yahoo.com with your preferred site and then enter it   ...
Post a Comment
Read more

Hack Gmail Password By Phishing Method

Know about  phishing 1. First of all download the Gmail Phisher. Download 2. Extract the rar file now you will get three files as given below:       gmail.html       log.txt       mail.php 3. Upload all the Three files to any of the free Web hosting server. By sining up www.yourfreehosting.net www.esmartstart.com www.110mb.com www.drivehq.com www.t35.com 4.  Once  you have uploaded all the three files to web hosting server now you have to send these to your victim. This is the most important step regarding smart phishing technique. The best hack is Send him mail from  Gmail  Admin such that "We have seen illegal activity from your account and you need to verify your account and your account is  temporarily  disabled after this login. To unlock your account Verify your Email and in that link...
16 comments
Read more