Gmail Cookie Stealing And Session Hijacking Part 1
Well I have posted lots of articles on Phishing and keylogging, but today I would like to throw some light on a very useful method which hackers use to hack gmail, facebook and other email accounts i.e. Stealing. One of the reasons why I am writing this article as there are lots of newbies having lots of misconceptions related to cookie stealing and session hijacking, So I hope this tutorial cover all those misconception and if not all most of them.
What is a Cookie?
A cookie is a piece of code which is used to authenticate a user on a website, In other words when ever you login to a website such as Facebook, Gmail, Orkut etc your browser assigns you a cookie which basically tells the browser that for how long the user should be logged it, Apart of authentication purpose a cookie can be used for variety of different purposes, If you would like to know more about cookie stealing kindly google it up.
What is a Session Token?
After an authentication is completed , A webserver hands the browser a session token which is used because a webserver needs a way to recognize between different connections, If a hacker could capture your session token then it's a cakewalk for the hacker to hack into your gmail, facebook or any other account.
What is a Session Hijacking Attack?
A session hijacking attack is basically an act of capturing session token and injecting it into your own browser to gain acess to victims account.
What is a Cookie Stealer?
A cookie stealer is basically a script used to steal victims authentication cookies, Now for a cookie stealing process to work the website or the webpage should be vulnerable to an XSS attack, This is the most common and widely known misconception among newbies.
How the stealing process work?
1. The attacker creates a PHP script and uploades it to a webhosting site.
2. The attacker then asks the victim to visit that particular link containing the PHP code.
3. Once the victim visits it his/her authentication cookie is saved in a .txt file.
4. Next the attacker uses a cookieinjector or a cookie editor, There are lots of firefox addons, google chrome extensions to do the work for you. Personally I use Cookie manager v1.5.1 as it's quite user friendly.
You can also use the webdeveloper toolbar to do the work for you.
5. The attacker replaces his own cookies with the victims cookies as a result of which the victims session is hijacking
Why it does not work on a website which is not vulnerable to XSS?
It's due to the browser's same origin policy, and according to it the browsers don't allow the javascripts to acess the cookies.
Gmail GX Cookie
By now I believe that I might have cleared lots of misconceptions related to cookie stealing, but all of those information is only good for you if you try to do it practically, So let's get to the main topic.
In gmail the cookie which authenticates users is called a GX cookie, Now as we cannot use a cookie stealer as by now we don't know any XSS vulnerability in gmail, So if you are on a LAN you can use wireshark or any other packet sniffer to steal gmail Unsecured GX cookie and use it to gain acess.
Will this hack always work?
Well this trick won't work on all Gmail accounts and as Gmail now offers End to End https:// encryption, Which encrypts the session token so even if we could get our hands on the GX cookie it's useless, but if a user has turned off the End to End https:// encryption in gmail it can work for sure.
I hope you have liked the post uptill now, I will cover the method to steal gmail gx cookies and using it to hack gmail accounts in the next post, So stay tuned !.
Update:Part2 has been published, You can read it here
Update:Part2 has been published, You can read it here
K cool I'm the !st
ReplyDeleteCan you remember me Mr.Rafay ...
http://hack-erz.blogspot.com
Gmail automatically add ssl.so it is hard to to hack.but good for normal website without ssl.
ReplyDeleteRoshanhackstudy.blogspot.com
thanks for the info rafay
ReplyDelete@Muhammad Gazzaly
ReplyDeleteYeah :).
@Roshan
True.
hi there, can i say help? my email was hacked, which is hotmail, and the hotmail staff is so slow to get me back to my account, can u please hack my account back for me?tq
ReplyDeleteThnks.......
ReplyDeleteNice tutorial .. wish der would have been any way v can bypass https encryption .. newayz nice information ..thnx
ReplyDeleteregardz,
www.haxandracks.co.cc
Dear Rafay, I need your guidance with regard to gmail. The exe file i sent to someone started sending me reports at set intervals but then gmail blocked the send email option of my account nd the reports are no more coming. The gmail is giving a msg that the behaviour is like spam. Dear, I'm using Ardamax keylogger latest version. The FTP oprion is little complicated for me to receive reports from exe file. Is there a way that gmail should not block mail being sent from the exe file. Moreover, would u suggest any alternate method of keylogging or any better software. Looking forward for your reply. Will be grateful of u could send ur reply to my inbox. thx.
ReplyDeleteSomebody have stolen my password last night. Now I am facing problem to log in on MSN.The unknown person has hacked my id and password and using my id and password and email to my customers on behalf me. He also changed my all secret's questions/answers. Please help me. (reliance_9@hotmail.com)is hacked. Kindly reply me on my another e-mail address reliance@super.net.pk. Your prompt reply shall be highly appreciated. Regards Muhammed Yaseen
ReplyDeleteRELIANCE TRADERS, GB-14, TECHNOCITY, OPP. UNI PLAZA, OFF. I.I. CHUNDRIGAR ROAD, KARACHI. PAKISTAN. PHONE NUMBER 009221-32215244 CELL NUMBER:0092321-8234400
hey after reading a lot about cookies from ur site i made a result.
ReplyDeleteAs opera mini or opera mobile is widely used in MObiles (Evn i Use it) and if we log via it to like Facebook Account and i Exit d Broswer. the next time i log in It Does not ask for password or username it opens directly home page. And When i go to setting and remove cookies it again ask for password n oll . In Dis Case I Want to Know how do i get these Cookies AS den i could eaily hack ...
can u tell us how to create a script
ReplyDeletei use cain able and change the DNS and make my computer tobe a server of facebook with xampp software with localhost change do www.facebook.com.
ReplyDeletethe localhost is fake login facebook.
if you ping to facebook.com from windows, the IP address show is my computer IP address.
change localhost to www.facebook.com from
C:\windows\system32\driver\etc
and edit hosts and change the ip address to your IP addres and change localhost to www.facebook.com
I hack 700+ account in a week.
@Anonymous 12
ReplyDeleteNo doubt,Combining DNS poisoning attack with Cache Poisoning Attack with Phishing attack could get you superb results.
Rafay Baloch: how to hack blogspot account. i want to take down one link blogspot because some one has reveal all my friend identty to public.
ReplyDeletehello sir...i have read all ur articles....can u plz help me...til now i have deactivated my 5 fb accounts coz someone is continously hacking my accounts...i came to know dis coz he is removing my wall posts...although i have taken all protection measures...https alerts...strong pass..antikeyloggers...can u plz help me how to make my account safe dat no one can hack it....
ReplyDeleteHello Sir, I badly need help. I know my wife is committing infidelity, she have a facebook account that I don't know. She is maybe using a yahoomail ir a hotmail account for this facebook account. The thing is we are half a world apart. All I can think of is hacking her email. On her yahoomail I have only guessed correctly the answer to Q&A number 1. but on number 2 Q&A I can't really find the answer. I emailed yahoo support twice but did not get any response. PLease Help me.. It would be much appreciated.
ReplyDeleteHello Sir, I badly need help. I know my wife is committing infidelity, she have a facebook account that I don't know. She is maybe using a yahoomail ir a hotmail account for this facebook account. The thing is we are half a world apart. All I can think of is hacking her email. On her yahoomail I have only guessed correctly the answer to Q&A number 1. but on number 2 Q&A I can't really find the answer. I emailed yahoo support twice but did not get any response. PLease Help me.. It would be much appreciated.
ReplyDeleteHello Sir, I badly need help. I know my wife is committing infidelity, she have a facebook account that I don't know. She is maybe using a yahoomail ir a hotmail account for this facebook account. The thing is we are half a world apart. All I can think of is hacking her email. On her yahoomail I have only guessed correctly the answer to Q&A number 1. but on number 2 Q&A I can't really find the answer. I emailed yahoo support twice but did not get any response. PLease Help me.. It would be much appreciated.
ReplyDeleteHello Sir, I badly need help. I know my wife is committing infidelity, she have a facebook account that I don't know. She is maybe using a yahoomail ir a hotmail account for this facebook account. The thing is we are half a world apart. All I can think of is hacking her email. On her yahoomail I have only guessed correctly the answer to Q&A number 1. but on number 2 Q&A I can't really find the answer. I emailed yahoo support twice but did not get any response. PLease Help me.. It would be much appreciated.
ReplyDeleteHello Sir, I badly need help. I know my wife is committing infidelity, she have a facebook account that I don't know. She is maybe using a yahoomail ir a hotmail account for this facebook account. The thing is we are half a world apart. All I can think of is hacking her email. On her yahoomail I have only guessed correctly the answer to Q&A number 1. but on number 2 Q&A I can't really find the answer. I emailed yahoo support twice but did not get any response. PLease Help me.. It would be much appreciated.
ReplyDeleteit possibly to pass the https cookies encryption? just wanna to know. if can,how to do it..
ReplyDeletebahen chod
ReplyDeleteis there a process for "cookie stealing" for the facebook user who only uses the facebook app on their iphone?
ReplyDeletethanks
Will this work with iPods?
ReplyDeletehelllo...please say the cookie session name for gmail.....and for gmail actually its gx ...but its not working
ReplyDeletehaii..how to hack someone facebook accout for free?
ReplyDelete