Gmail Cookie Stealing And Session Hijacking Part 3

So friends, This is the third part of my Gmail Session Hijacking and Cookie Stealing series on RHA, In the first part I introduced you to the basics and fundamentals of a Session Hijacking attack, In the second part I introduced you to the variety of methods used to capture session cookies. In this part I will tell you how to carry out a session hijacking attack once you have the session cookies.

Cookie Injection With A Firefox WebBrowser

Now there are variety of plugins used to inject cookies in your browser, depending on which browser you are using, I would recommend you the use of firefox browser as it supports vast number of cookie injection plugins.

Web Developer Toolbar

Webdeveloper toolbar is an addon for the firefox browser it makes the process of injecting cookies extremely easy. All you have to do is to install the webdeveloper toolbar, Click on the cookies drop down menu and click on the cookie you want to edit.

Once you have clicked on the edit cookie option, You will be brought to the following screen:

Next replace your cookie value with the victims cookie value.

Wireshark Cookie Injector

Now if you have captured cookies using wireshark, then instead of using Webdeveloper toolbar, you can use Cookie injector to inject session cookies directly in to your browser. All you need to do is to press Alt+C after installing the cookie injector and then just paste the wireshark cookie dump and press ok. After you have done so, Just refresh your browser and you will be in victims account.

Note: In order to install Cookie injector script you would need to first install Greasmonkey plugin for firefox

Cookie Manager V1.5.1

CookieManger is one of my most preferred choice for performing a Session hijacking hijacking, Since it's very user friendly and extremely easy to use. You can view CookieManager's usage guide here.

Cookie Injection With Google Chrome

If you are too lazy to use firefox for cookie injection, then luckily there are few extensions on google chrome used to inject cookies into your browser and take control of the victims account. One of my favorite cookie injecting extensions is Cookie editor by Philip, It sports a very unfriendly interface.

Drawbacks of Session Hijacking Attack:

With so many advantages of a session hijacking attack there are some drawbacks that you also need to know.

1. First of all cookie stealing becomes useless if victim is using a https:// protocol for browsing and end to end encryption is enabled.

2. Most of the cookies expire once the victims clicks on the logout button and hence the attacker also logs out of the account.

3. Lots of websites do not sport parallel logins which also makes cookie stealing useless.

Protection Against A Session Hijacking Attack

The best way to protect yourself against a session hijacking attack is to use https:// connection each and every time you login to your Facebook, Gmail, Hotmail or any other email account. As your cookies would be encrypted so even if an attacker manages to capture your session cookies he won't be able to do any thing with your cookies.

So freinds, I hope you have enjoyed the Gmail Session hijacking and cookie stealing series, Depending on readers response I might make a tutorial on Facebook Session hijacking too. If you have any questions feel free to ask.

Gmail Cookie Stealing And Session Hijacking Part 2

In my previous post Gmail Cookie Stealing And Session Hijacking Part 1, I discussed all the basics and fundamentals in order to understand a Session Hijacking attack, If you have not read the part 1, Kindly read the part 1 first in order to get good grasp of the topic.

Well after a tremendous feedback and response of readers on Session hijacking, I thought to extend this topic and write more on it, In this tutorial I will explain you some methods to capture Gmail Gx cookies.

Gmail GX Cookie

In gmail the cookie which authenticates users is called a GX cookie, Now as we cannot use a cookie stealer since by now we don't know any XSS vulnerability in gmail.

Tools You will be required


1.Cain And Abel
2.Network Minner
3.Wireshark

How To Capture Cookies?

Now there are couple of ways you can use to capture unsecured Gmail cookie which depend on the type of network you are on.

Packet Sniffing


 If you are on a Hub based network you can use packet sniffing in order to capture local traffic. You may use any packet sniffer you want to capture cookies, but I would recommend you to either use wireshark or Network Miner because they are quite userfriendly.

Wireshark

Wireshark is my recommended choice if you are on a hub based network and are looking forward to capture an unsecured Gmail Gx Cookie. Here is how you can capture a gmail GX cookie via Wireshark.

Step 1 - First of all download wireshark from the official website and install it.

Step 2 - Next open up wireshark click on analyze and then click on interfaces.

Step 3 - Next choose the appropriate interface and click on start.

Step 4 - The wireshark will now start to capture the traffic, In the mean time log in to your gmail account but make sure that you have selected "Don't use https://" in Gmail account Settings.

Step 5  - Next set the filter to on the top left to http.cookie contains "Gx", What this filter will do is that it will filter out all the traffic for the gmail authentication cookies named as GX.

Step 6 - Once you have found the suitable line of Gmail GX cookie right click on it and click on Copy and then select Bytes (Printable Text Only)

Step 7 - Now you have successfully captured Gmail GX unsecured cookie.

Network Miner

You can also use network miner to capture, it's more easier and userfreindly than wireshark.

Note: You would need a Winpcap before capturing traffic from either Network Miner or Wireshark.

ARP Spoofing Or Man In The Middle Attack:

Now if you are on a switched based lan network, packet sniffing will probably not work for you as the traffic meant for the particular system will only reach it, So packetsniffing becomes useless in Switch based networks.

1. Cain And Abel.

Cain and Abel should be your only choice if you are on windows operating system, You can easily place your self between the victims computer and the gateway and capture all the traffic going through it and hence successfully launching a man in the middle attack, afterwards you can filter out cookie information from the captured traffic. Here is a screenshot of captured traffic from Cain and abel.

2.EtterCap

Now if you are on a linux machine, You should probably use Ettercap as it's one of the best sniffers I have ever played with, With Ettercap you can easily launch a Man in the middle attack(ARP Poisoning) and capture unsecured Gmail GX cookie.

How can I prevent this kind of attack?

So friends till now you might have known the importance of using https:// connections. In order to prevent these kinds of attacks always use a https:// connection or a VPN solution while logging in to your email accounts.

So friends this concludes the part 2 of my series on cookie stealing, In part 3 we will look on variety of different methods used to inject cookies in to our browser to gain access to the account.

Update: Part 3 has been published, Read it here

You might also like:

Firesheep Makes Facebook Hacking Easy

Gmail Cookie Stealing And Session Hijacking Part 1

Well I have posted lots of articles on Phishing and keylogging, but today I would like to throw some light on a very useful method which hackers use to hack gmail, facebook and other email accounts i.e. Stealing.  One of the reasons why I am writing this article as there are lots of newbies having lots of misconceptions related to cookie stealing and session hijacking, So I hope this tutorial cover all those misconception and if not all most of them.

What is a Cookie?

A cookie is a piece of code which is used to authenticate a user on a website, In other words when ever you login to a website such as Facebook, Gmail, Orkut etc your browser assigns you a cookie which basically tells the browser that for how long the user should be logged it, Apart of authentication purpose a cookie can be used for variety of different purposes, If you would like to know more about cookie stealing kindly google it up.

What is a Session Token?

After an authentication is completed , A webserver hands the browser a session token which is used because a webserver needs a way to recognize between different connections, If a hacker could capture your session token then it's a cakewalk for the hacker to hack into your gmail, facebook or any other account.

What is a Session Hijacking Attack?

A session hijacking attack is basically an act of capturing session token and injecting it into your own browser to gain acess to victims account.

What is a Cookie Stealer?

A cookie stealer is basically a script used to steal victims authentication cookies, Now for a cookie stealing process to work the website or the webpage should be vulnerable to an XSS attack, This is the most common and widely known misconception among newbies.

How the stealing process work?

1. The attacker creates a PHP script and uploades it to a webhosting site.

2. The attacker then asks the victim to visit that particular link containing the PHP code.

3. Once the victim visits it his/her authentication cookie is saved in a .txt file.

4. Next the attacker uses a cookieinjector or a cookie editor, There are lots of firefox addons, google chrome extensions to do the work for you. Personally I use Cookie manager v1.5.1 as it's quite user friendly.

You can also use the webdeveloper toolbar to do the work for you.

5. The attacker replaces his own cookies with the victims cookies as a result of which the victims session is hijacking

Why it does not work on a website which is not vulnerable to XSS?

It's due to the browser's same origin policy, and according to it the browsers don't allow the javascripts to acess the cookies.

Gmail GX Cookie

By now I believe that I might have cleared lots of misconceptions related to cookie stealing, but all of those information is only good for you if you try to do it practically,  So let's get to the main topic.

In gmail the cookie which authenticates users is called a GX cookie, Now as we cannot use a cookie stealer as by now we don't know any XSS vulnerability in gmail, So if you are on a LAN  you can use wireshark or any other packet sniffer to steal gmail Unsecured GX cookie and use it to gain acess.

Will this hack always work?

Well this trick won't work on all Gmail accounts and as Gmail now offers End to End https:// encryption, Which encrypts the session token so even if we could get our hands on the GX cookie it's useless, but if a user has turned off the End to End https:// encryption in gmail it can work for sure.

I hope you have liked the post uptill now, I will cover the method to steal gmail gx cookies and using it to hack gmail accounts in the next post, So stay tuned !.


Update:Part2 has been published, You can read it here

How to trace a sender's information in Gmail?

Now a days email spoofing has been a very common act, there are tons of softwares which can be used for email spoofing. Alot of scammers use mail bombing along with email spoofing, As you know that this blog is for beginners so i will first explain what is mail bombing? and what is email spoofing? and then will explain you How to trace a sender in Gmail!

What is Email Spoofing?

Email spoofing is an act to sent an email from an email which does not belong to you, this is mostly used for scamming people, Hackers use it as a medium for social engineering
For Example If a user gets a phishing scam asking to update his login information, the senders email is something like xyz@hotmail.com, this would make the victim suspicious and he/she will not pay attention to this email but on the other hand if the email is from security@microsoft.com or security@facebook.com the victim would probably feel that the email is from real sender and he/she would give his login details

What is Mail bombing?

A Mail bombing is sending a mass number of emails to a specific person or system.A huge amount of mail may simply fill up the recipient's disk space on the server or, in some cases, may be too much for a server to handle and may cause the server to stop functioning

Combining Mail bombing with Email 

A few days back when I opened my Gmail ID, I noticed that i had received 5000+ emails those all emails looked that they were from different senders as each email's body was same but the email addresses keep changing.

For example: The first email will be 1234@attacker.com the others numbers before @ would change in every email.
I was receiving 100+ emails per second, A normal user would create a spam filter for one of the email 1234@attacker.com but this wont stop the attack as the email 1234@attacker.com is the spoofed email not the real email, so here is how I traced the sender's information in Gmail


Tracing a Senders information in Gmail

You must be curious to know that how I traced senders information in gmail, some of you might ask how to trace sender's information in Hotmail or Yahoo, so I will explain it in upcoming articles in my blog as these are not the part of the article

Here is the step by step method to trace a sender's information in Gmail

1.Open the Email in Gmail you want to trace 

2.Click on More Options and Click on “Show originals”

Refer to Image for More details:

3. Now a new Window will pop up like this and there see the highlighted area

 4. Check the first line “hormel.redhat.net” ip=209.132.177.30″

That’s The Ip of The sender. now to trace the sender using this ip.

5. Open this site www.network-tools.com

Enter the IP address and click on submit

Hope you have liked the article to trace a sender's information in Gmail, If you have any problem or quesion regarding any thing in the article feel free to ask me!

Hack The Hacker with Bin Text

You Might have heard about some programs such as Hotmail Hacker of Gmail Hacker. What Hackers do is just to fool the victim by telling him that these softwares are Password Hacking Softwares and asks him to Enter his Email and enter all information including his Hotmail ID and Password and Gmail account you want to Hack Email and it will show his/her Hotmail account password but thats not the case instead the victim will end in loosing his account password. Here is what a Hotmail Hacker Looks like:

Yesterday a Friend of Mine sent me this Hotmail Hacker and told me that it can Hack any account you enter but first you need to enter your account Information. He was not aware that I am well aware of these Hacking Tricks. So I used a software to extract his Gmail ID and Password which would receive my password as soon as I enter it with a program Bin Text

 Basically Bin Text is basically a text extractor software used to extract text from application or any file. Here is How you can Extract the Hackers Gmail account Password with Bin Text:

1. First of all I opened Bin Text

2. Unzip the downloaded Bin Text software in a separate folder.

3. Open Bin Text and browse for the location where you have kept the Hotmail Hacker.exe file that the hacker has sent you.Now Hit Go.

4. Bin Text will scan the whole file and display all the extracted text from Gmail Hacker.exe file.

5. Now scroll down till you find email address and password as I have shown in the screen shot above.

Hack Gmail account with Gmail Hacking tool

Previously i have posted alot of articles on Gmail hacking.Recently the number of users Gmail users have increased, therefore Gmail have been the major target of lots of hackers.People use Gmail as a primary email and therefore if hackers can gain access to their primary email accounts so therefore they can also hack other accounts associated witth your Gmail account.


A long time back Google introduced the ability to optionally encrypt any transmission to / from GMail and not just the login sequence. Previously Gmail used to encrypt the login sequence only. All other data was transmitted unencrypted over the wire making such hacking possible. Every ething that you are doing on your gmail account is transmitted unencrypted over the web.

This makes Gmail velnurable to Session hijacking, the hacker can force your browser with Gmail Hacking tool to send a cookie file.Once the hacker gets the cookies he can login into your gmail account with out your username and password.Any one with basic knowledge of computers can use this tool to hack your gmail password.


How to protect your gmail account from getting hacked?

So this question might arrive in your minds, well the answer is simple you just need to change your browser connection to https.
To change your browser connection to https kindly perform the following steps:


1.Sign in to Gmail.


2.Click Settings at the top of any Gmail page.


3.Set 'Browser Connection' to 'Always use https.'


4.Click Save Changes.


5.Reload Gmail.

That's all you need to protect your GMail account from getting hacked.

How to hack gmail account password

In this post i will show you various methods regaring "How to hack Gmail account password" OR How to hack gmail account password",With my experience of 4 years i only suggest the two possible methods methods to hack gmail account passwords


1.PHISHING
2.KEYLOGGING


How to hack gmail account password


Installation Guide:


First of all Download:Gmail fake page


1.once you have downloded Gmail fake login page now extract contents in a folder


2.Now open login script(right click and then select edit)  and find (CTRL+F) 'http://rafayhackingarticles.blogspot.com' then change it to your to is the 'http://www.google.com.pk'


3.Note:'http://www.google.com.pk' is the redirection url,When victim will enter his/her email and password he will redirected to'http://www.google.com.pk'  instead of "http://rafayhackingarticles.blogspot.com"
Now Save it .




4.Create an id in www.110mb.com,www.ripway.com or t35.com.


Note:Lots of people have complaint that they get banned from 110mb.ripway and t35.com so as an alternative you can use ooowebhost.


5.Once you have created an  account on 110mb.com ,then upload both the files in the directory


6.Now distribute http://yoursite.110mb.com/fakegmailpage.htm to your victim once victim logins through this page you will see something.txt file,download the fileto see the password inside



How it works ?
 When a user types a Username  Password in the the text box,The info is sent to "login.php" which acts as a password logger and redirects the page to "LoginFrame2.htm" which shows "There has been a temporary error Please Try Again" in it .So when the person clicks on try again it redirects to the actual URL so that the victim does not know that yoursite is a fake site and gets his gmail.com password hacked
Cheers ! you can leave your comments if you have lost your way !


Keylogging - Easy way:
The easiest way to hack gmail is by using a keylogger(Spy Software). It doesn’t matter whether or not you have physical access to the target computer. To use a keylogger it doesn’t need any technical knowledge. Anyone with a basic knowledge of computers can use keyloggers.
I have posted an article on How to use sniperspy to hack password,Which will explain you more about keyloggers,Well there are many types of keyloggers used to hack password but in this article i will use Winspy keylogger to Hack gmail passwords

First of all free download Winspy keylogger software from link given below:

Download Winspy Keylogger

2. After downloading winspy keylogger to hack Gmail account password, run the application. On running, a dialog box will be prompted. Now, create an user-id and password on first run and hit apply password. Remember this password as it is required each time you start Winspy and even while uninstalling.

3. Now, another box will come, explaining you the hot keys(Ctrl + Shift + F12) to start the Winspy keylogger software.

4. Now, on pressing hot keys, a login box will come asking userid and password. Enter them and click OK.

5. Now, Winspy’s main screen will be displayed as shown in image below:

6. Select Remote at top, then Remote install.

7. On doing this, you will get a popup box as shown in image. Now, fill in the following information in this box.

.user - type in the victim’s name

.file name - Name the file to be sent. Use the name such that victim will love to accept it.

.file icon - keep it the same

.picture - select the picture you want to apply to the keylogger.

In the textfield of “Email keylog to”, enter your email address. Hotmail accounts do not accept keylog files, so use another emailaccount id,my sugession is using a Gmail id

Thats it. This much is enough. If you want, can change other settings also.

8. After you have completed changing settings, click on “Create Remote file”. Now just add your picture to a winrar archive. Now, what you have to do is only send this keylog file to your victim. When victim will open this file, all keystrokes typed by victim will be sent to your email inbox. Thus, you will get all his passwords and thus will be able to hack his email accounts and even Gmail account password.

Hack Gmail account using keylogger

The easiest way to hack gmail is by using a keylogger(Spy Software). It doesn’t matter whether or not you have physical access to the target computer. To use a keylogger it doesn’t need any technical knowledge. Anyone with a basic knowledge of computers can use keyloggers

1. Sniper Spy (Remote Install Supported)


Editors Rating: 8/10



SniperSpy is the industry leading Remote password hacking software combined with the Remote Install and Remote Viewing feature.
Once installed on the remote PC(s) you wish, you only need to login to your own personal SniperSpy account to view activity logs of the remote PC’s!  This means that you can view logs of the remote PC’s from anywhere in the world as long as you have internet access!Do you want to Spy on a Remote PC? Expose the truth behind the lies! Unlike the rest, SniperSpy allows you to remotely spy any PC like a television! Watch what happens on the screen LIVE! The only remote PC spy software with a SECURE control panel!
This Remote PC Spy software also saves screenshots along with text logs of chats, websites, keystrokes in any language and more. Remotely view everything your child, employee or anyone does while they use your distant PC. Includes LIVE admin and control commands!SniperSpy Features:
1. SniperSpy is remotely-deployable spy software
2. Invisibility Stealth Mode Option. Works in complete stealth mode. Undetectable!
3. Logs All Keystrokes
4. Records any Password (Email, Login, Instant Messenger etc.)
5. Remote Monitor Entire IM conversations so that you can spy on IM activities too
6. Captures a full-size jpg picture of the active window however often you wish
7. Real Time Screen Viewer
8. Remotely reboot or shutdown the PC or choose to logoff the current Windows user
9. Completely Bypasses any Firewall


For more information on this program and download details visit the following link
SniperSpy