Thursday, May 10, 2012

GMAIL Cookies Stealing



G m a i l

usually stores its s e s s i o n a u t h e n t i c a t i o n information in cookie named “GX”.
This cookie is used by Gmail to verify and authenticate the user. Thus, the user will be
given access to Gmail account depending on the cookie he has. So, if you have access to victim account's cookie and if you inject this cookie in your browser, Gmail will give you the access to victim account. Thus, you will be able to hack Gmail account.
Note: Our main goal here is to capture Gmail GX cookie and insert it into own system.
We can only capture cookie when someone is login on his gmail, because cookies destroy
with sign out.

Let's do it practically
(try in on your own system)
1  . To steal Cookie Install Cookie Editor (https://addons.mozilla.org/en-us/firefox/addon/add-n-edit-            cookies-13793/)
     Firefox add-on on victim computer.
    Note: This cookie editor works with Firefox 1.0 - 3.6.
2.  Now, go to Tools >> Cookie Editor and search for
     cookie named GX and copy its content.
3.  Now go to your own system install cookie editor
     Firefox add-on, login from your own gmail and
     using 2nd Step above search for cookie GX and click
     edit button.
4.  Now in cookie editor window, replace the
     content of your GX cookie with the stolen cookie
     content.
5.  Now login
     with gmail, you
     will get access of
     victim account.
     Note: If victim is using secure connection, then gmail saves cookie in
     encrypted from, in this case if u steal cookie, even then also it won't
     work.

taken from MAGAZINE-Cipher from October 2011 issue from Page NO.17

No comments: