G m a i l
usually stores its s e s s i o n a u t h e n t i c a t i o n information in cookie named “GX”.This cookie is used by Gmail to verify and authenticate the user. Thus, the user will be
given access to Gmail account depending on the cookie he has. So, if you have access to victim account's cookie and if you inject this cookie in your browser, Gmail will give you the access to victim account. Thus, you will be able to hack Gmail account.
Note: Our main goal here is to capture Gmail GX cookie and insert it into own system.
We can only capture cookie when someone is login on his gmail, because cookies destroy
with sign out.
Let's do it practically
(try in on your own system)
1 . To steal Cookie Install Cookie Editor (https://addons.mozilla.org/en-us/firefox/addon/add-n-edit- cookies-13793/)
Firefox add-on on victim computer.
Note: This cookie editor works with Firefox 1.0 - 3.6.
2. Now, go to Tools >> Cookie Editor and search for
cookie named GX and copy its content.
3. Now go to your own system install cookie editor
Firefox add-on, login from your own gmail and
using 2nd Step above search for cookie GX and click
edit button.
4. Now in cookie editor window, replace the
content of your GX cookie with the stolen cookie
content.
5. Now login
with gmail, you
will get access of
victim account.
Note: If victim is using secure connection, then gmail saves cookie in
encrypted from, in this case if u steal cookie, even then also it won't
work.
taken from MAGAZINE-Cipher from October 2011 issue from Page NO.17
No comments:
Post a Comment