Friday, March 11, 2011

How to hack a Gmail account:





Lets start with the hack. Gmail usually stores the session authentication information in cookie named "GX". This cookie is used by Gmail to verify and authenticate the user. Thus, the user will be given access to Gmail account depending on the cookie he has. So, if you have access to victim account's cookie and if you inject this cookie in your browser, Gmail will give you the access to victim account. Thus, you will be able to hack Gmail account.


Steps to hack Gmail account:


There are two ways of stealing cookies of victim:
1. Physical access to victim computer
2. Victim computer in same network (LAN) as the hacker.

A hacker can use Wireshark or HTTP Debugger Pro to sniff and steal cookies when victim is in hacker's network. I am gonna cover the first method here and will post on Wireshark in my coming articles. So, now, we will assume that hacker has physical access to victim computer. Lets start.

1. Once you have access to victim computer, install Cookie Editor firefox addon on victim computer.

2. Now, go to Tools -> Cookie Editor to see something like:



3. Enter ".google.com" (without quotes) in text box and hit on "Filter/Refresh".

4. Now, look for cookie with name "GX". Select that cookie and hit on "Edit".

5. You will get this popup box showing all information about that cookie. Now, simply copy all the text in box adjacent to "Content". That's it guys, we have successfully obtained victim cookie and now, need to inject this cookie in our browser.

6. Now, go to your browser and install Cookie Editor addon. If you have logged in to your Gmail account, logout of your Gmail account. Go to Tools -> Cookie Editor. Enter ".google.com" in text box and hit on "Filter/Refresh". Now, search for a cookie named "GX". Select this cookie and hit on Edit. In textbox next to Content, enter the victim cookie obtained in Step 5.


Select "Any type of Connection". Hit on Save.

7. Now, go to gmail.com and you will find yourself logged in to victim's Gmail account. Thus, you are able to hack a Gmail account using Cookie stealing.

Note: If you want to try this Cookie stealing hack on your own computer, use two different browsers like Firefox and Flock. Consider that Flock is victim's browser and Firefox is hacker's browser and simply copy-paste the cookie in Flock to Firefox. You will get the results. Refer to above steps for more help.

So friends, I hope now you are now able to
Enjoy Cookie stealing to hack Gmail account...

1 comment:

  1. Certified Ethical Hacker CEH training is held at TechBharat Consulting using official EC-Council curriculum. CEH certification certifies you as Ethical Hacker and Penetration Tester. CEH training is held on Version 7.
    ethical hacking and security

    ReplyDelete