How to Hack Email Account with Cookie stealing [For Newbies]

Discussion in 'Ethical hacking Tips' started by Alex1239, Mar 13, 2011.

  1. Alex1239

    Alex1239 New Member

    Joined:
    Jan 5, 2009
    Messages:
    25
    Likes Received:
    20
    Trophy Points:
    0
    Occupation:
    Student
    Home Page:
    http://techotips.com
    Today I am writing about a new topic on Techotoys - Cookie Stealing. I observed that cookie stealing is neglected by some fellow hackers (even I was one of them). But, recently, I discovered that cookie stealing can be pretty handy to hack anEmail account. In the following article, I have covered basics of how to hack an Email account using Cookie Stealing.

    How to hack Email account:

    If you are a newbie and don't know about cookie, then for your information, Cookie is a piece of text stored on user computer by websites visited by the user. This stored cookie is used by webserver to identify and authenticate the user. So, if you steal this cookie (which is stored in victim browser) and inject this stealed cookie in your browser, you can imitate victim identity to webserver and enter hisEmail account easily. This is called Session Hijacking. Thus, you can easily hack Email account using such Cookie stealing hacks.

    Tools needed for Cookie stealing attack:

    Cookie stealing attack requires two types of tools:
    1. Cookie capturing tool
    2. Cookie injecting/editing tool
    1. Cookie capturing tool:

    Suppose, you are running your computer on a LAN. The victim too runs on same LAN. Then, you can use Cookie capturing tool to sniff all the packets to and from victim computer. Some of the packets contain cookie information. These packets can be decoded using Cookie capturing tool and you can easily obtain cookie information necessary to hackEmail account. Wireshark and HTTP Debugger Pro softwares can be used to capture cookies.

    Update: Check out my Wireshark tutorial for more information on cookie capturing tool.

    2. Cookie injecting/editing tool:

    Now, once you have successfully captured your victim cookies, you have inject those cookies in your browser. This job is done using Cookie injecting tool. Also, in certain cases after injection, you need to edit cookies which can be done by Cookie editing tool. This cookie injection/editing can be done using simple Firefox addons Add N Edit Cookies and Greasemonkey scripts. I will write more on these two tools in my future articles.

    Drawbacks of Cookie Stealing:

    Cookie Stealing is neglected because it has some serious drawbacks:

    1. Cookie has an expiry time i.e. after certain trigger cookie expires and you cannot use it to hijack victim session. Cookie expiry is implemented in two ways:
      • By assigning specific timestamp(helpful for us).
      • By checking for triggers like user exiting from webbrowser. So, in such cases, whenever user exits from his browser, his cookie expires and our captured cookie becomes useless.
    2. Cookie stealing becomes useless in SSL encrypted environment i.e. for https (Secure HTTP) links. But, most Email accounts and social networking sites rarely use https unless vicitm has manually set https as mandatory connection type.
    3. Also, most cookies expire once victim hits on LogOut button. So, you have to implement this Cookie stealing hack while user is logged in. But, I think this is not such a serious drawback because most of us have the habit of checking "Remember Me". So, very few people actually log out of their accounts on their PCs.
    So friends, this was a short tutorial on basics of how to hack Email account using Cookie Stealing. As I have stated, Cookie stealing has some disadvantages. But, I think Cookie stealing is a handy way to hack an Email account. In my next articles, I will post detailed tutorial to hack Facebook and Gmail accounts using Cookie stealing. If you have any problem in this tutorial on how to hack Email account using Cookie stealing, please mention it in comments.

    Enjoy Cookie stealing trick to hack Email account...

    Credit: Rajesh Chaukwale from How to hack a Gmail account.
     
    shabbir, dharamvirsr and nikhil389 like this.
  2. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    You missed the link to Wireshark tutorial
     
  3. Gabrielde

    Gabrielde New Member

    Joined:
    Feb 27, 2011
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    0
    Occupation:
    Network Administrator
    Location:
    Munich
    where is the tutorial?
     
    Scripting likes this.
  4. Prodigy

    Prodigy New Member

    Joined:
    Mar 26, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    0
    Great tutorial, helped me out alot
     
  5. antyduncan

    antyduncan New Member

    Joined:
    Apr 12, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Home Page:
    http://www.handbags.vc
    Great article.Thank you for sharing! 2945abc45 0412
    ___________________________
     
  6. rplogue

    rplogue New Member

    Joined:
    Apr 18, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Im using this soon Thanks
    And I am a newbie understood it!
     
  7. seangtz

    seangtz New Member

    Joined:
    Jun 6, 2008
    Messages:
    126
    Likes Received:
    3
    Trophy Points:
    0
    Hey, nice information....it would be helpful if you share some more information about tutorial.
     
  8. cmtr

    cmtr New Member

    Joined:
    May 3, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Thank you nice information
     
  9. elektro

    elektro New Member

    Joined:
    Aug 27, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
  10. chipkizi

    chipkizi New Member

    Joined:
    Oct 3, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    ictt student
    Location:
    kenya
    thanks ,BUT COULD YOU EXPLAIN FURTHER PLIZ
     
  11. Scallar

    Scallar New Member

    Joined:
    Nov 15, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    0
    The post is really informative hope it will be useful for me.
     
  12. Scallar

    Scallar New Member

    Joined:
    Nov 15, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    0
  13. haadkiciye

    haadkiciye New Member

    Joined:
    Dec 11, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    hello, someone hacked my email account.. can i get back soon ....please help me i want to hack back my email again
     
  14. U Kaung Kaung

    U Kaung Kaung New Member

    Joined:
    Dec 12, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Thank

    I want to download tools please guidance me
     
  15. Trimegisto

    Trimegisto Member

    Joined:
    Mar 15, 2011
    Messages:
    34
    Likes Received:
    1
    Trophy Points:
    8
    Home Page:
    http://networksandservers.blogspot.com/
    You can get Wireshark for free from their website.
     
  16. shikha yadav

    shikha yadav New Member

    Joined:
    Dec 18, 2011
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    0
    how to hack a facebook id? i want to contact any proffesional hacker...plz can u help me...i m new to this i dnt know anything about it.....i need a help
     
  17. Alex.Gabriel

    Alex.Gabriel New Member

    Joined:
    Oct 23, 2011
    Messages:
    86
    Likes Received:
    7
    Trophy Points:
    0
    Occupation:
    Linux system administrator
    Location:
    Italy
    Home Page:
    http://blog.evilcoder.net
  18. wizzy martin

    wizzy martin New Member

    Joined:
    Dec 30, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    gr8!!!!!!!!!!!
     
  19. affuston

    affuston New Member

    Joined:
    Jan 15, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    hi Alex,

    thanks for the good information if the victim is in other country and not on LAN then.....what shud we use to capture the cookies......
     
  20. Scripting

    Scripting John Hoder

    Joined:
    Jun 29, 2010
    Messages:
    421
    Likes Received:
    57
    Trophy Points:
    0
    Occupation:
    School for life
    Location:
    /root
    Yeah, my words :P where is the tut, huh?
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice