Sunday, 13 January 2013


Helo Freinds,Today i am going to share another method for hacking Gmail or any other webmail account using GX Cookie.So guys read on..........
Note: This post is for educational purpose Only.

Hacking web application was always curious for the script kiddies. And hacking free web email account is every geek first attempt. The method which I will describe in this post is not new; the same method can be applied to yahoo and other free web email services too.
The method we will be using is cookie stealing and replaying the same back to the Gmail server. There are many ways you can steal cookie, one of them is XSS (Cross site scripting) discussed by other is earlier post. But we won’t be using any XSS here, in our part of attack we will use some local tool to steal cookie and use that cookie to get an access to Gmail account.

  • You are in Local Area Network (LAN) in a switched / wireless environment : example : office , cyber café, Mall etc.
  • You know basic networking.
Tool used for this attack:
  • Cain & Abel
  • Network Miner
  • Firefox web browser with Cookie Editor add-ons
Attack in detail:

We assume you are connected to LAN/Wireless network. Our main goal is to capture Gmail GX cookie from the network. We can only capture cookie when someone is actually using his gmail. I’ve noticed normally in lunch time in office, or during shift start people normally check their emails. If you are in cyber café or in Mall then there are more chances of catching people using Gmail.
We will go step by step,
If you are using Wireless network then you can skip this Step A.
A] Using Cain to do ARP poisoning and routing:
Switch allows unicast traffic mainly to pass through its ports. When X and Y are communicating eachother in switch network then Z will not come to know what X & Y are communicating, so inorder to sniff that communication you would have to poison ARP table of switch for X & Y. In Wireless you don’t have to do poisoning because Wireless Access points act like HUB which forwards any communication to all its ports (recipients).
  • Start Cain from Start > Program > Cain > Cain
  • Click on Start/Stop Sniffer tool icon from the tool bar, we will first scan the netw


Post a Comment