≡ Menu

Hacking Gmail or Hotmail is a simple job

The attack is actually quite simple.  First job is to be able to sniff data packets and like open Wi-Fi network or any other open network. Download Ferret to copy all the cookies flying through the air.  Finally, those cookies are cloned into browser – in easy point-and-click fashion – with a home-grown tool called Hamster.This story has been elaborated by Graham here

The attack can hijack sessions in almost any cookie-based web application and Graham has tested it successfully against popular webmail programs like Google’s Gmail, Microsoft’s Hotmail and Yahoo Mail.  He stressed that since the program just uses cookies, he only needs an IP address and usernames and passwords aren’t required.

He has also included a slideshow here:Gmail hacking at Blackhat

If you want to prevent your accounts from being hacked then force https throughout a gmail session.Change your http://mail.google.com bookmark to https://mail.google.com. Or type in the full URL in your browser starting with https://, or else your browser will assume http:To ensure that your entire gmail session uses https, grab the GmailSecure greasemonkey script:

Comments on this entry are closed.

  • BoYRULEz March 20, 2008, 3:03 pm

    i dont think so…

  • flownj December 13, 2008, 3:17 pm

    Hey come on…dnt spoil the safe internet environment by referring to dangerous tools n softwares…
    After I downloaded 94kb file Ferret from ur link, n tried to install, it shows ‘wpcap.dll’ is not found in the computer. Now when trying to google this, it showed that it is a malware of Wpcap.dll is W32/Rbot-GVM, n should be removed.

  • Anonymous December 25, 2008, 4:53 am

    Please Help me on Hack the My Friend Yahoo E-Mail ID and Password I want How it possible please send me information on this mail id anand.noru@yahoo.co.in

    Thack U

  • Anonymous January 10, 2009, 2:03 pm

    Now you can go to Gmail settings and set it to use https:// always.
    Recommended for all those who access Gmail vis Wi-Fi or in other unsecured locations such as cyber-cafe

  • Anonymous January 7, 2010, 1:01 am

    wpcap.dll is part of the WinPcap packet sniffing tools, wpcap.dll puts a layer on your network adapter then collects raw packets that traverse over the network, check out http://www.cacetech.com for more information. you can come to the same result by using cain&able.

  • Tracy | Stand July 28, 2010, 9:30 am

    I like the post with such a nice material which is much informative. Thank you for the information you provided.

  • Anonymous July 31, 2010, 5:30 am

    my account is hacked. I really need it back. Is there any way?

  • Anonymous September 7, 2010, 10:12 am

    hi anyone help me for unreg. from idm 5.17 which registered with pach which is fake serial no. please help me.