Point n’ Click Gmail hacking With Wi-Fi (via) TG Daily and Blackhat

3 08 2007

For everyone out there that keeps commenting on “How To Hack Gmail, Hotmail, Yahoo, etc etc”  (MOM), here’s a great article on hacking into a gmail account WITHOUT using fake login screens or any of that pesky hard work.  TG Daily has this great article, “Point and click Gmail hacking at Black Hat” that gives you a peek into the latest and greatest way to get into someone else’s email account.

Here’s an excerpt:

[…] The attack is actually quite simple. First Graham needs to be able to sniff data packets and in our case the open Wi-Fi network at the convention fulfilled that requirement. He then ran Ferret to copy all the cookies flying through the air. Finally, Graham cloned those cookies into his browser – in easy point-and-click fashion – with a home-grown tool called Hamster.

[…] But if that wasn’t scary enough, Graham told us that he can even log in the next day or possibly several days later into the Gmail account.  “I can just copy the data to a file and replay it later.  I’ve been able to log into Gmail accounts one day later,” said Graham.

Since the attack relies on sniffing traffic, using SSL or some type of encryption (like a VPN tunnel) would stop Graham in his tracks.  However, many people browsing at public wireless hotspots don’t use such protections.

“You’re an idiot if you use T-Mobile hotspot,” said Graham.

I personally love the last comment there from Graham… just sayin.

In my mind I see this type of hack working on any web based email client that uses cookies to auto-login.  Also, you can probably just use FireFox’s “Add-n-Edit” cookies, instead of Grahams app called Hamster.  As for Wi-Fi sniffing, if you don’t know how to do this or what apps to do it with, just use Google to search it out, or visit Remote Exploit and grab a copy of BackTrack2.

One last note, read the friggin article. CLICK THE SOURCE – PLZ kthx.

There, let’s hug it out bitches!!!


Actions

Information

2 responses

3 08 2007
University Update - Yahoo - Point n’ Click Gmail hacking With Wi-Fi (via) TG Daily and Blackhat

[…] Contact the Webmaster Link to Article yahoo Point n’ Click Gmail hacking With Wi-Fi (via) TG Daily and Blackhat » […]

2 02 2008

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: