Site Network: About

Steps to view one's Gmail Inbox

  1. ARP poisoning
  2. Sniff the network
  3. Get the valid cookie
  4. Replay the cookie
  5. You are in victims Gmail session
1. ARP poisoning: ARP poisoning is necessary to make the network traffic between Victim machine and Gateway to pass through your system. The ARP poisoning can be done either through Manual or Automated approach. Automated ARP poisoning can performed with tools like Ettercap, cain and abel (available only for windows) etc.

Steps to do ARP poisioning with Cain and Abel

1.a) Scan for MAC address in the network:


1.b) Choose your Victim through IP address:


1.c) Start ARP poisioining: One can see the traffic of victim's machine


2. Sniff the network: Sniffing is necessary to get the valid cookie. My favorite tool for sniffing is Wireshark (earlier called as Ethereal) which is a packet capturing tool.

2.a) Start Wireshark and capturing the traffic and the Cookie can be easily find out using "http.cookie" filter. As shown in screenshot one can see the mail traffic from the corresponding system.


3. Get the valid cookie: Gmail uses "GX" as a cookie value to authenticate. After capturing the traffic through Wireshark filter out GX cookie value.

3.a) Right click on the "GET" request and click on "Follow TCP stream" to get GX cookie.


Copy the GX value alone without semicolon to use it to replay.

4. Replay the cookie: Create a new cookie in your browser with same GX value (Replay).

4.a) For constructing the cookie, the firefox plugin "Add N Edit Cookies" is required. The plugin will look like this.


4.b) Click add to create a new cookie and place the corresponding values as follows and save it:
  • Name: GX
  • Content: GX (paste here the copied GX value)
  • Host: .mail.google.com
  • Path: /mail



5. You are in victims Gmail session: Successful replay of GX should take you to the victim's Gmail Session.

After saving the cookie, type mail.google.com/mail in address bar of the browser and press enter the you should be able to view the victim's Inbox.

The procedure can be found in the form of video blow as well as at http://www.youtube.com/watch?v=vjDLxmsET6g:




Enojy !!!!!!!!!!!!!!!!!!!!

Happy Replay.........

Thanx for viewing it and let me know the comments or clarifications if any.

0 Comments:

Post a Comment