There are a few ways to hack into people’s accounts. I’m going to cover man in the middle attacks.
Here is a description of a Man in the middle attack from Wikipedia:
“The man-in-the middle attack intercepts a communication between two systems. For example, in an http transaction the target is the TCP connection between client and server. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and the server, as shown in figure 1. Once the TCP connection is intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication.”
Theses kind of attacks are scary because anyone can easily get into your accounts as long as they are on the same wifi network as you (Public Hotspots such as Starbucks). This attack only works on sites that don’t use HTTPS encryption. The scary thing though is that Yahoo STILL DOESN’T use it! Facebook and Gmail do! This method works on most sites though because they don’t offer HTTPS encryption.
To carry out this attack you need an application to sniff a network for packets. The best application for this would be Wireshark. Wireshark is free, works on Windows, Mac, & Linux, and is open source! Also, you must be on the same network as the person you want to hack.
Firesheep (Optional but helps)
Note: I am using a Mac, but these instructions can be done on any computer.
1. In the following picture I am going to show you how to start sniffing the network for packets.
2. Once you’ve started the capture, you will see a bunch of packets begin displayed. We need filter the packets out. I am hacking into a yahoo account but the instructions are basically the same for any account. In the filter tab type:
http.cookie contains “yahoo”
You would replace “yahoo” with the website you are hacking into.
3. Now you need to wait until the victim access the site. Once they access it you will see green things on your screen. Select the latest one and right-click on [truncated ] Cookie, and select copy < Value
4. Now open up a word processor (Text Edit, Notepad, etc) right-click and click paste. Now there will be a bunch of random characters on your screen. For Yahoo the authentication cookies are named “Y” and “T”. Here is a sample of the cookies:
Y=v=4&h=k6ehjga7k8d4h/o&p=f766666&r=36&lg=enS&intldg=WTLd5pEjTEWqmQn6DP7jhVwL7AomjJKyQzAnAT5ywDsHUdDFYL; T=dhNUDeLUwrXt38BtFHdmdjEJ 5E4M94SfKFzpJ&7ADCP3A59ujhR- KPaqKwYFECFnYuifEn5fdQ2G5EbkntiCVeQhBy4LSzPAzM43oGB3S2pffSWDPkagLTPEFV6jU8zZXiWHjH yXgJ8FbxMZhiT4FvTBtrS6v4QjP57fUtqX5Tp4cxmUyDMLdJeNusUazAUoT57RRvDtdThRc92cobJ3Md58 Lhw9yR–
I bet your wondering how to tell the cookies apart. Well the start of a cookie will be the name with and equal sign after it. Everything after that is the contents of the cookie. Once you get to a semicolon with a space after it, the cookie is over, and a new one begins!
In the picture above I have highlighted the to necessary cookies.
5. Once you’ve got the authentication cookies, you need to open up Add n Edit Cookies in Firefox. Clear all of your cookies first and then click add a cookie
Start with either the Y cookie or the T cookie. I’m going to start with the Y. Fill in the name as Y, the content as the part after the equal sign, the path as / and the host as .yahoo.com
Almost any site you want to hack the host would be the URL with a period in front of it.
Do the same thing for the T cookie.
Now type in your address bar yahoo.com/mail
You have successfully hacked into your victims account!
TIP: Firesheep is a simplified version of this and automates it all. But it doesn’t work for very many sites anymore. But it is useful to find out the authentication cookies (So you don’t have to enter EVERY single cookie)
FOR OTHER WAYS TO HACK INTO A YAHOO ACCOUNT, VISIT THIS AWESOME SITE! The methods include phishing, and installing software on the person’s computer to grab the password for you!