]
09-16-2012, 03:29 AM
YAHOO SESSION HIJACKING
1.What is Session hijacking?
Ans. Session Hijacking is Stealing the existing active Session. The main purpose of Session Hijacking is to bypass authentication process and gain unauthorized access to the computer or Website. In simple words , hackers will login as some other client using their Sessions.
2.So What we Want to do it In this.
In this method, the attacker use packet sniffing to and steal the Session cookie. In order to prevent this, some websites use SSL(encrypts the session). but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client.
3. What we want?
Some files with php scripts.
Some javascript.
Hosting + domain
4.So Let’s Start
Hosting + Domain
• Create a Hosting + domain (First try it on free hosting)
• So go to
• Sign in with your account
• Create a subdomain (if you want) eg. session.yoursite.com
• Go to file manager
• Upload some files which is these.
o Hacked.php (this file used to view sessions which is hijacked)
o J.js (that is used to javascript which run at time when session is created)
o S.css (that is style file)
o Yahoo.php (this file is used to redirect to original page of yahoo)
• After all this our work is done.
Here is work for victim.
o With your mind use some tricks like stupidity of human that is called social engineering.
o So Send the java script which is this
In yourdomain.com/yahoo.php replace this with yourdomain name eg.
This javascript runs on yahoomail.com tab.
• Once this javascript runs on victim’s browser your session is created in hacked.php file.
• To show the session go to
• Give password hacked.php“anonymous”
Downlaod php FILES
RAR FILE PASSWORD: anonymous_g33k
1.What is Session hijacking?
Ans. Session Hijacking is Stealing the existing active Session. The main purpose of Session Hijacking is to bypass authentication process and gain unauthorized access to the computer or Website. In simple words , hackers will login as some other client using their Sessions.
2.So What we Want to do it In this.
In this method, the attacker use packet sniffing to and steal the Session cookie. In order to prevent this, some websites use SSL(encrypts the session). but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client.
3. What we want?
Some files with php scripts.
Some javascript.
Hosting + domain
4.So Let’s Start
Hosting + Domain
• Create a Hosting + domain (First try it on free hosting)
• So go to
[To see links please register here]
• Sign up With free Order• Sign in with your account
• Create a subdomain (if you want) eg. session.yoursite.com
• Go to file manager
• Upload some files which is these.
o Hacked.php (this file used to view sessions which is hijacked)
o J.js (that is used to javascript which run at time when session is created)
o S.css (that is style file)
o Yahoo.php (this file is used to redirect to original page of yahoo)
• After all this our work is done.
Here is work for victim.
o With your mind use some tricks like stupidity of human that is called social engineering.
o So Send the java script which is this
Hidden Content
In yourdomain.com/yahoo.php replace this with yourdomain name eg.
[To see links please register here]
This javascript runs on yahoomail.com tab.
• Once this javascript runs on victim’s browser your session is created in hacked.php file.
• To show the session go to
[To see links please register here]
• Give password hacked.php“anonymous”
Downlaod php FILES
[To see links please register here]
RAR FILE PASSWORD: anonymous_g33k