Hacking Passwords with Web Browsers
You are here:Home » Online Security » Hacking Passwords with Web Browsers

Hacking Passwords with Web Browsers


Web browsers these days, beyond just being a internet browsing tools turned into a kind of internet application, available with daily usable as well as developer utilities.  You already might have been using the different kind of applications available with the respective browsers.

For an instance, take the most commonly used web browsers Google Chrome and Mozilla Firefox. The noticeable reason behind the rapid usage of these tools is the speed and flexibility. You may catch what I mean by the word ‘speed’. But when it comes to the word ‘flexibility’, you might struck up in dilemma figuring out the flexible features counting one by one on your finger tips. I meant ‘flexibility’ the ability to choose what we are not supposed to be doing. Let’s see what I really mean!

Login form
 
What’s it with Google Chrome & Mozilla Firefox?
Google chrome flexible developer options has become very handy for a advanced user. The chances of learning are being dominated by the chances of hacking with these utilities.

In Google Chrome you can just right click on any web page and click on ‘Inspect element’ to open up the developer options.
Google chrome developer options
Image courtesy : html5rocks.com

The same feature exist in Firefox too. You can just right click > Inspect element(Q).

Hacking passwords with Google Chrome
Hacking passwords with Google Chrome has become that easy as you sip a glass of water. As I said before, that can be done with developer options. Here is the way to do it.
  1. Open your Google Chrome Browser.
  2. Open Google.com and click on Gmail.
  3. Fill the username, password fields and do not click on sign in.
  4. Now open the developer options. The HTML version of the web page will be shown along with the user side customization facility.
  5. Press CTRF+F,  type 'password’(without quotes) and hit ‘Enter’.
  6. The instances of the word ‘password’ will be shown. Find the following line,
    <input type="password" name="Passwd" id="Passwd">
  7. Double-click on type=”password” property to change it. Then change the input type=”password” to “text”.  After changing, the line would look like this,
    <input type=”text” name=”Passwd” id=”Passwd”>
  8. Hit enter after you make sure the input type is changed to text. Now you can notice your password being visible in the form of text in login form of your web page.
    Chrome showing password
Observe the highlighted areas in the above screenshot. You should be getting the result alike.

Hacking passwords with Mozilla Firefox
Hacking passwords with Firefox is as same as Google Chrome expect a couple of  initial steps.
  1. Open your Mozilla Firefox.
  2. Open Google.com and click on Gmail.
  3. Fill the username, password fields and do not click on sign in.
  4. Now open the developer options. The HTML version of the web page will be shown along with the user side customization facility.
  5. Unlike in Google Chrome, we can’t find the word ‘password’ though the search option is available. To find the input type property, we have to do a little search operation in the code.
  6. Find the <body> tag & find <div class="sign-in">. Expand the ‘sign-in’ code and find <div class="signin-box">.   Expand the ‘signin-box’ code & find <div class="passwd-div"> . 
  7. Now expand ‘passwd-div’ code and find
    <input name="Passwd" id="Passwd" type="password">
  8. The whole expanded code will look like this,
   1:  div class="sign-in"> 
   2:  <div class="signin-box"> 
   3:    <h2>Sign in <strong></strong></h2> 
   4:    <form novalidate="" id="gaia_loginform" action="https://accounts.google.com/ServiceLoginAuth" method="post"> 
   5:    <input name="continue" id="continue" value="https://mail.google.com/mail/?tab=wm" type="hidden"> 
   6:    <input name="service" id="service" value="mail" type="hidden"> 
   7:    <input name="rm" id="rm" value="false" type="hidden"> 
   8:    <input name="dsh" id="dsh" value="-8634534108420102824" type="hidden"> 
   9:    <input name="ltmpl" id="ltmpl" value="default" type="hidden"> 
  10:    <input name="scc" id="scc" value="1" type="hidden"> 
  11:    <input name="GALX" value="QtH6HH2duAo" type="hidden"> 
  12:    <input id="pstMsg" name="pstMsg" value="1" type="hidden"> 
  13:    <input id="dnConn" name="dnConn" value="" type="hidden"> 
  14:    <input id="checkConnection" name="checkConnection" value="youtube:1145:1" type="hidden"> 
  15:    <input id="checkedDomains" name="checkedDomains" value="youtube" type="hidden"> 
  16:  <input name="timeStmp" id="timeStmp" value="" type="hidden"> 
  17:  <input name="secTok" id="secTok" value="" type="hidden"> 
  18:  <input id="_utf8" name="_utf8" value="☃" type="hidden"> 
  19:    <input name="bgresponse" id="bgresponse" value="js_disabled" type="hidden"> 
  20:  <div class="email-div"> 
  21:    <label for="Email"><strong class="email-label">Username</strong></label> 
  22:    <input spellcheck="false" name="Email" id="Email" value="" type="email"> 
  23:  </div> 
  24:  <div class="passwd-div"> 
  25:    <label for="Passwd"><strong class="passwd-label">Password</strong></label> 
  26:    <input name="Passwd" id="Passwd" type="password"> 
  27:  </div> 
  28:    <input class="g-button g-button-submit" name="signIn" id="signIn" value="Sign in" type="submit"> 
  29:    <label class="remember" onclick=""> 
  30:    <input name="PersistentCookie" id="PersistentCookie" value="yes" checked="checked" type="checkbox"> 
  31:    <strong class="remember-label"> 
  32:    Stay signed in 
  33:    </strong> 
  34:    </label> 
  35:    <input name="rmShown" value="1" type="hidden"> 
  36:    </form> 
  37:    <ul> 
  38:    <li> 
  39:    <a id="link-forgot-passwd" href="https://accounts.google.com/RecoverAccount?service=mail&amp;continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Ftab%3Dwm" target="_top"> 
  40:    Can't access your account? 
  41:    </a> 
  42:    </li> 
  43:    </ul> 
  44:  </div> 
  45:    </div> 


Double-click on type=”password” property to change it. Then change the input type=”password” to “text”  like as we did in Google Chrome.

Developer options can be available in other major browsers in the market. the procedure would be similar for them too.

Safety Measures
  • Never let your browser save passwords  if you are not a advanced user of the system.
    Shouldn’t I save on my PC too?
  • If you are pretty sure about PC’s internet security maintenance, let your browser save passwords. else don’t.
  • Keep clearing the cookies time to time even they are shown safe by the Internet security software and firewalls.
  • Never forgot to erase all browser data & cache before you leave the computer from a internet cafĂ©.
  • Do not let adware also be installed along with the other major software you install on your computer.
  • Never let  unauthorized parties access the path
    C:\Users\<your username>\AppData\Local\Google\Chrome\User Data (in Chrome) &
  • C:\Users\<Windows login/user name>\AppData\Roaming\Mozilla\Firefox\Profiles\<profile folder>.

  • Better disable cookies on your browser. Read Google instructions to disable cookies in browser.
Note: The demonstrations shown in this article is for educating purpose only. We do not recommend any kind of unethical hacking.



0 comments:

Post a Comment

We're happy to read your thoughts and we'd try our level best to clear your queries if asked. Let's discuss it in a better way. Please don't spam and spoil the conversation :) Thank you!!