How to hack a web password from a friend

You can get anybody’s internet account password, if you have Mozilla Firefox browser with an add-on named HTTPFox installed.

HTTPFox sits in between the network and FF browser and captures all the traffic in between. You can view the Requests and Responses going in between. When you enter an information into a form on a web page like a login page and click the submit button you are sending the information either as a GET or as a POST request to the web server. Example of a GET request is what you enter in a Google Search box. When you click search you can see that the results page will have a URL like :- QUERY (it may have some more creepy stuff like your browser info or your language preference but the basic structure is this) You can see that the part you entered is visible along with the URL.

POST requests are different in that you can’t see the data as part of the URL. An example would be any login information you enter on a website.

Follow these steps : (Checkout this Screenshot for detailed instructions)

1. Install HTTPFox extension for FireFox.

2. Restart Firefox, now you will see a small green and blue icon on the lower right side of the status bar.

3. Click on the icon to expand HTTPFox pane and go to any login page.

4. Click Start to start the capture. Enter the login information (username, password) and click Submit (or hit enter)

5. You will seethe data transfer in a categorised and formatted way here. Look at the 5th column named Method. Most of it will be GET. Click on it to bring the POST ones on top. Select a post transfer by clicking on it and then Click POST Data tab on the lower pane of HTTPFox. Here select Raw radio button. check for the sername somewhere in the string shown. Near to the username will be the password. Before each variable (password username etc) you can see an = symbol)

6. This is the password you need. To make this a stealth operation 😉 , after Start minimise the HTTPFox window. And whe nobody is arround open the window stop the transfer and look for the password.

As you get familiar with this it will be a lot easier to findout the password from the RAW data. For any webpage use all caps testusername and teastpassword approach shown in the screenshot to locate the password field.

If you have any questions or doubts contact me or leave a comment.

How to save copy righted Images from Flickr

Some images in Flickr are protected so that nobody would save them to their computer. This is done by overlaying the image with a transparent spaceball.gif image. You can see this in action in the following image.

Saving Flickr Image gives you the transparent spaceball.gif file.

Here when the save Image As option is taken you can save only spaceball.gif which is a simple 1×1 transparent image. So how do you save such images. One method that will come to your mind immediately will be saving it from cache. Yeah that works, but there is a method which is a lot  easier. You can use this in Firefox.

Right Click and Select Page Info

When you right click on any page opened in Firefox you can see an option Page Info. (Note that a similar option is viewable under the DOM Inspector) Click on that, Goto the Media tab. This can also be accessed through Tools » Page Info You can see that here there is a list of all Images, Music and Shock wave objects used on the page Just click on the image name you want to save and select Save As. Thats it.

All media in a page under the Page Info » Media tab

One you get familiar with images in Flickr you can see a similarity in all the main images addresses used in Flickr ages. Just check the image. You can easily spot tis one after some trial. Also any object can be saved fby using this method.

You might also be interested in knowing how to disable right clciks using simple HTML tags. If this method is used you can select Page Info from Tools menu on the top.

At the IITs for a Week

I was at IIT Madras (Chennai) for a week from October 1st to participate in the annual technical Festival , Shaastra, there. We planned to compete in one of the robotics events named Emergency Exit. So that was why there were hardly any posts the last week.

Although we went there with the primary aim to participate in the robotics event, we didn’t actually complete the robot and so didn’t compete. But there were hundreds of more interesting events. It was a lot fun to go and just walk theough the IIT.

If you get a chance to visit IITs especially during Saarang or Shaastra do not ever miss it.