Tips to Find Unauthorized Activity on Your Email Account

Do you suspect that your email account is under attack? Do you want to maintain total security of your email account and make it 100% hack proof? Well, Some times our email account might have got hacked and we may not be aware of that. We may believe that our email account is safe, but in reality our private and confidential information may be falling into the hands of a third person.

Here are some signs of unauthorized activity on an email account.

1. Your new emails are marked as Read even if you’ve not read them.

2. Your emails are moved to Trash or even permanently deleted without your notice.

3. Your emails are being forwarded to a third party email address (check your settings->forwarding).

4. Your secondary email address is changed.

If you come across any of the above activities on your email account, then it is a clear indication that your email account is hacked.

Additional Security Features in Gmail to ensure the Safety of your Account

Gmail provides an additional security feature to protect your email account through the means of IP address logging. That is, Gmail records your IP address every time you login to your Gmail account. So, if a third party gets access to your account then even his/her IP is also recorded. To see a list of recorded IP address, scroll down to the bottom of your Gmail account and you’ll see something like this.

You can see from the above figure that Gmail shows the IP address of last login (last account activity). You can click on Details to see the IP address of your last 5 activities. If you find that the IP listed in the logs doesn’t belong to you, then you can suspect unauthorized activity.

Steps to be carried out to stop unauthorized activity on your email account

If you feel/suspect that your account is hacked then you must immediately take the actions mentioned below

1. Change your Password

2. Change your security question.

2. Remove any third party email address (if any) to which your account is set to forward emails.

3. Make sure that you can access the email account of your secondary email address.

4. Also change you secondary email password and security question.

This ensures that your account is safe from future attacks. But I strongly recommend that you read the following post to protect youremail account from being hacked.

How to Protect Your Email Account from being Hacked

Tips to Improve Email Privacy

Many websites ask for your email address when you shop online, download a free software etc. But do you know that this has a chance of affecting your email privacy through Spam emails?

Though most websites don’t use spamming as an email marketing strategy, there are a few that use junk emails that don’t care about anti-Spam laws. Here are some tips to maintain your email privacy from such threats.
Before submitting your email address you need to check the reputation of the company. Reputed websites would normally follow the right email practices to ensure your email privacy. Such companies will never want to loose their hard earned reputation by getting blammed for spamming.

See whether the websites provides email privacy statements. You need to go through these statement in detail, and know about the kind of emails that will be sent to you, how often etc. Based on this you can decide on whether you need such emails. You don’t want to give your email address to some fraud company that is thinking about handing over your email address to hundreds of other websites.

Finally, check whether the website really respects your privacy. Often you will find some text like “I agree to receive email” that comes with a check box. You can agree to receive emails by checking the check box. If the check box is already checked, it is just a good indication that the website doesn’t respect your privacy. So watch out!

Common Email Hacking Methods

Gone are the days when email hacking was a sophisticated art. Today any body can access hacking tips through the Internet and start hacking your yahoo or hotmail account. All that is needed is doing a search on google with keywords like “how to hack yahoo”, “hack yahoo messenger”, “hotmail hack program” etc. The following article is not an effort to teach youemail hacking, but it has more to do with raising awareness on some common email hacking methods.

Hackers can install keylogger programs in the victim’s computer. This program can spy on what the user types from the keyboard. If you think that you can just uninstall such programs, you are wrong as they are completely hidden. After installation, the hacker will use a password and hot keys to enable the keylogger. He can then use the hot keys and password to access your key entry details.

A keylogger program is widely available on the internet.some of them are listed below

Win-Spy Monitor

Realtime Spy

SpyAgent Stealth

Spy Anywhere

For more information on keyloggers and it’s usage refer my post Hacking an email account.

Even if direct access to your computer is not possible, hackers can still install a key logger from a remote place and access your computer using Remote Administration Tools (RATs).

Another way of getting your password is the use of fake login pages that look exactly like the real one. So, beware of the webpages you visit. Also if you find your computer behaving oddly, there is a chance that some spy program is running. On such occasions it is better to try and remove the malware or reformat the entire hard disk.A detailed Email Hacking tutorial is discussed in the post Hacking an email account.

DISCLAIMER: This Tutorial Is ONLY For Learning Purposes. AnyOne Who Will Use It In A Negative Sense Is Himself Responsible For Any Trouble.

How to Hack an Email Account

How to Hack an Email Account

The most frequent question asked by many people especially in a chat room is How to Hack an Email Account? So you as the reader are most likely reading this because you want to hack into some one’s email account. Most of the sites on the internet teach you some nonsense and outdated tricks to hack an email. But here are some of the real and working ways that can be used to hack anemail account.

THINGS YOU SHOULD KNOW BEFORE PROCEEDING

Before you learn the real ways to hack an email, the following are the things you should be aware of.

1. There is no ready made software that can hack emails just with a click of a button. Please don’t waste your money on such scamsoftwares.

2. Never trust any hacking services that claims to hack email passwords just for $100 or $200. Often people get fooled by these services and eventually loose their money with no gain.

3. With my experience of over 6 years in the field of Hacking and Security, I can tell you that there exists only 2 foolproof methods to hack an email. All the other methods are simply scam or don’t work. The following are the only 2 foolproof methods that work.

1. EASIEST WAY TO HACK AN EMAIL ACCOUNT

Today, with the advent of a program called Keylogger it’s just a cakewalk to hack an email account. It doesn’t matter whether or not you have physical access to the victim’s computer. Using a keylogger is the easiest way to hack an email account. Any one with a basic knowledge of computer can use the keylogger and within few hours you can hack any email account.

1. What is a keylogger?

A keylogger, sometimes called a keystroke logger, key logger, or system monitor, is a small program that monitors each keystroke a user types on a specificcomputer’s keyboard. Using a keylogger is the easiest way to hack an email account . A keylogger program can be installed just in a few seconds and once installed you are only a step away from getting the victim’s password.

2. Where is the keylogger program available?

A keylogger program is widely available on the internet. Some of the best ones are listed below

SniperSpy

Win-Spy

3. How to install it?

You can install these keyloggers just as any other program but these things you must keep in mind. While installing, it asks you to set a secret password and a hot key combination. This is because, after installation the keylogger program is completely hidden and the victim can no way identify it. So, you need the Hot Key combination and secret password to later unhide the keylogger.

4. Once installed how to get password from it?

The hacker can open the keylogger program by just pressing the hot keys (which is set during installation) and enter the password. Now it shows the logs containing every keystroke of the user,where it was pressed, at what time, including screenshots of the activities. These logs contain the password of the victim’semail account.

5. I don’t have physical access to the victim’s target computer, what can I do?

It doesn’t matter whether or not you have physical access to the victim’s computer. Because keyloggers like SniperSpy and Win-Spy offers Remote Installation Feature. With this feature it is possible to remotely install the keylogger on the victim’s PC.

You can attach the keylogger with any file such as image, MS excel file or other programs and send it to the victim via email. When the victim runs the file, it will automatically get installed without his knowledge and start recording every activity on hiscomputer. These activities are sent to you by the keylogger software via email or FTP.

6. What if the target user (victim) refuses to run the attached file?

Sometimes the victim may refuse to run the attachment that you send via email because of suspicion. To solve this problem plz refer the following link

WAIT FOR MY NEXT POST "A FOOLPROOF METHOD TO INSTALL A SPY SOFTWARE."

7. How can a keylogger hack the Email password?

Hacking an email password using keylogger is as simple as this: You install the keylogger on a Remote PC (or on your local PC). The victim is unaware of the presence of the keylogger on hiscomputer. As usual, he logs into his Email account by typing the username and password. This username and password is recorded and sent to you via Email. Now you have the password of your targetemail account.

In case if you install the keylogger on your local PC, you can obtain the recorded email password just by unhiding the keylogger program (use your hot key and password to unhide).

8. Which Keylogger is the best?

Both the keyloggers mentioned above are the best for email hacking. However I recommend SniperSpy as the best for the following reasons.

1. Sniper Spy is more reliable than Win-Spy since the logs sent will be received and hosted by SniperSpy servers. You need not rely on youremail account to receive the logs.

2. Unlike Winspy, Sniperspy doesn’t require anything to be installed on your computer. To monitor the remote PC all you have to do is just login to your SniperSpy account from your browser.

3. SniperSpy is more easy to use and faster than Winspy.

4. SniperSpy offers better support than WinSpy.

5. SniperSpy has got recognition from media such as CNN, BBC, CBS, Digit etc. Hence it is more reputed and trustworthy.

Apart from the above mentioned reasons, both Sniper and Winspy stands head-to-head. However in my opinion it’s better to go for Sinper since it is the best one. I have tested tons of keyloggers and the only two that stood up were SniperSpy and Winspy.

So what are you waiting for? If you’re serious to hack an email account then go grab either of the two keyloggers now!

For more information on these two softwares visit the following links

1. SniperSpy 2. WinSpy

2. OTHER WAYS TO HACK AN EMAIL ACCOUNT

The other most commonly used trick to sniff password is using Fake Login Pages. Today, Fake login pages are the most widely used techniques to hack anemail account. A Fake Login page is a page that appears exactly as a Login page but once we enter our password there, we end up loosing it.

Fake login pages are created by many hackers on their sites which appear exactly as Gmail or Yahoo login pages but the entered details(username & pw) are redirected to remote server and we get redirected to some other page. Many times we ignore this but finally we loose our valuable data.

However creating a fake login page and taking it online to successfully hack an email account is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP, JSP etc.

I hope this info has helped you. Happy Email Hacking!

DISCLAIMER: This Tutorial Is ONLY For Learning Purposes. AnyOne Who Will Use It In A Negative Sense Is Himself Responsible For Any Trouble.

Hacking Dangerous Google Searching For Secrets(Don't Miss It)

This book will help you learn:
* how to use Google to find sources of personal information and other confidential data
* how to find information about vulnerable systems and Web services
* how to locate publicly available network devices using Google And much more!

What You Should Know...
� how to use a Web browser, Google query operators
� basic rules of operation of the HTTP protocol

DOWNLOAD:

http://rapidshare.com/files/221798604/Dangerous_Google___Searching_For_Secrets.rar

PASSWORD:

Password : iso-cube.com

How to Protect an Email Account from being hacked

Today in this post I’ll teach you how to protect your email account from being hacked. Nowadays I get a lot of emails where most of the people say “My Email account is hacked please help…”. Now one question which arises in our mind is:”Is it so easy to hack an email account? OR Is it so difficult to protect an email account from being hacked?”. The single answer to these two questions is “Absolutely NOT!”. It is neither easy to hack an email nor difficult to protect anemail account from being hacked.

If this is the case, then what is the reason for many people to loose their accounts?
The answer is very simple. They don’t know how to protect themselves from being hacked! In fact most of the people who loose their emailaccounts are not the victims of hacking but the victims of Trapping. They loose their passwords not because they are hacked by some expert hackers but they are fooled to such an extent that they themselves give away their password.

Are you confused? If so continue reading and you’ll come to know…

Now I’ll mention some of the most commonly used online scams which fool people and make them loose their passwords. I’ll also mention how toprotect your email account from these scams.

1. WEBSITE SPOOFING

Website spoofing is the act of creating a website, with the intention of misleading the readers. The website will be created by a different person or organisation (Other than the original)especially for the purposes of cheating. Normally, the website will adopt the design of the target website and sometimes has a similar URL.

For example a Spoofed Website of Yahoo.com appears exactly same as Yahoo Website. So most of the people believe that it is the original site and loose their passwords. The main intention of spoofed websites is to fool users and take away their passwords. For this,the spoofed sites offer fake login pages. These fake login pages resemble the original login pages of sites like Yahoo,Gmail,Orkut etc. Since it resemble’s the original login page people beleive that it is true and give away their username and passwords by trying to login to their accounts.

Solution:

• Never try to login/access your email account from the sites other than the original site.
• Always type the URL of the site in the address bar to get into the site.Never click on the hyperlink to enter the site.

2. BY USING KEYLOGGERS

The other commonly used method to steal password is by using a Keylogger. A Keylogger is nothing but a spyware. The detailed description of keylogger and it’s usage is discussed in the postHacking an email account . If you read this post you’ll come to know that it is too easy to steal the password using a keylogger program. If you just access youremail account from a computer installed with keylogger, you definitely loose your password. This is because the keylogger records each and every keystroke that you type.

Solution:

Protecting yourselves from a keylogger scam is very easy.Just install a good anti-spyware program and update it regularly. This keeps your PC secure from a keylogger. Also there is a program called Anti-keylogger which is specially designed to detect and remove keyloggers. You can use this program to detect some stealth keyloggers which remain undetected by many anti-spyware programs.

3. ACCESSING YOUR EMAIL ACCOUNT FROM CYBER CAFES

Do you access your email from cyber cafes? Then definitely you are under the risk of loosing your password.In fact many people loose theiremail account in cyber cafes . For the owner of the cyber cafe it’s just a cakewalk to steal your password. For this he just need’s to install a keylogger on his computers. So when you login to youremail account from this PC, you give away your password to the cafe owner. Also there are many Remote Administration Tools (RATs) which can be used to monitor your browsing activities in real time.

This doesn’t mean that you should never use cyber cafes for browsing the internet. I know, not all the cyber cafe owners will be so wicked but it is recommended not to use cafes for accessing confidential information. If it comes to the matter of security never trust anyone, not even your friend. I always use my own PC to login to myaccounts to ensure safety.

So with this I conclude my post and assume that I have helped my readers to protect their email accounts from being hacked. Please pass your comments…

How to Bypass Antivirus and send Keylogger to Hack Emails and Remote PC using FUD Crypter

In my Previous Post " Where The Saved Passwords Stored in Windows Xp" .Today I am going to tell you all that how to bind keylogger by using FUD encrypter to make it undetectable by any Antivirus. In my previous article I haven't provided the Download Link of the FUD Encrypter But in this I have Provided the Link along with details that how to use it.... So read on ...

FUD Crypter software - Bypass antivirus:

This Crypter is UD (Undetectable) and not FUD (Fully Undetectable) free software, because it is detected by Avira antivirus and even Kaspersky antivirus as virus. Hence, it is 2/22 UD ie only 2 antiviruses out of 22 detected this as virus. Thus, if your victim is using any antivirus other than Avira and Kaspersky, then chill out guys.. here's the solution for your problem.

Download UD Crypter software:

As I have explained previously, Crypter is used to bypass antivirus detection on victim computer. So, we use Crypter software to encrypt our Keylogger and trojan. Due to encryption by Crypter software, whenever victim runs our sent keylogger or trojan on his computer, his antivirus does not detect our keylogger as virus and our keylogger is prevented from being deleted on victim computer.


1. Download UD Crypter software here.
DOWNLOAD: http://www.mediafire.com/?my5izqy0gkm


2. extract the Zip file to obtain FUD Crypter free software.

3. Run Krypter.exe application on your computer system to see something like this:

4. Now, browse to the file (keylogger or any trojan) you wanna crypt to bypass antivirus detection and hit on "Encrypt".

5. A new file will be created in same directory. Now, scan this file with your antivirus and it will not detect any virus (except Avira and Kaspersky).

Note: You may get certain error on your computer like this:

If you are getting this error, install Library file package to fix this error.


SO that's the overall Tutorial Hope that You Will like It. That's from my site Now Comment and ask your Questions If you Have .. Or having Any Problem In using the Software.


DON'T FORGET TO REPLY YOUR


VALUABLE COMMENTS !

AND MUCH MORE:

Tips And Tricks - Free Wallpapers - Free Ebooks - Free Themes - Rapidshare Premium Accounts - Free Music - Movies - Iphone Applications -Iphone Hacks Jailbreaking -Free Full Softwares - Hacking - Mobile Softwares - Blogging Tips -Orkut Hacks-Magazines-Playboy -Free Premium Accounts

How To Trace an Email Address And Original Sender?

Hello Guys Nowadays spamming is the Most common .. Out of the 5 emails you receive 2 are spams... And Out of 5 spam Mails 1 contains Virus or Botnet.. Its hard to believe but its truth... So Today I am Going to share with you HOW TO TRACE THE EMAIL ADDRESS AND ORIGINAL SENDER?? .. So guys Read On..




TRACING AN EMAIL ADDRESS


The purpose of this guide is to show the process involved in tracing an email. The first step required to tracing an email is finding out the headers of the email. What are headers? Email headers are lines added at the top of an email message that are used by servers as the email goes on route to get delivered. Generally email clients only show the standard To, From, and Subject headers, but there are more.

1) Enabling Email Headers

Enabling Email Headers For Gmail
Step 1:Once Logged into your Gmail Account open the Email whose headers you want to view. Click on the “More Options” link in the message next to the date of the email.

Step 2: Now click the “Show Original” link.

Step 3: This link will popup a new window the headers and the body of the message.

Enabling Email Headers For Hotmail

Step 1:Once logged in, click on the "Options" link in the upper navigation bar.

Step 2: Now click on the "Mail Display Settings" link.

Step 3: Change the "Message Headers" option to "Full" and click ok.

Step 4: Go to your inbox and open any one of your email. You emails show now contain additional headers.

Enabling Email Headers For Yahoo

Step 1:Once logged in, click on the "Options" link in the upper navigation bar.

Step 2: Now click on the "General Preferences" link.

Step 3: In the paragraph titled Messages and locate the "Headers" heading and select "All".

Step 4: Go to your inbox and open any one of your email. You emails show now contain additional headers.

2) Understanding Email Headers

In this example the “Sender” located at sender@exampleuniversity.edu want to send an email to “Receiver” located at receiver@exampleisp.com. The sender composes his email at his workstation in the university’s computer lab (lab.exampleuniversity.edu). Once completed the email message is passed to the university’s mail server called mail.exampleuniversity.com. The mail server seeing that it has a message for receiver@exampleisp.com, contacts someisp.com mail server and delivers the email to it. The email is stored on someisp.com server until Receiver logs on to check his/her inbox.

In this example, four headers will be added to the email message. This first header is generated by email client on lab.exampleuniversity.edu when forwarding it to the mail server at mail.exampleuniversity.edu.

The following header is added when mail.exampleuniversity.edu transmits the message to mail.exampleisp.com.

The following header is added when mail.exampleisp.com stores the message on the server for Reciever.

The following header is added when Reciever downloads the email from home machine called reciever.local.

3) Tracking The Orginal Sender

The easiest way for finding the original sender is by looking for the X-Originating-IP header, this header is important since it tells you the IP Address of the computer that had sent the email. If you can not find the X-Originating-IP header then you will have to sift through the Received headers to find the sender's ip.

Once the email sender's ip is found go to http://www.arin.net/ to begin a search.

Now click on the "NET-24-16-0-0-1" link.

Scroll down the page untill you find the OrgAbuseEmail field.

Remember to include all the headers of the email along with an attached copy when filling a complaint.

I am Not the Original Writer of this Post. I have take It from Security Forums...But I thought It would be Useful So I am Sharing It with youGuys...
IF you have Any Queries Ask Me!

Hacking Gmail using the GX cookie Loophole and Its Solution

Hey Guys as a Ethical hacker I am always curious to Find the New Loopholes in Existing websites ,softwares and other things... Today over the Internet I found a Very Dangerous Loophole in the Gmail (Best Mailing Services In the World) and I am Going to Share that With You Guys. I have Tried this from my college Network so there Will be Some Assumptions and Tools Needed for that... So Read On...


NOTE: THIS TUTORIAL IS FOR EDUCATIONAL PURPOSES ONLY ! HEY GOOGLE STAFF IF YOU FINAL THIS AS INAPPROPRIATE CONTENT. PLEASE INFORM ME TO REMOVE THIS THANKS!


SOME ASSUMPTIONS:

• You are in Local Area Network (LAN) in a switched / wireless environment : example : office , cyber café, Mall etc.
  
• You know basic networking.

Tool used for this attack:

• Cain & Abel or Any Ethernet Capturing Tool
  
• Network Miner
  
• Firefox web browser with Cookie Editor add-ons (anEC Cookie Editor)

(ALL THE TOOLS MENTIONED HERE ARE AVAILABLE FOR FREE DOWNLOADS YOU JUST HAVE TO GOOGLE THEM)

Attack in detail:
We assume you are connected to LAN/Wireless network. Our main goal is to capture Gmail GX cookie from the network. We can only capture cookie when someone is actually using his gmail. I’ve noticed normally in free Classes in College when people normally check their emails. If you are in cyber café or in Mall then there are more chances of catching people using Gmail.

We will go step by step, If you are using Wireless network then you can skip this Step A.

A.) Using Cain to do ARP poisoning and routing:

Switch allows unicast traffic mainly to pass through its ports. When X and Y are communicating eachother in switch network then Z will not come to know what X & Y are communicating, so inorder to sniff that communication you would have to poison ARP table of switch for X & Y. In Wireless you don’t have to do poisoning because Wireless Access points act like HUB which forwards any communication to all its ports (recipients).

• Start Cain from Start > Program > Cain > Cain
  
• Click on Start/Stop Snigger tool icon from the tool bar, we will first scan the network to see what all IPs are used in the network and this list will also help us to launch an attack on the victim.
  
• Then click on Sniffer Tab then Host Tab below. Right click within that spreadsheet and click on Scan Mac Addresses, from the Target section select

All hosts in my subnet and then press Ok. This will list all host connected in your network. You will notice you won’t see your Physical IP of your machine in that list. How to check your physical IP ?

• Click on start > Run type cmd and press enter,
  
• In the command prompt type Ipconfig and enter. This should show your IP address assign to your PC.

It will have following outputs:

• Ethernet adapter Local Area Connection:
  
• Connection-specific DNS Suffix . : xyz.com

IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

Main thing to know here is your IP address and your Default Gateway.
FOR AMU Its : 10.10.50.1

FOR BSNL Its : 192.168.1.1

Make a note of your IP Address & default gateway. From Cain you will see list of IP addresses, here you have to choose any free IP address which is not used anywhere. We assume IP 192.168.1.10 is not used anywhere in the network.

• Click on Configure > APR > Use Spoof ed IP and MAC Address > IP

Type in 192.168.1.10 and from the poisoning section click on “Use ARP request Packets” and click on OK.

• Within the Sniffer Tab , below click on APR Tab, from the left hand side click on APR and now click on the right hand top spreadsheet then click on plus sign tool from top. The moment you click that it will show you list of IP address on left hand side. Here we will target the victim IP address and the default gateway.

The purpose is to do ARP poisoning between victim and the default gateway and route the victim traffic via your machine. From the left side click on Victim IP address, we assume victim is using 192.168.1.15. The moment you click on victim IP you will see remaining list on the right hand side here you have to select default gateway IP address i.e. 192.168.1.1 then click on OK.

• Finally, Click on Start/Stop Sniffer tool menu once again and next click on Start/Stop APR. This will start poisoning victim and default gateway.

B.) Using Network Miner to capture cookie in plain text

We are using Network miner to capture cookie, but Network miner can be used for manythings from capturing text , image, HTTP parameters, files. Network Miner is normally used in Passive reconnaissance to collect IP, domain and OS finger print of the connected device to your machine. If you don’t have Networkminer you can use any other sniffer available like Wireshark, Iris network scanner, NetWitness etc.

We are using This tool because of its ease to use.

• Open Network Miner by clicking its exe (pls note it requires .Net framework to work).
  
• From the “---Select network adaptor in the list---“ click on down arrow and select your adaptor If you are using Ethernet wired network then your adaptor would have Ethernet name and IP address of your machine and if you are using wireless then adaptor name would contain wireless and your IP address. Select the one which you are using and click on start.

Important thing before you start this make sure you are not browsing any websites, or using any Instant Mesaging and you have cleared all cookies from firefox.

• Click on Credential Tab above. This tab will capture all HTTP cookies , pay a close look on “Host” column you should see somewhere mail.google.com. If you could locate mail.google.com entry then in the same entry right click at Username column and click on “copy username” then open notepad and paste the copiedcontent there.
  
• Remove word wrap from notepad and search for GX in the line. Cookie which you have captured will contain many cookies from gmail each would be separated by semicolon ( GX cookie will start with GX= and will end with semicolon you would have to copy everything between = and semicolon

Example : GX= axcvb1mzdwkfefv ; ßcopy only axcvb1mzdwkfefv

Now we have captured GX cookie its time now to use this cookie and replay the attack and log in to victim email id, for this we will use firefox and cookie editor add-ons.


C.) Using Firefox & cookie Editor to replay attack.

• Open Firefox and log in your gmail email account.
  
• From firefox click on Tools > cookie Editor.
  
• In the filter box type .google.com and Press Filter and from below list search for cookiename GX. If you locate GX then double click on that GX cookie and then fromcontent box delete everything and paste your captured GX cookie from stepB.4 and click on save and then close.
  
• From the Address bar of Firefox type mail.google.com and press enter, this should replay victim GX cookie to Gmail server and you would get logged in to victim Gmail email account.
  
• Sorry! You can’t change password with cookie attack.(LIMITATION OF ATTACK)

SOLUTION: HOW TO PROTECT URSELF FROM THIS HACK

Google has provided a way out for this attack where you can use secure cookie instead of unsecure cookie. You can enable secure cookie option to always use https from Gmail settings.
Settings > Browser connection > Always use https .