EvilZone
Hacking and Security => Hacking and Security => : @rjun December 22, 2014, 03:02:29 PM
-
So i ran sslstrip with FakeAP and now i have lot of credentials,so just for fun and to test my python skills i wrote a python script(using mechanize) that attempts to login,but after a few successes(5 or 6) google got suscpicious...and asked to verify with secondary email and mobile no. verification.....HEARTBREAK:(
So i wanted your advice to somehow circumvent maybe delete cookies after 3 attempts or proxychaining(just in my knowledge)...maybe absurd but some ideas(just guessing) that come to me...
Thanks
Anticipating a positive reply
-
Depending on the amount of credentials you could change proxy every 2 or 3 logins...
Also, if your script saves some of the cookies, then you should delete them everytime you change proxy.
-
Thanks flowjob....
-
Also you need to wait before every request, best if you randomize the time to wait to appear more human-like. Only bots can send requests one after another...
-
So i ran sslstrip with FakeAP and now i have lot of credentials,so just for fun and to test my python skills i wrote a python script(using mechanize) that attempts to login,but after a few successes(5 or 6) google got suscpicious...and asked to verify with secondary email and mobile no. verification.....HEARTBREAK:(
So i wanted your advice to somehow circumvent maybe delete cookies after 3 attempts or proxychaining(just in my knowledge)...maybe absurd but some ideas(just guessing) that come to me...
Thanks
Anticipating a positive reply
And you used SSLstrip ?
Finding it hard to believe really.
Not that it is very relevant.
Also gaymail will remember your localization/IPaddr amongst other things.
Say an account was only used in japan it is considered strange if you login from a UK IPaddr etc.
So I suggest you use an IP on the same soil.
Also google is very aware of proxies, public proxy is considered 'bad'.
Dont underestimate this.
Also I am starting to think google does portscans (isnt this illegal google?) , I have seen shit in logs that appears to be coming from them.
-
How is port scanning illegal? you open them to the public, so I see no illegal activity there. It's the same as putting a sculpture in public space and saying it's illegal to look at it.
-
How is port scanning illegal? you open them to the public, so I see no illegal activity there. It's the same as putting a sculpture in public space and saying it's illegal to look at it.
Yet it is, I didnt make the rules :)
Touching military computers can get you in some real trouble.
Yet 'they are out there'
-
Yet it is, I didnt make the rules :)
Touching military computers can get you in some real trouble.
Yet 'they are out there'
Touching is not the same as port scanning. It is more like looking... hence my analogy.
-
It depends on the context. In googles case they are most likely checking ports to see if the box is a proxy, completely legal. Much different than scanning Fort Mead's ip address space(cookie for anyone that can tell why thats bad without needing wikipedia :P ) looking for vuln servers.
Port scanning is an example of the difference between law and policy. Most ISP have service policies that say no port scanning. I do not know of a single LAW making port scans illegal. Even under the most draconian legal interpretations still require intent unless they can prove damages caused by negligence(difference between scanning one server, and why you cant exactly scan the entire ipv4 address space, though people do it anyways).
-
It depends on the context. In googles case they are most likely checking ports to see if the box is a proxy, completely legal. Much different than scanning Fort Mead's ip address space(cookie for anyone that can tell why thats bad without needing wikipedia :P ) looking for vuln servers.
Port scanning is an example of the difference between law and policy. Most ISP have service policies that say no port scanning. I do not know of a single LAW making port scans illegal. Even under the most draconian legal interpretations still require intent unless they can prove damages caused by negligence(difference between scanning one server, and why you cant exactly scan the entire ipv4 address space, though people do it anyways).
Well I have logs where (what is most likely) google touched ports on boxes which are non of their business.
I looked it up and you ppl are right, it is not illegal perse, ISP's can indeed have a policy against it.
What I came across are posts where individuals where dragged to court for scanning boxes.
The scanning by itself was not illegal but they led the court to believe it was because they wanted to break it, judge being clueless about computers and networking....
Seens to boil down to individuals can be screwed.
I can recommend watching Fedor's(creator of NMAP) talk called "scanning the internet" , quite an interesting one.
Aaaaand back on topic, sorry for the derail.
-
Thanks A Lot Everyone.. :)
-
ProxX does it again; moron post whores every post and pretends to be liberal enough to bring it back to topic. Why aint i surprised.
-
ProxX does it again; moron post whores every post and pretends to be liberal enough to bring it back to topic. Why aint i surprised.
If you have issues you can directly adress me instead of this kinda lame response.
-
My lame attempt at a joke right in you title. i kinda got the jiggles that i was going to loose a cookie for this, but what the heck, i deserved it. don't take it personal man. it just got weird when i was reading the responses and then they got down to a very different topic from OP's intension and i realised it was the self proclaimed post-whore himself.
Whatever, merry xmas to you too.
-
My lame attempt at a joke right in you title. i kinda got the jiggles that i was going to loose a cookie for this, but what the heck, i deserved it. don't take it personal man. it just got weird when i was reading the responses and then they got down to a very different topic from OP's intension and i realised it was the self proclaimed post-whore himself.
Whatever, merry xmas to you too.
Returned it, dunno , bad mood I guess.
All good sry.