Author Topic: Automate Gmail Login (Read 1177 times)

@rjun · « **on:** December 22, 2014, 03:02:29 pm »

So i ran sslstrip with FakeAP and now i have lot of credentials,so just for fun and to test my python skills i wrote a python script(using mechanize) that attempts to login,but after a few successes(5 or 6) google got suscpicious...and asked to verify with secondary email and mobile no. verification.....HEARTBREAK:(

So i wanted your advice to somehow circumvent maybe delete cookies after 3 attempts or proxychaining(just in my knowledge)...maybe absurd but some ideas(just guessing) that come to me...

Thanks
Anticipating a positive reply

flowjob · « **Reply #1 on:** December 22, 2014, 03:14:03 pm »

Depending on the amount of credentials you could change proxy every 2 or 3 logins...
Also, if your script saves some of the cookies, then you should delete them everytime you change proxy.

@rjun · « **Reply #2 on:** December 22, 2014, 03:18:20 pm »

Thanks flowjob....

Kulverstukas · « **Reply #3 on:** December 22, 2014, 05:31:12 pm »

Also you need to wait before every request, best if you randomize the time to wait to appear more human-like. Only bots can send requests one after another...

proxx · « **Reply #4 on:** December 22, 2014, 06:54:30 pm »

Quote from: @rjun on December 22, 2014, 03:02:29 pm

So i ran sslstrip with FakeAP and now i have lot of credentials,so just for fun and to test my python skills i wrote a python script(using mechanize) that attempts to login,but after a few successes(5 or 6) google got suscpicious...and asked to verify with secondary email and mobile no. verification.....HEARTBREAK:(

So i wanted your advice to somehow circumvent maybe delete cookies after 3 attempts or proxychaining(just in my knowledge)...maybe absurd but some ideas(just guessing) that come to me...

Thanks
Anticipating a positive reply

And you used SSLstrip ?
Finding it hard to believe really.
Not that it is very relevant.

Also gaymail will remember your localization/IPaddr amongst other things.
Say an account was only used in japan it is considered strange if you login from a UK IPaddr etc.
So I suggest you use an IP on the same soil.
Also google is very aware of proxies, public proxy is considered 'bad'.
Dont underestimate this.
Also I am starting to think google does portscans (isnt this illegal google?) , I have seen shit in logs that appears to be coming from them.

Kulverstukas · « **Reply #5 on:** December 22, 2014, 07:41:03 pm »

How is port scanning illegal? you open them to the public, so I see no illegal activity there. It's the same as putting a sculpture in public space and saying it's illegal to look at it.

proxx · « **Reply #6 on:** December 22, 2014, 07:49:07 pm »

Quote from: Kulverstukas on December 22, 2014, 07:41:03 pm

How is port scanning illegal? you open them to the public, so I see no illegal activity there. It's the same as putting a sculpture in public space and saying it's illegal to look at it.

Yet it is, I didnt make the rules

Touching military computers can get you in some real trouble.
Yet 'they are out there'

Kulverstukas · « **Reply #7 on:** December 22, 2014, 08:02:30 pm »

Quote from: proxx on December 22, 2014, 07:49:07 pm

Yet it is, I didnt make the rules
Touching military computers can get you in some real trouble.
Yet 'they are out there'

Touching is not the same as port scanning. It is more like looking... hence my analogy.

madf0x · « **Reply #8 on:** December 22, 2014, 08:03:38 pm »

It depends on the context. In googles case they are most likely checking ports to see if the box is a proxy, completely legal. Much different than scanning Fort Mead's ip address space(cookie for anyone that can tell why thats bad without needing wikipedia

) looking for vuln servers.

Port scanning is an example of the difference between law and policy. Most ISP have service policies that say no port scanning. I do not know of a single LAW making port scans illegal. Even under the most draconian legal interpretations still require intent unless they can prove damages caused by negligence(difference between scanning one server, and why you cant exactly scan the entire ipv4 address space, though people do it anyways).

proxx · « **Reply #9 on:** December 22, 2014, 08:57:06 pm »

Quote from: madf0x on December 22, 2014, 08:03:38 pm

It depends on the context. In googles case they are most likely checking ports to see if the box is a proxy, completely legal. Much different than scanning Fort Mead's ip address space(cookie for anyone that can tell why thats bad without needing wikipedia ) looking for vuln servers.

Port scanning is an example of the difference between law and policy. Most ISP have service policies that say no port scanning. I do not know of a single LAW making port scans illegal. Even under the most draconian legal interpretations still require intent unless they can prove damages caused by negligence(difference between scanning one server, and why you cant exactly scan the entire ipv4 address space, though people do it anyways).

Well I have logs where (what is most likely) google touched ports on boxes which are non of their business.
I looked it up and you ppl are right, it is not illegal perse, ISP's can indeed have a policy against it.
What I came across are posts where individuals where dragged to court for scanning boxes.
The scanning by itself was not illegal but they led the court to believe it was because they wanted to break it, judge being clueless about computers and networking....
Seens to boil down to individuals can be screwed.
I can recommend watching Fedor's(creator of NMAP) talk called "scanning the internet" , quite an interesting one.

Aaaaand back on topic, sorry for the derail.

@rjun · « **Reply #10 on:** December 24, 2014, 02:23:12 pm »

Thanks A Lot Everyone..

kenjoe41 · « **Reply #11 on:** December 24, 2014, 06:16:11 pm »

ProxX does it again; moron post whores every post and pretends to be liberal enough to bring it back to topic. Why aint i surprised.

proxx · « **Reply #12 on:** December 24, 2014, 08:09:58 pm »

Quote from: kenjoe41 on December 24, 2014, 06:16:11 pm

ProxX does it again; moron post whores every post and pretends to be liberal enough to bring it back to topic. Why aint i surprised.

If you have issues you can directly adress me instead of this kinda lame response.

kenjoe41 · « **Reply #13 on:** December 24, 2014, 09:22:17 pm »

My lame attempt at a joke right in you title. i kinda got the jiggles that i was going to loose a cookie for this, but what the heck, i deserved it. don't take it personal man. it just got weird when i was reading the responses and then they got down to a very different topic from OP's intension and i realised it was the self proclaimed post-whore himself.

Whatever, merry xmas to you too.

proxx · « **Reply #14 on:** December 24, 2014, 09:44:34 pm »

Quote from: kenjoe41 on December 24, 2014, 09:22:17 pm

My lame attempt at a joke right in you title. i kinda got the jiggles that i was going to loose a cookie for this, but what the heck, i deserved it. don't take it personal man. it just got weird when i was reading the responses and then they got down to a very different topic from OP's intension and i realised it was the self proclaimed post-whore himself.

Whatever, merry xmas to you too.

Returned it, dunno , bad mood I guess.
All good sry.

EvilZone

News:

Author Topic: Automate Gmail Login (Read 1177 times)

@rjun

Automate Gmail Login

flowjob

Re: Automate Gmail Login

@rjun

Re: Automate Gmail Login

Kulverstukas

Re: Automate Gmail Login

proxx

Re: Automate Gmail Login

Kulverstukas

Re: Automate Gmail Login

proxx

Re: Automate Gmail Login

Kulverstukas

Re: Automate Gmail Login

madf0x

Re: Automate Gmail Login

proxx

Re: Automate Gmail Login

@rjun

Re: Automate Gmail Login

kenjoe41

Re: Automate Gmail Login

proxx

Re: Automate Gmail Login

kenjoe41

Re: Automate Gmail Login

proxx

Re: Automate Gmail Login