Hacking Gmail

(Grace) #1

66 Part II — Getting Inside Gmail


Listing 5-5(continued)

Set-Cookie:
SID=AbF6fUKA6tCIrC8Hv0JZuL5cLPt3vlO6qonGit87BAlMeLIHjVq_eeHH5s
6MYQbPE-F6IjzxJjnWuwgSIxPn3GQ=;Domain=.google.com;Path=/
Cache-control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Server: GFE/1.3
Date: Sat, 08 Jan 2005 00:31:09 GMT

62
<script>var
loaded=true;</script><script>try{top.js.L(window,29,’18fd02c90
a
‘);}catch(e){}</script>

This you can recognize: The heartbeat had my browser requesting the following
URL:
/gmail?ik=344af70c5d&view=tl&search=inbox&start=0&tlt=1014fb79f15&
fp=54910421598b5190&auto=1&zx=24c4d6962ec6325a216123479

Likewise, the heartbeat had my browser passing the following cookie:
Cookie: GV=101014fb09ab5-af53c8c5457de50bec33d5d6436e82c6;
PREF=ID=2dfd9a4e4dba3a9f:CR=1:TM=1100698881:LM=1101753089:GM=1:S=n
JnfdWng4uY7FKfO; SID=AcwnzkuZa4aCDnqVeiG6-
pM487sZLlfXBz2JqrHFdjIueLIHjVq_eeHH5s6MYQbPE4wm3vinOWMnavqPWq3SNNY
=; GMAIL_AT=e6980e93d906d564-1014fb09ab7;
S=gmail=h7zPAJFLoyE:gmproxy=bnNkgpqwUAI; TZ=-60

The browser then received a new cookie:
SID=AbF6fUKA6tCIrC8Hv0JZuL5cLPt3vlO6qonGit87BAlMeLIHjVq_eeHH5s6MYQ
bPE-F6IjzxJjnWuwgSIxPn3GQ=;Domain=.google.com;Path=/

Along with the new cookie, my browser also received a snippet of JavaScript as
the contents of the page:
<script>var
loaded=true;</script><script>try{top.js.L(window,29,’18fd02c90a
‘);}catch(e){}</script>

What can you tell from all of this? Well, you now know how Gmail on your
browser communicates with the server, and you know how to listen in on the con-
versation. Two things remain in this chapter, therefore: collecting as many of these
phrases as possible and then working out what they mean.
Free download pdf