I hacked several accounts from several sites just using VPN

Here's how I hacked so many accounts with in few hours.

anish

Male

View Profile

Posted 4 years ago 1,757 Views updated 4 years ago

1. How VPN works?

Simply VPN is a Tunnel between your computer and internet. In you're connected to VPN, then any request you make to the internet goes to VPN and the VPN sends it to internet, receives data from internet and then sends the data to you.

Which means the VPN has the access to both request you send and response you get from internet.

Any person having access to the VPN can read the requests you send. Requests can be your username, password, search query, session detail......

3. Background

I was testing security. I thought of a cool trick. I thought to create a VPN, and in the VPN I will add logger and interceptor. Which means I will be keeping logs of all the request going through my VPN server. I planned to this for test purpose with my computer if it works share it with friends and surprise them.

But just after few minutes I starting getting lots of requests in my VPN. Morethan 100 request every minute. I closed the VPN. I started looking the logs. People started using my VPN. Most of them used it to access porn sites. But there were request going to Facebook, google, yandex, mail.ru, Amazon and many sites. First I thought it was just some kind of algorithm and all requests were made by auto crawler. But it wasn't the case. I could see people sign in details and many credentials.

4. How was it happening?

Where were those people comming from? How did they knew my server IP?

I started questining this to myself. I also added this question to Stackoverflow and other forums.

Then I thought of finding how this was happening. I cleared all the log. Opened the VPN again. The first request was to

http://check.proxyradar.com/azenv.php?s=158006977981639PC276969734408080

After doing some research and checking Proxyradar I found that they are selling proxies, They monitor IPs and whenever they find any open proxy they disclose them to public. And they are also providing paid API by which other VPN apps uses the proxy they share.

There are lots of websites like proxyradar. Which makes this even worse.

This is not just with VPN it's the same with the public WiFi and other Networks. Your requests are sent to wifi router before internet which enable wifi owner to access your credentials.

So Never connect to any unknown open WiFi networks and free VPNs