PDF download Download Article PDF download Download Article

Want to test the security of a Gmail account? Whether you want to hack your own or someone else's Gmail account (with permission, of course), you have several tools at your disposal. This wikiHow article will teach you how to use tools like keyloggers, packet sniffers, and your web browser's own password manager to break into a Gmail address. Keep in mind that hacking into someone else's email account is unethical and illegal in most regions, so do so at your own risk.


Method 1
Method 1 of 4:

Managing Your Expectations

PDF download Download Article
  1. Gmail is an incredibly secure service. The only way you'll be able to "hack" into someone's account is by stealing their password. If your target has two-factor authentication, you'll need their mobile device as well. There is no other way around two-factor authentication.
  2. It is absolutely illegal in most areas to access someone's email account without authorization. This article is for educational purposes only.
  3. Advertisement
Method 2
Method 2 of 4:

Using a Keylogger

PDF download Download Article
  1. A keylogger is a program that logs the keystrokes on the computer it is installed on. [1] There are a variety of keylogger programs available for free or for purchase online, with varying degrees of stealthiness. Be sure to research all of your options carefully. Popular programs include:
    • Actual Keylogger
    • Spyrix Free Keylogger
    • BlackBox Express
    • KidLogger
    • NetBull
    • Lola
  2. This will require administrator access to the target's computer. On many computers, the password will be "admin" or will just be blank.
    • The process for installing the keylogger varies depending on the program you are using.
    • Installing a keylogger without the other person knowing is illegal.
  3. Start the service so that it begins recording keystrokes. The process for this will vary depending on the program you are using. You may have to configure the program to record keys if it has multiple functions.
  4. The keylogger will likely capture a lot of information. You can filter based on the window that the user is typing in.
  5. Some keyloggers will send the logs to your email. Others will require you to export them from the computer that the program is running on. Browse through the logs until you find what you suspect to be the target's Gmail password. You may be able to filter by the Gmail login page.
    • If the keylogger doesn't send you the logs via email, you'll need to access the program on the computer you installed it on to view them.
  6. Advertisement
Method 3
Method 3 of 4:

Using the Browser's Password Manager

PDF download Download Article
  1. You must have access to that person's computer. Try this when they're out of the room or you know that you have a few minutes alone.
    • Open a link from an email or a Help menu to launch the default browser.
  2. The process for accessing the password manager is different depending on the browser you are using. [2]
    • Internet Explorer - Click the Gear button or the Tools menu and select "Internet Options." Click the "Content" tab and then click the "Settings" button in the AutoComplete section. Select "Manage Passwords" from the new window.
    • Chrome - Click the Chrome Menu button (☰) and select "Settings." Click the "Show advanced settings" link and then scroll to the "Passwords and forms" section. Click "Manage passwords."
    • Firefox - Click the Firefox Menu button (☰) and select "Options." Click the "Security" tab and then click "Saved Passwords."
    • Safari - Click the Safari menu and select "Preferences." Click the "Passwords" tab.
  3. Use the search bar in the password manager to search for "google". This is the quickest way to narrow down the list of passwords. Look for the "accounts.google.com" entry for the target's Gmail address.
  4. Select the password and then click the "Show" or "Show Password" button. You may have to enter the administrator password for the computer before the passwords are displayed.
  5. Make note of the password as well as the exact Gmail address. Close the password manager when you are done to cover your tracks.
  6. If the target has not enabled two-factor authentication, then you should be able to access the account. The target will likely be notified that a login has occurred from an unknown browser.
    • If the target has two-factor authentication activated, then you will need the code that is sent to their mobile device. There is no way around this if it is activated.
  7. Advertisement
Method 4
Method 4 of 4:

Using a Packet Sniffer

PDF download Download Article
  1. Whenever someone logs into Gmail (or any other login service), a file called a "cookie" is sent to their computer. This cookie allows the user to stay logged in, even if they leave Gmail. A packet sniffer can find cookies being transferred over a wireless network. When you find a Gmail cookie, you can open it on your computer and potentially access your target's inbox. You'll need to be connected to the same wireless network as your target.
    • This method will not work if your target has encryption enabled (https://). This is enabled by default in Gmail, so its usefulness is limited. [3]
    • Using a packet sniffer on a public network to intercept traffic is illegal.
  2. Wireshark is a free network monitoring utility that you can download from wireshark.org . It is available for Windows, Mac, and Linux. Installing Wireshark is a straightforward process. Follow the prompts like you would with most programs. [4]
    • During installation, make sure to install the TShark component. This is essential for grabbing cookies over the wireless network. You will also need to install "WinPcap."
  3. This is a Java program that will find and intercept cookies being sent across the wireless network. Cookie Cadger doesn't need to be installed. It works the same in every operating system.
    • You will need to have Java 7 installed in order to use Cookie Cadger. You can download Java from java.com/download . See How to Install Java for more details.
  4. Connect to the same wireless network your target is connected to. You will need to be connected to the same wireless network as your target. This means you'll need to be close.
  5. Wireshark will need to be running in order for Cookie Cadger to work.
  6. Select the adapter connected to the wireless network from the drop-down menu. You should see the main frame populate with unsecured cookies from other people using the network.
  7. The second column will display a list of domains that Cookie Cadger is finding cookies for. Look for Google domains, particularly mail.google.com .
    • Remember, this only works if the target is not using https. If their connection is secure, you will not be able to find the cookie.
  8. This will load the cookie into your own web browser. The right cookie will take you directly to the target's inbox.
    • You will no longer be able to access their Gmail when the person logs out. [5]
  9. Advertisement

Community Q&A

Search
Add New Question
  • Question
    Can I do it without accessing the victim's PC?
    Community Answer
    You could, but a large amount of social engineering would be required. You would have to get the user to install a keylogger as some other application.
  • Question
    Can my phone be hacked if I make another Gmail account for another person from my phone?
    Community Answer
    No, your phone will not get hacked. Just make sure to log out of the other Gmail account before making a new one.
  • Question
    Is it illegal for me to hack into someone else's Google account and change the password?
    Community Answer
    Yes. It is very illegal and could get you into serious trouble.
See more answers
Ask a Question
      Advertisement

      Tips

      Submit a Tip
      All tip submissions are carefully reviewed before being published
      Name
      Please provide your name and last initial
      Thanks for submitting a tip for review!

      Warnings

      • Beware that many of the software programs claiming to hack Gmail accounts are scams.
      • The sole purpose of this article is to impart knowledge and make people aware of security concerns.
      Advertisement

      About This Article

      Article Summary X

      You can learn how to hack your Gmail account to test its security or in case you have lost your password, but remember that hacking someone else’s account is illegal. One way to hack your Gmail is to open your password manager. Use the search bar in the password manager to search for “google.” Then, look for “accounts.google.com” to find the Gmail address. Select the password, then click the “Show” or the “Show Password” button. After you copy down the password, type it into your Gmail login page. If you have two-factor authentication activated, you’ll also need the code sent to your mobile phone to access the account. To learn how to use a Packet Sniffer to hack into your Gmail account, keep reading!

      Did this summary help you?
      Thanks to all authors for creating a page that has been read 5,348,096 times.

      Is this article up to date?

      Advertisement