▓Cookie Stealing & Hijacking▓ : INTRO

Cookies is a piece of code which identify you to the site. They store settings about your customized look and feel for the pages you view, your username and encrypted password or user id, who referred you to the site, profile preferences, and just about any kind of information the admins want them to store to customize your user experience. Cookies are most commonly used to give you access to login protected pages once you've entered your information, identify you in content that you change on the site (forum posts or article comments, for example), tell the administrators how you found the site, and more. Again, cookies will function as their creators have written them to function.

In other words when ever you login to a website such as Facebook, Gmail, Orkut etc your browser assigns you a cookie which basically tells the browser that for how long the user should be logged it.



What are session cookies or session IDs or session token?

Whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. Session cookies enable the website you are visiting to keep track of your movement from page to page so you don't get asked for the same information you've already given to the site. Cookies allow you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new area you visit. This piece of string or login session is destroyed when we click on 'Sign Out' option.



Just visit yahoo.com and Type in browser



Code:

javascript:alert(document.cookie);



You would get a pop up box showing you the cookies left by yahoo on our PC.



Now login to your account and do same thing, you would see some more elements added to the cookies. These represent sessions ids.



So it means sessions are stored in our browser in form of cookies.



An attacker can steal that session by convincing slave to run a piece of code in browser. Attacker can use that stolen session to login into slave's account without providing any username/password. This attack is very uncommon because when the slave clicks 'Sign out', session gets destroyed and attacker too also gets signed out.



Note : But in case of yahoo, it’s not the same. The attacker doesn’t get signed out when slave clicks 'Sign out'. Though the session automatically gets destroyed after 24hrs by yahoo. But when user simply refreshes the windows in yahoo account, he gets sessions again for next 24 hrs. This means, once the yahoo account session is stolen, attacker can access the account for life time by refreshing window in every 24hrs. I am not actually sure whether its 24 or 48 hrs.



What is a Session Hijacking Attack?


A session hijacking attack is basically an act of capturing session cookies and injecting it into your own browser to gain acess to victims account.



What is a Cookie Stealer?



A cookie stealer is basically a script used to steal victims authentication cookies, Now for a cookie stealing process to work the website or the webpage should be vulnerable to an XSS attack, This is the most common and widely known misconception among newbies.

How the stealing process work?

1. The attacker creates a PHP script and uploades it to a webhosting site.



2. The attacker then asks the victim to visit that particular link containing the PHP code.



3. Once the victim visits it his/her authentication cookie is saved in a .txt file.



4. Next the attacker uses a cookieinjector or a cookie editor, There are lots of firefox addons, google chrome extensions to do the work for you.

Eg: Cookie manager v1.5.1



You can also use the webdeveloper toolbar to do the work for you.



5. The attacker replaces his own cookies with the victims cookies as a result of which the victims session is hijacking.



So now that you understand the theory and applications of cookies, you're probably wondering how you can edit them on your own. There are many ways to use or change our browser cookies, such as javascript injections, dozens of firefox addons, etc. My favorite way is by using a firefox addon called Firecookie, which is actually an extension to another firefox addon, firebug. You can download them from mozilla's official addon site (firebug must be installed first):

Firebug: https://addons.mozilla.org/en-US/firefox/addon/1843

Firecookie: https://addons.mozilla.org/en-US/firefox/addon/6683

Will this hack always work?

Well this trick won't work on all Yahoo,Gmail,...accounts and as Yahoo/Gmail now offers End to End https:// encryption, Which encrypts the session token so even if we could get our hands on the GX cookie it's useless, but if a user has turned off the End to End https:// encryption in gmail,yahoo.. it can work for sure.


Hope you all have liked it....

IF you have any queries ask me in comment bellow.....

Yahoo Cookie,Gmail Cookie,Facebook Cookie Stealing And Session Hijacking Introduction Part1

2011-07-08T06:16:00-07:00

Niketan Patil

Cookies

Read More

LyricStatus: Update Your Facebook Status With Your Favorite Song

Often words can not express our true feelings, but sometimes the lyrics of a song that some people tend to explain exactly what is happening. Using words to tell your friends on Facebook about how you feel can be a good idea, but to find the songs you want, or type can still be a chore. You do not want a typo, or paraphrase the words, and ashamed, do you think? LyricStatus is a web application that allows you to find the lyrics of the song and the artist, and always update your Facebook status without effort, as long as it has been identified with your Facebook. Read on to find out more.

The service allows you to search a title or an artist and ask their name. Alternatively, you can browse alphabetically, by publishing the names of the artists in alphabetical order.
                                    

Categories can be found at the bottom of the page and you can search by Newest, most popular song lyrics and words on Facebook.
                 
Far from the search results, select the text you want to use to update your status. When selected, the texts are highlighted in orange, and a pop-up, click to send texts to Facebook.
                                                 
For users more control, you can change what you post. So you can publish the words on the wall or a wall of a friend by entering a name. Also, you can add quotes or a link to the letter.
                                      
LyricStatus Everything is user-friendly web app that you can quickly express your feelings and emotions through the lyrics of the most used social networks in the world. LyricStatus is completely free and can be found from the link below.
                                                             Visit L yricStatus

Read More

BROWSER →→ BROWSER File Sharing!!!!

Friends...............A useful facility,which we may have not known!!

.Actually This process is so simple that even a newbiee can do it.

Step 1 : Go to FilesOverMiles website. Click "Browse" and select the file to transfer.

Step 2 : You will get a LINK instantly as soon as you click on the file to send..Give that link over to your friend through GTALK or any other process.

Step 3 (2nd User) : The PC on the receiving end of this file transfer must go this unique url which will show a download option from the file to be transferred PC to PC.

                                     

Note : The transfer file will continue to be available for download until the web page on 1st user’s browser is closed.

It provides a good  Speed and security+ SAve of time.........

Read More

Hack Folder Lock Password

In this tutor, you will come to know on how to hack FOLDER LOCK PASSWORD


Well, For every Lock in the World There's a Key, And For every password, There's a Hack.

You just need to edit some strings in the registry, Well this is nothing complicated. Just keep on following the steps and you'll not know when you have the password in your hand !

• Go to start
• Go to run
• Type"Regedit"  and Press enter.
• Now go to the Following String 
• [HKEY_CURRENT_USER\Software\Microsoft\Windows\Quality Control]
• now in the right pane you'll see "_pack".
• In the pack String you'll see something like "something~~~~~~"
• Now this is the password. But this is Encrypted.

How to De-Crypt the Password?:

•  First of all Ignore the ~~~~~~ sign.
• Now you'll only have "Something" left.
• Now the most Important Step:
• You need to move each character one step backward . 
• example: In something:
• s=r
• o=n
• m=l
• e=d
• t=s
• h=g
• i=h
• n=m
• g=f
• Wow Done ! Now You've the password. It'll be "rnldsghmf"

Happy hacking. Please Leave your valuable Feedbacks.......

Read More

Convert text into Speech using NOTEPAD

Notepad: A simple programme. But we can do lot's of things with this. If you want to convert your text in to audio you have to use any programmes. But from this method you don't want to use another software. 
 An easy trick from Notepad




Let's start

1. Open notepad.
2. Copy the code below.

Dim msg, sapi
sg=InputBox("Enter your text for Conversation | Tool (http://7hacks.blogspot.com)","PC Hacks Text-To-Audio Converter")
Set sapi=CreateObject("sapi.spvoice")
sapi.Speak msg

• Now save it as text_audio.vbs
• And that's it.
• Now open the file and type anything. 
• Then click OK.

Read More

Find IP address by using FACEBOOK NOTIFICATION

Step 1: Goto My IP TEST Page, you will see 3 fields:

• Link for person – link that you need to message your friend
• Redirect URL(optional) – your friend will be Redirect to the Specified URL after he clicks the Link.
• Link for you – This link is for you to check if your friend has clicked your link.

Step 2: Enter the Redirect URL (eg: www.facebook.com)

Step 3: Copy the link from ‘Link for person’ and send it to your friend via message or wall post

Step 4: Copy and ave the URL from ‘Link for you’ and do check it frequently. You will get your friends IP if he or she clicks on your link.

The Good part about this is when you receive Notification email from facebook saying for example:

" {Facebook user} sent you a message on Facebook." OR " {Facebook user} commented on a photo of you on Facebook"

Along with Facebook’s Server IP, They also include the IP address of the ‘Facebook user’ in the Header of the email. So why not we use this Bug? ofcourse you will need to enable ‘Full header’ in the email. If you don’t know how to view header of the email please read our previous post :

What is header, How to find the IP address of the email sender using header?

 -I assume that you have the header opened. just look for the line that says “X-Facebook” in the headers. Here’s an example:

X-Facebook: from zuckmail ([MTI3LjAuMC4x]) by www.facebook.com with HTTP (ZuckMail);

The IP address above is Base64 encoded and Yes “MTI3LjAuMC4x” is the String that you got to decode. Now grab a good Base64 to ASCII text Converter and decode the string to get the IP address. After decoding “MTI3LjAuMC4x” will become 127.0.0.1. isn’t it so simple?.

 -Worried about your Privacy?

If you are worried about your Privacy than it’s worth telling you that knowing an IP address isn’t necessarily a security risk. For example, Web sites and other servers must have their IP address publicized in order to get traffic. It’s like knowing the mailing address to a house: Sure, it’s better if someone doesn’t know where your house is, but if they do, they would still need to bypass the home security to break in. eventually IP address is enough for a hacker to break into your network if your Firewall is weak. so better be careful. May be facebook should use encryption instead of encoding for privacy purpose….but who cares?




 Now that you have the IP, What next?

Now that you already have the IP address you can do lot of things. if you know some hacking, you would probably test you skills on that IP address. If it’s serious issue i would recommend take the IP address and go file FIR against that person. or you can always lookup more information about that IP. To do so we will be using IP tracer service. Go to the below address and paste the IP address in the box that says “lookup this ip or website”. and it will show you the location of the user.

http://www.ip-adress.com/ipaddresstolocation/

It will show you all the information about that user along with his ISP and a Location in the MAP. Now in the MAP Just click on “click for big ip address location” in the big picture you can actually zoom in. and try to recognize the area.

Read More

Auto Poke Back in Facebook

Trick to Auto Poke Back your Friend in Facebook:-

For Google Chrome:

• Open your Google Chrome browser and install the script by Clicking Here
• Click on the Install or Add to Chrome button appearing on your screen.

1. Now after installation you will see a conformation Message You Have successfully installed and you will also see a Facebook button in your browser

1. Click on the Facebook button and do check mark in the box.

That’s it. Now Refresh your Facebook page. You will see a Poked notification rather than Poke Back.

For Mozilla Firefox:-

• Open your Mozilla Firefox browser and you first have to install Grease Monkey Add-on by Clicking Here.

• • Now you have to add Javascript in to your browser by Clicking Here.
  • Click on the Install button appearing on the upper right side corner in to your firefox window.

 In the new pop up window again click on the Install button.

script is successfully installed notification at the below of your screen.

Now when your friend will Poke you then he will automatically be Poked Back.

Enjoy 

Read More

Delete Your Friend's FACEBOOK Account in 24 hours

Just Follow the steps:

Step 1 - Go to this url:

This image is just for illustrative purpose only.......

So this is the Url we will use to Report our slave. This Form allows you to report a deceased person (someone who is  dead).

Step 2 - Completion of  the Fields:

>Full Name: Your Victims Full name(Name last name)

>Date of birth: Go to his profile and click at Info tab and get his date of birth.

>Account Email Addresses: Do the same thing, go to his profile and click on info tab and get his email addresses.

>Networks: Again,go to his profile and click on Info tab and get his networks, copy them and paste in the form.

>Web address of profile you would like to report: Just go to his profile and copy the link in the address bar.

>Relationship to this person: To make more believable select Immediate Family.

>Requested Action: Remove Profile/memorialize profile

>Proof Of Death: This is the hardest part of this form. Now to make a proof of a death just Google in your language a “Death Certificate” or “Certificate of a Death”. It doesn’t matters from what country you are, just use this Italian certificate and open up photoshop or whatever Image
Editor and just write in a blank field:
Annunciamo il morte di [name goes here]. Save your image to desktop and upload it in one of the Image
Free Hosting like: http://imageshack.us
And it’s done  … Italian Death Certificate:
Additional Information: Write what you want, just write that you are in his/her family and you would like to close his/her Facebook account because you won’t like that when he is dead, his Facebook is opened.

Hope u enjoyed this piece of article!!!!!!!!!!!!!!

Read More

Google talk HACKs

1. Change the font size
While holding the control key, move the scroll wheel on your mouse either up or down. This trick works while being focused in either the read or write area.

2. Insert line breaks
If you want to have a message that spans multiple paragraphs, just hold shift and hit enter. You can add as many new lines as you want to create.

3. Bold Text
To write something bold, you can use an asterisk before and after the word. For Example *Hungry Hacker*

4. Italic Text
To use italics, use an underscore before and after the word. For Example _Hungry Hacker_

5. Switch windows
Hitting tab will cycle through open windows. It will select minimized conversations, to expand them just hit enter. If you just want to cycle through IM’s and don’t care about the buddy list, control-tab will do that and will automatically expand a minimized conversation if you settle on one.

6. Invitation Tips
You don’t need to say Yes or No when someone wants to add you as a friend; you can simply ignore it, the request will go away. (On the other hand, someone with whom you chat often will automatically turn to be your friend, unless you disable this in the options).

7. Show Hyperlinks
You can show your homepage or blog URL simply by entering it in your away message (at the top of the main window). It will automatically turn to a link visible to others.
How To’s

1. Use multiple identities on Google Talk
Want to run Google Talk with multiple Gmail identities? If you have several Google Gmail accounts you also may want to run multiple instances of Google Talk This is especially important for families that share a single PC. Basically, to have “Google Polygamy” you need to run Google Talk with the following switch: /nomutex
Right-click on the desktop
Select New -> Shortcut
Paste the following into the Address box:

“C:\program files\google\google talk\googletalk.exe” /nomutex
Click Next and choose a shortcut name such as Google Talk1, Google Talk2, or something related to your Gmail account for easy remembering which account is which.


2. Use Google Talk via a Web Browser
You want to use Google Talk anywhere ? Follow these guidelines 
Opens your favourite web browser.
Go to following Website

http://www.webjabber.net:8080/jim/
Follow the instructions of the Page.
You can talk with your friends


3. Conference Calls
Open up a copy of Google Talk on all computers with which you wish to conference.
After one copy is opened make a new shortcut for Google Talk but at the end of it add /nomutex.
If you installed it to the default folder then your shortcut should read “C:\Program Files\Google\Google Talk\googletalk.exe” /nomutex.
Open 2nd instances of the software on every user’s computer.
After this start a chain: User 1 should connect on one instance to user 2. User 2 will connect on his second instance to user 3. User 3 will connect using his second instance back to user 1. With this chain everyone is connected to everyone.

4. Change Nickname
You can’t change your nickname in a way that other people will see it change. Every nickname in the Google Talk Contact List is the part that is before @gmail.com (only the alphabetical characters are used) or the name you chosen for your GMail account. To change the nickname you need to do the following:
Go to your Gmail account and change the name there.
Choose Settings, Accounts, and then Edit info. Click on the second radio button, and enter your custom name.
As a result all of your emails will have that nick as well, there is no way to seperate the two.
You can add a website in your custom message, it will be clickable when someone opens a conversation window with you.


5. Contacts
You don’t need to say Yes or No when someone wants to add you as a friend; you can simply ignore it, the request will go away. (On the other hand, someone with whom you chat often will automatically turn to be your friend, unless you disable this).


6. Play Music

It’s possible to broadcast music, MP3, etc. through Google Talk. Follow the steps given bellow:
Unplug your microphone.
Double click on the speaker icon in the lower right corner. This will open up “Volume Control”.
Select “Options” and then “Properties”. Then check the button next to “Recording” then click OK.
You may also have to change your setting under Mixer Device. Now the Recording Control screen should be up.
On my computer I selected “Wave Out Mix”. Click on the green phone in Google Talk and call your friend.
                                      
Registry Hacks

Before applying any of these Registry Tweaks follow the steps given below:
Backup your Registry
Start -> Run -> Regedit

Now Navigate to the following directory

HKEY_CURRENT_USER\Software\Google\Google Talk.
Make Changes based on the info given bellow.
Restart your PC for the changes to take effect.

The “Google/Google Talk” key has several sub-keys that hold different option values:

Accounts: This one has subkeys for each different account that has logged in on the client. These keys have different values that store the username, password and connection options.

Autoupdate: Stores the current version information. When the client checks for updates it compares Google’s response with these values. If an update is needed, it will download and update the new version.

Options: This is the most interesting part, where most of the current hacks should be used (keep reading).

Process: Stores the process ID. Probably used by Google Talk to detect if it’s already running or not.
HKEY_CURRENT_USER\Software\Google\Google Talk\Options\show_pin

If 1, shows a “pin” next to the minimize button that keeps the windows on top of all the other open windows when clicked.
HKEY_CURRENT_USER\Software\Google\Google Talk\Options\view_show_taskbutton

If 0, hides the taskbar button, and leaves the tray icon only, when the window is shown
HKEY_CURRENT_USER\Software\Google\Google Talk\Options\away_inactive

If 1, status will be set as Away after the specified number of minutes.
HKEY_CURRENT_USER\Software\Google\Google Talk\Options\away_screensaver

If 1, status will be set as Away after the specified number of minutes.
HKEY_CURRENT_USER\Software\Google\Google Talk\Options\inactive_minutes

Number of inactive minutes to become away if auto-away is on.

Keyboard Shortcuts
Use
Ctrl + E It centralizes the selected text, or the current line.
Ctrl + R It justifies to the right the selected text, or the current line.
Ctrl + L It justifies to the left the selected text, or the current line.
Ctrl + I The same thing does that Tab.
Tab It is giving the area to each of the windows opened by Google Talk.
Ctrl + Tab The same thing does that Tab but in reverse.
Shift + Tab The same thing that Ctrl + Tab does.
Ctrl + Shift + L Switch between points, numbers, letters, capital letters, roman numbers and capital roman numbers
Ctrl + 1 (Key Pad) It does a simple space between the lines.
Ctrl + 2 (Key Pad) It does a double space between the lines.
Ctrl + 5 (Key Pad) A space does 1.5 between the lines.
Ctrl + 1 (Num Pad) It goes at the end of the last line.
Ctrl + 7 (Num Pad) It goes at the begin of the last line.
Ctrl + F4 It closes the current window.
Alt + F4 It closes the current window.
Alt + Esc It Minimize all the windows.
Windows + ESC Open Google Talk (if it’s minimized, or in the tray)
F9 Open Gmail to send an email to the current contact.
F11 It initiates a telephonic call with your friend.
F12 It cancels a telephonic call.
Esc It closes the current window.
                                                                   

Google’s Secret Command-Line Parameters

There are a few secret parameters you can add to Google Talk and make it function differently.

You can use these parameters as follows:

“C:\program files\google\google talk\googletalk.exe” [PARAMETER]Parameter Use
/nomutex Allows you to open more than one instance of Google Talk
/autostart It will check the registry settings to see if it needs to be started or not. If the “Start automatically with Windows” option is unchecked, it won’t start.
/forcestart Same as /autostart, but forces it to start no matter what option was set.
/S upgrade Used when upgrading Google Talk
/register Registers Google Talk in the registry, includig the GMail Compose method.
/checkupdate Check for newer versions.
/plaintextauth Uses plain authentication mechanism instead of Google’s GAIA mechanism. Used for testing the plain method on Google’s servers.
/nogaiaauth Disables GAIA authentication method. The same as /plaintextauth .
/factoryreset Set settings back to default.
/gaiaserver servername.com Uses a different GAIA server to connect to Google Talk. Used for debug purposes only, there are no other known GAIA servers.
/mailto email@host.com Send an email with Gmail.
/diag Start Google Talk in diagnostic mode.
/log Probably has something to do with the diagnostic logging


Miscellaneous G-talk Facts
A message can be 32767 characters long.
The Gmail account ‘user@gmail.com’ can’t be invited as your friend

Read More

♠♠Get Premium Accounts♠♠

Premium accounts:

• Wupload
• Megaupload
• Filesonic
• Hotfile
• Oron
• Uploaded.to
• Depositfiles

What we need?:
Mozilla Firefox / Google Chrome
Cookie Manager + ( Firefox)
Edit This Cookie (Chrome)
Little bit time!



Step1: Download and install Cookie Manager/ Edit This Cookie for your browser!


Step2: Go now to Blog.Tomtest!


Step3. 
Search now a article with the name of your premium hoster for the premium account! i choose wupload


Step4. 
Click of "Get cookies!"
There will open pastebin with lots of cookies!"



Step5. 
Go to the homepage of the premium account (i must go now to wupload) register a free account on the site 


Step6. 
Register, activate your account and login. Then you open your Cookie Manager/Edit this cookie



Step7. 
Now you must search for the cookename and edit him 

A little list for helping you for which hoster which cookie you must edit!
OCH...................Cookie:
*********.com (short version).....PHPSESSID
megaupload.com....................user
spam.com.......................auth
rapidshare.com....................enc
netload.in........................cookie_user
depositfiles.com..................autologin
oron.com..........................xfss
Filesnic.com.....................PHPSESSID
*******.com.....................PHPSESSID

Doubleclick for edit



Step8. 
Choose one cookies form the opened site (pastebin) and paste him in the second textbox. Press Save 




Step9:
Refresh the site and now you are logged in!


Note: The Logs must be fresh or if it not working the accounts are disabled!

Read More

○●Yahoo! Messenger Tricks●○

Yahoo! Messenger is an instant messaging program which is compatible with all Windows versions. While instant messaging is the focus of Yahoo! Messenger, there are several special tricks that can enhance the user experience. 

Here are my 10 Best Yahoo! Messenger Tricks and Hacks:

1. Find invisible users on your Yahoo! Messenger list

 Want to find out someone who’s hiding from you? You can easily do so by going to Yahoo! Invisible Checker. All you need to do is type in the Yahoo! ID and the particular users status will be revealed.

2. Invisible nickname on chat rooms 

Just go to edit profile and in the nick name type a (space character) on it just press Alt 0160 ( or ALT+255 ) and save it.

Now go to any Yahoo! chat room and you’ll notice that your nick name is empty. [Alt+0160 is a keyboard shortcut for space]

3. Run Multiple Instances of Yahoo! Messenger on same system

Some of you might be having more than one Yahoo! ID would like to log in simultaneously. Here is an easy way to do it without installing any sort of software. You just have to edit the registry and voila there you go. Follow the instructions below:

Download the following -multiyahoo.reg and save it to your hard disk.
Double click on it.



The above dialog will popup, click ‘Yes’
Start the yahoo messenger login with your first ID. Then again start another yahoo messenger by clicking on the messenger icon and log in with your second ID.This tweak works with all versions of Yahoo Messengers.


4. Removing Ads from your Yahoo! Messenger 

If you are using Yahoo! Messenger 8.0, then you can disable ads by following the below steps:
First close the Yahoo! Messenger.
Save this .bat file and execute it. (Note: You won’t be able to enter the chat rooms if you use this patch.)

The above fix doesn’t work for Yahoo! Messenger 9 Beta. Here’s a way to disable the ads in Yahoo! Messenger 9:
Make sure the Yahoo! Messenger isn’t running, if it is then just close it.
Now backup the following file C:\Program Files\Yahoo!\Messenger\Yahoo!Messenger.exe (create a new copy)
Download  HxD  hex editor.
Open C:\Program Files\Yahoo!\Messenger\Yahoo!Messenger.exe in the hex editor
Now go to the offset 295928 (in HxD: Search/GoTo)
Look at the right column and replace y from “y.m.s.g.r.a.d.s” with p
Save the file and close HxD.
Note: This approach breaks Yahoo! Messenger’s terms of service.

If nothing works try launching this file.

5. Yahoo! Smiley Codes 

You can make use of all smileys including hidden ones in your messenger by using  YEmotePLUS  plugin.

6. Creating Custom Profiles for Chat 

You can create custom profiles with different name, sex and other details from  Yahoo! Create/Edit Profiles . You can use these for chat services only.

7. Change the Yahoo! Messenger Title Bar 

You can change the text that appears at the very top of the Yahoo! messenger window by editing the ymsgr.ini file.

1. Go to Program Files\Yahoo!\ and open ymsgr.ini.

2. Then at the end, type this:

[APP TITLE] 
caption=YOUR TEXT 

3. Change YOUR TEXT to whatever you want it to say. Then save the file and close messenger. When you restart messenger you will see your new message.

8. Online Status Changer and Manager 

HyperIM is currently the best status changer & manager for Yahoo! messenger available at present.

9. Access Yahoo! Messenger Chat archives while offline 

You can access your Yahoo! chat logs using Yahoo! Message Archive Decoder. It reads Yahoo! Messenger archive files (.dat files) and presents them in a format that you can read. It decodes the message archive without logging in (offline mode and no passwords required).

10. Retrieve Yahoo! Messenger Display pictures 

Y! Display Pic will retrieve Yahoo! users even if they are offline or invisible.

Read More