Problem! - Cookie Logging
crash_overide 2 wrote: hi, I've been reading the tutorial on xss cookie logging, and unfortunately the server is down, I am not be able to download the particular software to continue the tutorial, is there any other alternatives that may help? thnks
src=>down "http://ccl.whiteacid.org/"
Haha its not a download its a cookie logger. If you know php code your own cookie logger. I used to use that site, it was awsome. R.I.P http://ccl.whiteacid.org/
crash_overide 2 wrote: oh so the whole point is, to create that particular logger to be directed to the link "http://ccl.whiteacid.org/" right?
No no no http://ccl.whiteacid.org/ is dead. Gone. (for now at least) The point is to log there cookies (by making someone click on a link that redirects there cookies most likely to your server ie phishing). You have to code some php to log cookies on your server. Than where ever the site is vuln to XSS put in something that will make the cookies redirect to your server. Make whom ever click that link. Than when you have successfully stolen there cookies go back to the site, change your cookies to the ones stolen and then BAM! You just stole some cookies :D.
EDIT: XSS is very powerful in the right hands ;) it's not limited to just stealing cookies. http://keepitlocked.net/archive/2008/06/17/quot-the-spy-who-hacked-me-quot-teched-2008-demo.aspx