ok i am curious on how you can view cookies that you stole and how can you use other peoples cookies that you have stole as your own?

how you can view cookies that you stole

Attackers usually would make the victim send the cookies off to their own server after the victim has clicked the link. This might be by requesting a script in an image tag with the cookie included in a get variable, or by Javascript redirecting the victim to his server.

Once the victim clicks the link and their browser has sent the cookie details back to the attacker's server, the attacker can view the cookies using whatever method the script used to get them to him; for example putting them all in a text file or emailing them to him. Cookies are just text after all.

Enter this in your address bar to see your own cookie for this domain:

javascript:alert(document.cookie);

That is what a cookie-thief wants. When someone does a XSS attack, they inject malicious code into a victim's page with the goal of accessing objects like cookies and getting them back to their own server.


how can you use other peoples cookies that you have stole as your own?

I use the Add 'n' Edit Cookies extension for Firefox.

Try reading these:

http://en.wikipedia.org/wiki/Form_(web)
http://en.wikipedia.org/wiki/HTTP_cookie
http://www.w*schools.com/
http://www.php.net/manual/en/

thanks alot man but i have one more question I made the php script that steels cookies and it just came out likethis (http://dipman44.78*mb.com/log.txt)

my cookie steeler ishere (http://dipman44.78*mb.com/funnyvideo.php)

Could be many reasons it didn't work. It's impossible for me to know without the PHP source and other info.

Could be many reasons it didn't work. It's impossible for me to know without the PHP source and other info.

i gave you the php source: 78*mb.com

i gave you the php source: 78*mb.com

You didn't. Web servers don't give out the source to server-side scripts, so I can't just access it at its URL and click 'view source'. That only works for browser scripts.

You'll have to post the source here.

You didn't. Web servers don't give out the source to server-side scripts, so I can't just access it at its URL and click 'view source'. That only works for browser scripts.

You'll have to post the source here.

wait so how do i get it?

Open it in a text editor.