【开源】小学生编程实现多用户Cookie注入,并通过web管理Cookie
本帖最后由 蛋蛋蛋蛋小蛋蛋 于 2024-5-15 03:36 编辑前已有贴,谓前帖而改
【开源】谷歌cookie注入插件改写,实现cookie保存到服务器 https://www.52pojie.cn/thread-1721819-1-1.html
链接: https://pan.baidu.com/s/1oWcoeLFwn5XE7U9n4E9PFQ?pwd=52pj 提取码: 52pj 复制这段内容后打开百度网盘手机App,操作更方便哦←数据库,最新代码在此
改:
一: 2024.04.28改:美化之,请诸君使用上方网盘下载,下面附件缺少sql文件,盘中有优化后的文件
二: 搜索功能写在了mange_cookies.php中并加以完善
装:
1. php + mysql + chrome/edge
2. 度盘server/config.php 设置mysql 信息
3. 导入mysql,文件为度盘 cookieman.sql //user token 设置在数据库中,
4. 插件/popup.js 96行 设置 http(s)://域名/ck.php
用:
插件填入账户的唯一token,并单击Cookie Get,填入token就会发送cookie到数据库中
吾名小学生,次称吾为生
生以为,诸君雄强,强于生,远甚
故生对代码不多述,请诸君观之,多加建言,生必感激涕零
生在前贴基上,加以改进,增多用户注册和登录,以文本之存变为数据库存放,由token进行认证
图片:
其文件有八:
其一: ck.php 以作插件Ajax接收cookie之用
<?php
require 'config.php';
header('Content-Type: application/json');
$postData = file_get_contents("php://input");
$data = json_decode($postData, true);
$url = $data['url'];
$encodedCookies = $data['cookies'];
$token = $data['token'];
$domain = parse_url($url, PHP_URL_HOST);// 提取 URL 的域名部分
// 解码 cookies
$cookies = base64_decode($encodedCookies);
// 使用 PDO 连接数据库
try {
$pdo = new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME, DB_USER, DB_PASSWORD);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// 检查 token 并找到对应的用户
$stmt = $pdo->prepare("SELECT id FROM users WHERE token = :token");
$stmt->bindParam(':token', $token);
$stmt->execute();
$user = $stmt->fetch();
if ($user) {
$userId = $user['id'];
// 检查是否存在相同域名的 cookie
$stmt = $pdo->prepare("SELECT id FROM user_cookies WHERE user_id = :user_id AND url LIKE :domain");
$domainLike = "%$domain%";
$stmt->bindParam(':user_id', $userId);
$stmt->bindParam(':domain', $domainLike);
$stmt->execute();
$existingCookie = $stmt->fetch();
if ($existingCookie) {
// 更新现有的 cookie 记录
$stmt = $pdo->prepare("UPDATE user_cookies SET cookies = :cookies WHERE id = :id");
$stmt->bindParam(':cookies', $cookies);
$stmt->bindParam(':id', $existingCookie['id']);
$stmt->execute();
echo json_encode(['status' => 'success', 'message' => 'Cookies updated successfully']);
} else {
// 插入新的 cookie 记录
$stmt = $pdo->prepare("INSERT INTO user_cookies (user_id, url, cookies) VALUES (:user_id, :url, :cookies)");
$stmt->bindParam(':user_id', $userId);
$stmt->bindParam(':url', $url);
$stmt->bindParam(':cookies', $cookies);
$stmt->execute();
echo json_encode(['status' => 'success', 'message' => 'New cookies saved successfully']);
}
} else {
echo json_encode(['status' => 'error', 'message' => 'Invalid token']);
}
} catch (PDOException $e) {
echo json_encode(['status' => 'error', 'message' => 'Database error: ' . $e->getMessage()]);
}
?>
其二: config.php 生以为无需多言
<?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'cookieman');
define('DB_USER', 'root');
define('DB_PASSWORD', 'ckckckuqikuqi');
?>
其三: index.php
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>User Cookies Management</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.5/dist/css/bootstrap.min.css" rel="stylesheet">
<style>
body, html {
margin: 0;
padding: 0;
overflow: hidden;
}
#background {
position: fixed;
width: 100%;
height: 100%;
background-color: #000;
z-index: -1;
}
.container-center {
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
}
.form-container {
background-color: rgba(255, 255, 255, 0.8);
border-radius: 10px;
padding: 20px;
box-shadow: 0px 0px 10px rgba(0, 0, 0, 0.1);
width: 400px;
}
</style>
</head>
<body>
<canvas id="background"></canvas>
<div class="container-center">
<div class="form-container">
<h1 class="text-center mb-4">User Cookies Management</h1>
<div class="mb-3">
<h2 class="mb-3">Register</h2>
<form method="post" action="register.php">
<input type="text" name="username" placeholder="Username" class="form-control mb-2" required>
<button type="submit" class="btn btn-primary btn-block">Register</button>
</form>
</div>
<hr>
<div>
<h2 class="mb-3">Login</h2>
<form method="post" action="login.php">
<input type="text" name="username" placeholder="Username" class="form-control mb-2" required>
<input type="text" name="token" placeholder="Token" class="form-control mb-2" required>
<button type="submit" class="btn btn-success btn-block">Login</button>
</form>
</div>
</div>
</div>
<script>
const canvas = document.getElementById("background");
const ctx = canvas.getContext("2d");
canvas.width = window.innerWidth;
canvas.height = window.innerHeight;
const colors = ["#00bcd4", "#4caf50", "#ff9800", "#9c27b0", "#f44336"];
class Particle {
constructor() {
this.x = Math.random() * canvas.width;
this.y = Math.random() * canvas.height;
this.size = Math.random() * 5 + 1;
this.speedX = Math.random() * 3 - 1.5;
this.speedY = Math.random() * 3 - 1.5;
this.color = colors;
}
update() {
this.x += this.speedX;
this.y += this.speedY;
if (this.x + this.size > canvas.width || this.x - this.size < 0) {
this.speedX = -this.speedX;
}
if (this.y + this.size > canvas.height || this.y - this.size < 0) {
this.speedY = -this.speedY;
}
}
draw() {
ctx.beginPath();
ctx.arc(this.x, this.y, this.size, 0, Math.PI * 2);
ctx.fillStyle = this.color;
ctx.fill();
}
}
const particles = [];
function init() {
for (let i = 0; i < 100; i++) {
particles.push(new Particle());
}
}
function animate() {
requestAnimationFrame(animate);
ctx.clearRect(0, 0, canvas.width, canvas.height);
particles.forEach(particle => {
particle.update();
particle.draw();
});
}
init();
animate();
</script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.5/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
其四: login.php
<?php
session_start();
require 'config.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'] ?? '';
$token = $_POST['token'] ?? '';
try {
$pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $pdo->prepare("SELECT id FROM users WHERE username = :username AND token = :token");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':token', $token);
$stmt->execute();
$user = $stmt->fetch();
if ($user) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $username;
$_SESSION['token'] = $token;
header("Location: manage_cookies.php");
exit;
} else {
echo "Login failed: Invalid username or token.";
}
} catch (PDOException $e) {
die("Error: " . $e->getMessage());
}
} else {
echo "Invalid request method.";
}
?>
其五 register.php
<?php
session_start();
require 'config.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'] ?? '';
try {
$pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// 检查用户名是否已存在
$stmt = $pdo->prepare("SELECT id FROM users WHERE username = :username");
$stmt->bindParam(':username', $username);
$stmt->execute();
if ($stmt->rowCount() > 0) {
echo "Registration failed: Username already exists.";
} else {
$token = bin2hex(random_bytes(16));// 生成一个随机 token
$stmt = $pdo->prepare("INSERT INTO users (username, token) VALUES (:username, :token)");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':token', $token);
$stmt->execute();
// 设置用户 session
$_SESSION['user_id'] = $pdo->lastInsertId();
$_SESSION['username'] = $username;
$_SESSION['token'] = $token;
header("Location: manage_cookies.php");
exit;
}
} catch (PDOException $e) {
die("Error: " . $e->getMessage());
}
} else {
echo "Invalid request method.";
}
?>
其六:mange_cookies.php 生以为,此为核心
<?php
session_start();
if (!isset($_SESSION['user_id'])) {
header('Location: login.php');
exit;
}
require 'config.php';
$message = '';
if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['new_token'], $_POST['csrf_token'])) {
if ($_POST['csrf_token'] !== $_SESSION['csrf_token']) {
$message = "CSRF token mismatch.";
} else {
$newToken = $_POST['new_token'];
try {
$pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $pdo->prepare("SELECT COUNT(*) FROM users WHERE token = :newToken");
$stmt->bindParam(':newToken', $newToken);
$stmt->execute();
if ($stmt->fetchColumn() > 0) {
$message = "Token update failed: Token already in use.";
} else {
$stmt = $pdo->prepare("UPDATE users SET token = :newToken WHERE id = :user_id");
$stmt->bindParam(':newToken', $newToken);
$stmt->bindParam(':user_id', $_SESSION['user_id']);
$stmt->execute();
$_SESSION['token'] = $newToken;
$message = "Token updated successfully!";
}
} catch (PDOException $e) {
$message = "Error updating token: " . $e->getMessage();
}
}
}
try {
$pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $pdo->prepare("SELECT * FROM user_cookies WHERE user_id = :user_id");
$stmt->bindParam(':user_id', $_SESSION['user_id']);
$stmt->execute();
$cookies = $stmt->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
die("Database error: " . $e->getMessage());
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Manage Cookies</title>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css">
</head>
<body>
<div class="container mt-5">
<h1>Cookie Management Dashboard</h1>
<p>Welcome, <?php echo htmlspecialchars($_SESSION['username']); ?></p>
<p>Current token: <?php echo htmlspecialchars($_SESSION['token']); ?></p>
<p><?php echo $message; ?></p>
<form method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<input type="text" name="new_token" required placeholder="Enter new token" class="form-control mb-3">
<button type="submit" class="btn btn-primary">Update Token</button>
</form>
<form class="d-flex mb-3" method="get">
<input class="form-control me-2" type="search" name="search" placeholder="Search by URL" aria-label="Search">
<button class="btn btn-outline-success" type="submit">Search</button>
</form>
<div class="table-responsive">
<table class="table">
<thead>
<tr>
<th scope="col">#</th>
<th scope="col">URL</th>
<th scope="col">Cookies</th>
<th scope="col">Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($cookies as $cookie): ?>
<tr>
<td><?php echo htmlspecialchars($cookie['id']); ?></td>
<td><?php echo htmlspecialchars($cookie['url']); ?></td>
<td>
<div style="position: relative;">
<span style="overflow: hidden; display: inline-block; max-width: 300px; text-overflow: ellipsis;"><?php echo htmlspecialchars($cookie['cookies']); ?></span>
<button class="btn btn-sm btn-secondary" style="position: absolute; top: 0; right: 0;">Copy</button>
</div>
</td>
<td>
<!-- <a href="edit_cookie.php?id=<?php echo $cookie['id']; ?>" class="btn btn-sm btn-primary">Edit</a> -->
<a href="delete_cookie.php?id=<?php echo $cookie['id']; ?>" class="btn btn-sm btn-danger">Delete</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<script>
function copyToClipboard(text) {
navigator.clipboard.writeText(text)
.then(() => {
alert("Copied to clipboard!");
})
.catch((error) => {
console.error("Unable to copy to clipboard:", error);
});
}
</script>
</body>
</html>
其七: search.php 寻其domian,以助诸君之便
此已写入mange_cookies.php中
其八: delete_cookie.php
<?php
session_start();
if (!isset($_SESSION['user_id'])) {
header('Location: login.php');
exit;
}
require 'config.php';
if ($_SERVER['REQUEST_METHOD'] == 'GET' && isset($_GET['id'])) {
$cookieId = $_GET['id'];
try {
$pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $pdo->prepare("DELETE FROM user_cookies WHERE id = :id AND user_id = :user_id");
$stmt->bindParam(':id', $cookieId);
$stmt->bindParam(':user_id', $_SESSION['user_id']);
$stmt->execute();
header("Location: manage_cookies.php");
exit;
} catch (PDOException $e) {
die("Error: " . $e->getMessage());
}
}
插件代码请诸君移步 https://www.52pojie.cn/thread-1721819-1-1.html
生虽以注册时长久远,但水平依旧年幼,望各位前辈不吝妙言。
如有违规,请管理员删之。
简单看了下:
1. 数据库操作使用的是 prepared statement 而非直接拼接 SQL 语句,已经比很多人的代码要安全一些了;
2. 删除请求可以使用 `DELETE` 操作 (不推荐使用 `GET` 请求),更新数据则可以使用 `PATCH` 操作提交 (后半部分则是有点鸡蛋里挑骨头了)。
3. 后台主页看起来是有进行 `CSRF` 令牌验证,但是其他接口如修改和删除却没有。
- 例如我可以生成一个包含很多指向 `/delete_cookie.php?id=<从1开始的数字>` 的图片的网页,并诱导用户访问;如果该用户已经登陆,则可造成批量删除大量该用户存储的 Cookie。
4. `manage_cookies.php` 有对从数据库拉去的数据进行转义处理,但是在 `search.php` 却漏掉了。有潜在的 XSS 风险,但是如果是自用的话问题也不大。
5. 源码未包含数据库定义(database schema)或自动迁移脚本(database migration)。前者可以使用工具导出,后者可能需要利用 PHP 框架来处理了。
如果有兴趣,也可以提交到在线 Git 仓库,来记录各个版本之间的更改。例如 (https://gitee.com) 或 (https://github.com)。
阁下真乃年少有志也。闻君谦虚,自知学识尚浅,实乃难得。
对于代码之道,虽言不多,但亦可见其用心。吾观之,虽有不足之处,然亦有其可圈可点之处。
愿与汝共学共进,相互勉励,以求代码之道日益精进。
期待汝之成长,共赴编程之路,再创辉煌! 本帖最后由 蛋蛋蛋蛋小蛋蛋 于 2024-4-29 07:31 编辑
爱飞的猫 发表于 2024-4-29 06:10
简单看了下:
1. 数据库操作使用的是 prepared statement 而非直接拼接 SQL 语句,已经比很多人的代 ...
感谢贤之善言,生无以为报
然生接先生之训,继而自省
1.token使用明文传输
2.写入数据库之前没有进行加密,cookie可以在数据库被查看
3.页面不美观
其他接口没有csrftoken验证是因为 接口准备都写在管理页面,然后不知道美化从何处下手,就导致了这个问题出现
目前上传到了github,不过数据库我是属实忘记了:lol 感谢分享~ 这算小学生 那我幼儿园都还没上 现在的孩子条件真的好,我00年的,想当初,,初三时候微机课才第一次碰电脑,连复制粘贴我都不会 学习学习,点赞 少年之姿,国家之态。健康茁壮成长,这才是我们的少年! 学习学习,点赞