吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 2673|回复: 26
收起左侧

[其他原创] 【开源】小学生编程实现多用户Cookie注入,并通过web管理Cookie

[复制链接]
蛋蛋蛋蛋小蛋蛋 发表于 2024-4-29 01:40
本帖最后由 蛋蛋蛋蛋小蛋蛋 于 2024-5-15 03:36 编辑

前已有贴,谓前帖而改

【开源】谷歌cookie注入插件改写,实现cookie保存到服务器 https://www.52pojie.cn/thread-1721819-1-1.html

链接: https://pan.baidu.com/s/1oWcoeLFwn5XE7U9n4E9PFQ?pwd=52pj 提取码: 52pj 复制这段内容后打开百度网盘手机App,操作更方便哦  ←数据库,最新代码在此

改:
一: 2024.04.28改:美化之,请诸君使用上方网盘下载,下面附件缺少sql文件,盘中有优化后的文件
二: 搜索功能写在了mange_cookies.php中并加以完善


装:
1. php + mysql + chrome/edge
2. 度盘server/config.php 设置mysql 信息
3. 导入mysql,文件为度盘 cookieman.sql //user token 设置在数据库中,
4. 插件/popup.js 96行 设置 http(s)://域名/ck.php

用:
插件填入账户的唯一token,并单击Cookie Get,填入token就会发送cookie到数据库中


吾名小学生,次称吾为生

生以为,诸君雄强,强于生,远甚

故生对代码不多述,请诸君观之,多加建言,生必感激涕零

生在前贴基上,加以改进,增多用户注册和登录,以文本之存变为数据库存放,由token进行认证

图片:

其文件有八:

其一: ck.php 以作插件Ajax接收cookie之用

[Asm] 纯文本查看 复制代码
<?php
require 'config.php';  
header('Content-Type: application/json');
$postData = file_get_contents("php://input");
$data = json_decode($postData, true);
$url = $data['url'];
$encodedCookies = $data['cookies'];
$token = $data['token'];
$domain = parse_url($url, PHP_URL_HOST);  // 提取 URL 的域名部分
// 解码 cookies
$cookies = base64_decode($encodedCookies);
// 使用 PDO 连接数据库
try {
    $pdo = new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME, DB_USER, DB_PASSWORD);
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    // 检查 token 并找到对应的用户
    $stmt = $pdo->prepare("SELECT id FROM users WHERE token = :token");
    $stmt->bindParam(':token', $token);
    $stmt->execute();
    $user = $stmt->fetch();
    if ($user) {
        $userId = $user['id'];
        // 检查是否存在相同域名的 cookie
        $stmt = $pdo->prepare("SELECT id FROM user_cookies WHERE user_id = :user_id AND url LIKE :domain");
        $domainLike = "%$domain%";
        $stmt->bindParam(':user_id', $userId);
        $stmt->bindParam(':domain', $domainLike);
        $stmt->execute();
        $existingCookie = $stmt->fetch();
        if ($existingCookie) {
            // 更新现有的 cookie 记录
            $stmt = $pdo->prepare("UPDATE user_cookies SET cookies = :cookies WHERE id = :id");
            $stmt->bindParam(':cookies', $cookies);
            $stmt->bindParam(':id', $existingCookie['id']);
            $stmt->execute();
            echo json_encode(['status' => 'success', 'message' => 'Cookies updated successfully']);
        } else {
            // 插入新的 cookie 记录
            $stmt = $pdo->prepare("INSERT INTO user_cookies (user_id, url, cookies) VALUES (:user_id, :url, :cookies)");
            $stmt->bindParam(':user_id', $userId);
            $stmt->bindParam(':url', $url);
            $stmt->bindParam(':cookies', $cookies);
            $stmt->execute();
            echo json_encode(['status' => 'success', 'message' => 'New cookies saved successfully']);
        }
    } else {
        echo json_encode(['status' => 'error', 'message' => 'Invalid token']);
    }
} catch (PDOException $e) {
    echo json_encode(['status' => 'error', 'message' => 'Database error: ' . $e->getMessage()]);
}
?>


其二: config.php 生以为无需多言
[Asm] 纯文本查看 复制代码
<?php


define('DB_HOST', 'localhost');
define('DB_NAME', 'cookieman');
define('DB_USER', 'root');
define('DB_PASSWORD', 'ckckckuqikuqi');
?>



其三: index.php
[Asm] 纯文本查看 复制代码
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>User Cookies Management</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.5/dist/css/bootstrap.min.css" rel="stylesheet">
    <style>
        body, html {
            margin: 0;
            padding: 0;
            overflow: hidden;
        }

        #background {
            position: fixed;
            width: 100%;
            height: 100%;
            background-color: #000;
            z-index: -1;
        }

        .container-center {
            display: flex;
            justify-content: center;
            align-items: center;
            height: 100vh;
        }

        .form-container {
            background-color: rgba(255, 255, 255, 0.8);
            border-radius: 10px;
            padding: 20px;
            box-shadow: 0px 0px 10px rgba(0, 0, 0, 0.1);
            width: 400px;
        }
    </style>
</head>
<body>
    
    <canvas id="background"></canvas>

    <div class="container-center">
        <div class="form-container">
            <h1 class="text-center mb-4">User Cookies Management</h1>
            
            <div class="mb-3">
                <h2 class="mb-3">Register</h2>
                <form method="post" action="register.php">
                    <input type="text" name="username" placeholder="Username" class="form-control mb-2" required>
                    <button type="submit" class="btn btn-primary btn-block">Register</button>
                </form>
            </div>

            <hr>

            <div>
                <h2 class="mb-3">Login</h2>
                <form method="post" action="login.php">
                    <input type="text" name="username" placeholder="Username" class="form-control mb-2" required>
                    <input type="text" name="token" placeholder="Token" class="form-control mb-2" required>
                    <button type="submit" class="btn btn-success btn-block">Login</button>
                </form>
            </div>
        </div>
    </div>

    <script>
        
        const canvas = document.getElementById("background");
        const ctx = canvas.getContext("2d");

        canvas.width = window.innerWidth;
        canvas.height = window.innerHeight;

        const colors = ["#00bcd4", "#4caf50", "#ff9800", "#9c27b0", "#f44336"];

        class Particle {
            constructor() {
                this.x = Math.random() * canvas.width;
                this.y = Math.random() * canvas.height;
                this.size = Math.random() * 5 + 1;
                this.speedX = Math.random() * 3 - 1.5;
                this.speedY = Math.random() * 3 - 1.5;
                this.color = colors[Math.floor(Math.random() * colors.length)];
            }

            update() {
                this.x += this.speedX;
                this.y += this.speedY;

                if (this.x + this.size > canvas.width || this.x - this.size < 0) {
                    this.speedX = -this.speedX;
                }

                if (this.y + this.size > canvas.height || this.y - this.size < 0) {
                    this.speedY = -this.speedY;
                }
            }

            draw() {
                ctx.beginPath();
                ctx.arc(this.x, this.y, this.size, 0, Math.PI * 2);
                ctx.fillStyle = this.color;
                ctx.fill();
            }
        }

        const particles = [];

        function init() {
            for (let i = 0; i < 100; i++) {
                particles.push(new Particle());
            }
        }

        function animate() {
            requestAnimationFrame(animate);
            ctx.clearRect(0, 0, canvas.width, canvas.height);

            particles.forEach(particle => {
                particle.update();
                particle.draw();
            });
        }

        init();
        animate();
    </script>

    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.5/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>



其四: login.php
[Asm] 纯文本查看 复制代码
<?php
session_start();
require 'config.php';

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $username = $_POST['username'] ?? '';
    $token = $_POST['token'] ?? '';

    try {
        $pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        $stmt = $pdo->prepare("SELECT id FROM users WHERE username = :username AND token = :token");
        $stmt->bindParam(':username', $username);
        $stmt->bindParam(':token', $token);
        $stmt->execute();
        $user = $stmt->fetch();

        if ($user) {
            $_SESSION['user_id'] = $user['id'];
            $_SESSION['username'] = $username;
            $_SESSION['token'] = $token;
            header("Location: manage_cookies.php");
            exit;
        } else {
            echo "Login failed: Invalid username or token.";
        }
    } catch (PDOException $e) {
        die("Error: " . $e->getMessage());
    }
} else {
    echo "Invalid request method.";
}
?>


其五 register.php

[Asm] 纯文本查看 复制代码
<?php
session_start();
require 'config.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $username = $_POST['username'] ?? '';
    try {
        $pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        // 检查用户名是否已存在
        $stmt = $pdo->prepare("SELECT id FROM users WHERE username = :username");
        $stmt->bindParam(':username', $username);
        $stmt->execute();
        if ($stmt->rowCount() > 0) {
            echo "Registration failed: Username already exists.";
        } else {
            $token = bin2hex(random_bytes(16));  // 生成一个随机 token
            $stmt = $pdo->prepare("INSERT INTO users (username, token) VALUES (:username, :token)");
            $stmt->bindParam(':username', $username);
            $stmt->bindParam(':token', $token);
            $stmt->execute();
            // 设置用户 session
            $_SESSION['user_id'] = $pdo->lastInsertId();
            $_SESSION['username'] = $username;
            $_SESSION['token'] = $token;
            
            header("Location: manage_cookies.php");
            exit;
        }
    } catch (PDOException $e) {
        die("Error: " . $e->getMessage());
    }
} else {
    echo "Invalid request method.";
}
?>


其六:  mange_cookies.php 生以为,此为核心

[Asm] 纯文本查看 复制代码
<?php
session_start();
if (!isset($_SESSION['user_id'])) {
    header('Location: login.php');
    exit;
}
require 'config.php';
$message = '';
if (!isset($_SESSION['csrf_token'])) {
    $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['new_token'], $_POST['csrf_token'])) {
    if ($_POST['csrf_token'] !== $_SESSION['csrf_token']) {
        $message = "CSRF token mismatch.";
    } else {
        $newToken = $_POST['new_token'];
        try {
            $pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
            $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
            $stmt = $pdo->prepare("SELECT COUNT(*) FROM users WHERE token = :newToken");
            $stmt->bindParam(':newToken', $newToken);
            $stmt->execute();
            if ($stmt->fetchColumn() > 0) {
                $message = "Token update failed: Token already in use.";
            } else {
            
                $stmt = $pdo->prepare("UPDATE users SET token = :newToken WHERE id = :user_id");
                $stmt->bindParam(':newToken', $newToken);
                $stmt->bindParam(':user_id', $_SESSION['user_id']);
                $stmt->execute();
                $_SESSION['token'] = $newToken;
                $message = "Token updated successfully!";
            }
        } catch (PDOException $e) {
            $message = "Error updating token: " . $e->getMessage();
        }
    }
}
try {
    $pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $stmt = $pdo->prepare("SELECT * FROM user_cookies WHERE user_id = :user_id");
    $stmt->bindParam(':user_id', $_SESSION['user_id']);
    $stmt->execute();
    $cookies = $stmt->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
    die("Database error: " . $e->getMessage());
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Manage Cookies</title>
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css">
</head>
<body>
<div class="container mt-5">
    <h1>Cookie Management Dashboard</h1>
    <p>Welcome, <?php echo htmlspecialchars($_SESSION['username']); ?></p>
    <p>Current token: <?php echo htmlspecialchars($_SESSION['token']); ?></p>
    <p><?php echo $message; ?></p>
   
    <form method="post">
        <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
        <input type="text" name="new_token" required placeholder="Enter new token" class="form-control mb-3">
        <button type="submit" class="btn btn-primary">Update Token</button>
    </form>
    <form class="d-flex mb-3" method="get">
        <input class="form-control me-2" type="search" name="search" placeholder="Search by URL" aria-label="Search">
        <button class="btn btn-outline-success" type="submit">Search</button>
    </form>
   
<div class="table-responsive">
    <table class="table">
        <thead>
            <tr>
                <th scope="col">#</th>
                <th scope="col">URL</th>
                <th scope="col">Cookies</th>
                <th scope="col">Actions</th>
            </tr>
        </thead>
        <tbody>
            <?php foreach ($cookies as $cookie): ?>
            <tr>
                <td><?php echo htmlspecialchars($cookie['id']); ?></td>
                <td><?php echo htmlspecialchars($cookie['url']); ?></td>
                <td>
                    <div style="position: relative;">
                        <span style="overflow: hidden; display: inline-block; max-width: 300px; text-overflow: ellipsis;"><?php echo htmlspecialchars($cookie['cookies']); ?></span>
                        <button class="btn btn-sm btn-secondary" style="position: absolute; top: 0; right: 0;">Copy</button>
                    </div>
                </td>
                <td>
                    <!-- <a href="edit_cookie.php?id=<?php echo $cookie['id']; ?>" class="btn btn-sm btn-primary">Edit</a> -->
                    <a href="delete_cookie.php?id=<?php echo $cookie['id']; ?>" class="btn btn-sm btn-danger">Delete</a>
                </td>
            </tr>
            <?php endforeach; ?>
        </tbody>
    </table>
</div>
<script>
    function copyToClipboard(text) {
        navigator.clipboard.writeText(text)
            .then(() => {
                alert("Copied to clipboard!");
            })
            .catch((error) => {
                console.error("Unable to copy to clipboard:", error);
            });
    }
</script>
</body>
</html>


其七: search.php 寻其domian,以助诸君之便

此已写入mange_cookies.php

其八: delete_cookie.php

[Asm] 纯文本查看 复制代码
<?php
session_start();
if (!isset($_SESSION['user_id'])) {
    header('Location: login.php');
    exit;
}

require 'config.php';

if ($_SERVER['REQUEST_METHOD'] == 'GET' && isset($_GET['id'])) {
    $cookieId = $_GET['id'];
    try {
        $pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        $stmt = $pdo->prepare("DELETE FROM user_cookies WHERE id = :id AND user_id = :user_id");
        $stmt->bindParam(':id', $cookieId);
        $stmt->bindParam(':user_id', $_SESSION['user_id']);
        $stmt->execute();

        header("Location: manage_cookies.php"); 
        exit;
    } catch (PDOException $e) {
        die("Error: " . $e->getMessage());
    }
}


插件代码请诸君移步 https://www.52pojie.cn/thread-1721819-1-1.html




生虽以注册时长久远,但水平依旧年幼,望各位前辈不吝妙言。

如有违规,请管理员删之。




插件图

插件图

登陆图

登陆图

管理图

管理图

server.zip

6.81 KB, 下载次数: 18, 下载积分: 吾爱币 -1 CB

后端

插件.zip

37.51 KB, 下载次数: 16, 下载积分: 吾爱币 -1 CB

插件

免费评分

参与人数 8吾爱币 +16 热心值 +8 收起 理由
pxhzai + 3 + 1 谢谢@Thanks!
vethenc + 2 + 1 感谢发布原创作品,吾爱破解论坛因你更精彩!
kangyuhang + 1 + 1 用心讨论,共获提升!
Lsais + 1 我很赞同!
wari01 + 1 + 1 用心讨论,共获提升!
iTMZhang + 1 + 1 用心讨论,共获提升!
爱飞的猫 + 7 + 1 欢迎分析讨论交流,吾爱破解论坛有你更精彩!
为之奈何? + 1 + 1 我很赞同!

查看全部评分

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

爱飞的猫 发表于 2024-4-29 06:10

简单看了下:

  1. 数据库操作使用的是 prepared statement 而非直接拼接 SQL 语句,已经比很多人的代码要安全一些了;
  2. 删除请求可以使用 DELETE 操作 (不推荐使用 GET 请求),更新数据则可以使用 PATCH 操作提交 (后半部分则是有点鸡蛋里挑骨头了)。
  3. 后台主页看起来是有进行 CSRF 令牌验证,但是其他接口如修改和删除却没有。
    • 例如我可以生成一个包含很多指向 /delete_cookie.php?id=<从1开始的数字> 的图片的网页,并诱导用户访问;如果该用户已经登陆,则可造成批量删除大量该用户存储的 Cookie。
  4. manage_cookies.php 有对从数据库拉去的数据进行转义处理,但是在 search.php 却漏掉了。有潜在的 XSS 风险,但是如果是自用的话问题也不大。
  5. 源码未包含数据库定义(database schema)或自动迁移脚本(database migration)。前者可以使用工具导出,后者可能需要利用 PHP 框架来处理了。

如果有兴趣,也可以提交到在线 Git 仓库,来记录各个版本之间的更改。例如 giteeGitHub

免费评分

参与人数 1吾爱币 +1 热心值 +1 收起 理由
蛋蛋蛋蛋小蛋蛋 + 1 + 1 谢谢@Thanks!

查看全部评分

wari01 发表于 2024-4-29 09:14
阁下真乃年少有志也。闻君谦虚,自知学识尚浅,实乃难得。

对于代码之道,虽言不多,但亦可见其用心。吾观之,虽有不足之处,然亦有其可圈可点之处。

愿与汝共学共进,相互勉励,以求代码之道日益精进。

期待汝之成长,共赴编程之路,再创辉煌!

免费评分

参与人数 1吾爱币 +1 收起 理由
zdsub + 1 我很赞同!

查看全部评分

 楼主| 蛋蛋蛋蛋小蛋蛋 发表于 2024-4-29 07:27
本帖最后由 蛋蛋蛋蛋小蛋蛋 于 2024-4-29 07:31 编辑
爱飞的猫 发表于 2024-4-29 06:10
[md]简单看了下:

1. 数据库操作使用的是 prepared statement 而非直接拼接 SQL 语句,已经比很多人的代 ...

感谢贤之善言,生无以为报
然生接先生之训,继而自省
1.token使用明文传输
2.写入数据库之前没有进行加密,cookie可以在数据库被查看
3.页面不美观
其他接口没有csrftoken验证是因为 接口准备都写在管理页面,然后不知道美化从何处下手,就导致了这个问题出现
目前上传到了github,不过数据库我是属实忘记了
uuuwan 发表于 2024-4-29 09:10
感谢分享~
ztqddj007 发表于 2024-4-29 09:22
这算小学生 那我幼儿园都还没上
不负韶华 发表于 2024-4-29 10:11
现在的孩子条件真的好,我00年的,想当初,,初三时候微机课才第一次碰电脑,连复制粘贴我都不会
Ybushu 发表于 2024-4-29 10:53
学习学习,点赞
Ybushu 发表于 2024-4-29 10:55
少年之姿,国家之态。健康茁壮成长,这才是我们的少年!
fzkfqzz 发表于 2024-4-29 11:13
学习学习,点赞
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-11-24 11:48

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表