本帖最后由 蛋蛋蛋蛋小蛋蛋 于 2024-4-29 14:56 编辑
前已有贴,谓前帖而改
【开源】谷歌cookie注入插件改写,实现cookie保存到服务器 https://www.52pojie.cn/thread-1721819-1-1.html
链接: https://pan.baidu.com/s/1oWcoeLFwn5XE7U9n4E9PFQ?pwd=52pj 提取码: 52pj 复制这段内容后打开百度网盘手机App,操作更方便哦 ←数据库在此
2024.04.28改:美化之,请诸君使用上方网盘下载,下面附件缺少sql文件,盘中有优化后的文件
吾名小学生,次称吾为生
生以为,诸君雄强,强于生,远甚
故生对代码不多述,请诸君观之,多加建言,生必感激涕零
生在前贴基上,加以改进,增多用户注册和登录,以文本之存变为数据库存放,由token进行认证
图片:
其文件有八:
其一: ck.php 以作插件Ajax接收cookie之用
[PHP] 纯文本查看 复制代码 <?phprequire 'config.php';
header('Content-Type: application/json');
$postData = file_get_contents("php://input");
$data = json_decode($postData, true);
$url = $data['url'];
$encodedCookies = $data['cookies'];
$token = $data['token'];
$domain = parse_url($url, PHP_URL_HOST); // 提取 URL 的域名部分
// 解码 cookies
$cookies = base64_decode($encodedCookies);
// 使用 PDO 连接数据库
try {
$pdo = new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME, DB_USER, DB_PASSWORD);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// 检查 token 并找到对应的用户
$stmt = $pdo->prepare("SELECT id FROM users WHERE token = :token");
$stmt->bindParam(':token', $token);
$stmt->execute();
$user = $stmt->fetch();
if ($user) {
$userId = $user['id'];
// 检查是否存在相同域名的 cookie
$stmt = $pdo->prepare("SELECT id FROM user_cookies WHERE user_id = :user_id AND url LIKE :domain");
$domainLike = "%$domain%";
$stmt->bindParam(':user_id', $userId);
$stmt->bindParam(':domain', $domainLike);
$stmt->execute();
$existingCookie = $stmt->fetch();
if ($existingCookie) {
// 更新现有的 cookie 记录
$stmt = $pdo->prepare("UPDATE user_cookies SET cookies = :cookies WHERE id = :id");
$stmt->bindParam(':cookies', $cookies);
$stmt->bindParam(':id', $existingCookie['id']);
$stmt->execute();
echo json_encode(['status' => 'success', 'message' => 'Cookies updated successfully']);
} else {
// 插入新的 cookie 记录
$stmt = $pdo->prepare("INSERT INTO user_cookies (user_id, url, cookies) VALUES (:user_id, :url, :cookies)");
$stmt->bindParam(':user_id', $userId);
$stmt->bindParam(':url', $url);
$stmt->bindParam(':cookies', $cookies);
$stmt->execute();
echo json_encode(['status' => 'success', 'message' => 'New cookies saved successfully']);
}
} else {
echo json_encode(['status' => 'error', 'message' => 'Invalid token']);
}
} catch (PDOException $e) {
echo json_encode(['status' => 'error', 'message' => 'Database error: ' . $e->getMessage()]);
}
?>
其二: config.php 生以为无需多言
其三: index.php
[PHP] 纯文本查看 复制代码 <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>User Cookies Management</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.5/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>
<div class="container mt-5">
<h1 class="mb-4">User Cookies Management</h1>
<div class="row">
<div class="col-md-6">
<h2>Register</h2>
<form method="post" action="register.php">
<input type="text" name="username" placeholder="Username" class="form-control mb-2" required>
<button type="submit" class="btn btn-primary">Register</button>
</form>
</div>
<div class="col-md-6">
<h2>Login</h2>
<form method="post" action="login.php">
<input type="text" name="username" placeholder="Username" class="form-control mb-2" required>
<input type="text" name="token" placeholder="Token" class="form-control mb-2" required>
<button type="submit" class="btn btn-success">Login</button>
</form>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.5/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
其四: login.php
[PHP] 纯文本查看 复制代码 <?php
session_start();
require 'config.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'] ?? '';
$token = $_POST['token'] ?? '';
try {
$pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $pdo->prepare("SELECT id FROM users WHERE username = :username AND token = :token");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':token', $token);
$stmt->execute();
$user = $stmt->fetch();
if ($user) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $username;
$_SESSION['token'] = $token;
header("Location: manage_cookies.php");
exit;
} else {
echo "Login failed: Invalid username or token.";
}
} catch (PDOException $e) {
die("Error: " . $e->getMessage());
}
} else {
echo "Invalid request method.";
}
?>
其五 register.php
[PHP] 纯文本查看 复制代码 <?php
session_start();
require 'config.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'] ?? '';
try {
$pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// 检查用户名是否已存在
$stmt = $pdo->prepare("SELECT id FROM users WHERE username = :username");
$stmt->bindParam(':username', $username);
$stmt->execute();
if ($stmt->rowCount() > 0) {
echo "Registration failed: Username already exists.";
} else {
$token = bin2hex(random_bytes(16)); // 生成一个随机 token
$stmt = $pdo->prepare("INSERT INTO users (username, token) VALUES (:username, :token)");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':token', $token);
$stmt->execute();
// 设置用户 session
$_SESSION['user_id'] = $pdo->lastInsertId();
$_SESSION['username'] = $username;
$_SESSION['token'] = $token;
header("Location: manage_cookies.php");
exit;
}
} catch (PDOException $e) {
die("Error: " . $e->getMessage());
}
} else {
echo "Invalid request method.";
}
?>
其六: mange_cookies.php 生以为,此为核心
[Asm] 纯文本查看 复制代码 <?php
session_start();
if (!isset($_SESSION['user_id'])) {
header('Location: login.php');
exit;
}
require 'config.php';
$message = '';
if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['new_token'], $_POST['csrf_token'])) {
if ($_POST['csrf_token'] !== $_SESSION['csrf_token']) {
$message = "CSRF token mismatch.";
} else {
$newToken = $_POST['new_token'];
try {
$pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $pdo->prepare("SELECT COUNT(*) FROM users WHERE token = :newToken");
$stmt->bindParam(':newToken', $newToken);
$stmt->execute();
if ($stmt->fetchColumn() > 0) {
$message = "Token update failed: Token already in use.";
} else {
$stmt = $pdo->prepare("UPDATE users SET token = :newToken WHERE id = :user_id");
$stmt->bindParam(':newToken', $newToken);
$stmt->bindParam(':user_id', $_SESSION['user_id']);
$stmt->execute();
$_SESSION['token'] = $newToken;
$message = "Token updated successfully!";
}
} catch (PDOException $e) {
$message = "Error updating token: " . $e->getMessage();
}
}
}
try {
$pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $pdo->prepare("SELECT * FROM user_cookies WHERE user_id = :user_id");
$stmt->bindParam(':user_id', $_SESSION['user_id']);
$stmt->execute();
$cookies = $stmt->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
die("Database error: " . $e->getMessage());
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Manage Cookies</title>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css">
</head>
<body>
<div class="container mt-5">
<h1>Cookie Management Dashboard</h1>
<p>Welcome, <?php echo htmlspecialchars($_SESSION['username']); ?></p>
<p>Current token: <?php echo htmlspecialchars($_SESSION['token']); ?></p>
<p><?php echo $message; ?></p>
<form method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<input type="text" name="new_token" required placeholder="Enter new token" class="form-control mb-3">
<button type="submit" class="btn btn-primary">Update Token</button>
</form>
<form class="d-flex mb-3" method="get">
<input class="form-control me-2" type="search" name="search" placeholder="Search by URL" aria-label="Search">
<button class="btn btn-outline-success" type="submit">Search</button>
</form>
<div class="table-responsive">
<table class="table">
<thead>
<tr>
<th scope="col">#</th>
<th scope="col">URL</th>
<th scope="col">Cookies</th>
<th scope="col">Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($cookies as $cookie): ?>
<tr>
<td><?php echo htmlspecialchars($cookie['id']); ?></td>
<td><?php echo htmlspecialchars($cookie['url']); ?></td>
<td>
<div style="position: relative;">
<span style="overflow: hidden; display: inline-block; max-width: 300px; text-overflow: ellipsis;"><?php echo htmlspecialchars($cookie['cookies']); ?></span>
<button class="btn btn-sm btn-secondary" style="position: absolute; top: 0; right: 0;">Copy</button>
</div>
</td>
<td>
<!-- <a href="edit_cookie.php?id=<?php echo $cookie['id']; ?>" class="btn btn-sm btn-primary">Edit</a> -->
<a href="delete_cookie.php?id=<?php echo $cookie['id']; ?>" class="btn btn-sm btn-danger">Delete</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<script>
function copyToClipboard(text) {
navigator.clipboard.writeText(text)
.then(() => {
alert("Copied to clipboard!");
})
.catch((error) => {
console.error("Unable to copy to clipboard:", error);
});
}
</script>
</body>
</html>
其七: search.php 寻其domian,以助诸君之便
[Asm] 纯文本查看 复制代码 <?php
require 'config.php';
$search = $_GET['search'] ?? ''; // 获取搜索关键词
try {
$pdo = new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME, DB_USER, DB_PASSWORD);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $pdo->prepare("SELECT * FROM user_cookies WHERE url LIKE ?");
$stmt->execute(["%$search%"]);
$cookies = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($cookies as $cookie) {
echo "<tr>
<td>{$cookie['id']}</td>
<td>{$cookie['url']}</td>
<td>{$cookie['cookies']}</td>
<td>
<button class='btn btn-danger'>Delete</button>
<button class='btn btn-secondary'>Edit</button>
</td>
</tr>";
}
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
?>
其八: delete_cookie.php
[Asm] 纯文本查看 复制代码 <?php
session_start();
if (!isset($_SESSION['user_id'])) {
header('Location: login.php');
exit;
}
require 'config.php';
if ($_SERVER['REQUEST_METHOD'] == 'GET' && isset($_GET['id'])) {
$cookieId = $_GET['id'];
try {
$pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $pdo->prepare("DELETE FROM user_cookies WHERE id = :id AND user_id = :user_id");
$stmt->bindParam(':id', $cookieId);
$stmt->bindParam(':user_id', $_SESSION['user_id']);
$stmt->execute();
header("Location: manage_cookies.php");
exit;
} catch (PDOException $e) {
die("Error: " . $e->getMessage());
}
}
插件代码请诸君移步 https://www.52pojie.cn/thread-1721819-1-1.html
生虽以注册时长久远,但水平依旧年幼,望各位前辈不吝妙言。
如有违规,请管理员删之。
|