https://github.com/php/php-src
my github link https://github.com/sanalrakam
project download file https://github.com/sanalrakam/security-solution-php/blob/master/index.php
PHP Cookie Hack prevention, blocking (secure)
I recently a lot of try work, of my custom secure cookie between hacking research, i like more secure php, if any hacking attach to anyone. i would know-research hacking of technique. Also most people do unannounced.Maybe ? can fix it, more secure think. I especially had a lot of information on these issues and I did a lot of experimentation, i went this way. i found special solution.
Mostly php web apps and wordpress unfortinely not secure (cookie-hacking-using). Most poeople do not know and not very well of this subject, also most everyone doesnt try a lot of (hack ability) whatever. Most people are using for php framework. i think riskly
Open google chrome and observe cookie name and value; thats not hide. And posible any data, string copy, also copying from thirdy party javascript code. again whatever.
Thats doesnt matter because copy able. (all data- cryptic ). again whatever. it's just maybe useful for some things.
<?php
//global cookie time setup option
$time=time() + (86400 * 30);
if( isset($_GET['logout']) ){
//logout promp command prosses
//delete cookie and exit, and redirect;
setcookie("login_name","",-1, "/");
setcookie("login","",-1, "/");
header('Location: index.php');
exit;
}
if(isset($_GET['login']) =='1' && isset($_GET['v1']) && isset($_GET['v2'])){
$v1=$_GET['v1'];
$v2=$_GET['v2'];
setcookie("login_name",base64_encode($v1),$time, "/");
setcookie("login",'1',$time, "/");
header('Location: index.php');
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title>Bare - Start Bootstrap Template</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css">
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
<style>
body {padding-top: 54px;}
@media (min-width: 992px) {
body {padding-top: 56px;}
}
</style>
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-dark fixed-top">
<div class="container">
<a class="navbar-brand" href="#">Start Bootstrap</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarResponsive" aria-controls="navbarResponsive" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarResponsive">
<ul class="navbar-nav ml-auto">
<li class="nav-item active">
<a class="nav-link" href="#">Home
<span class="sr-only">(current)</span>
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#">About</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#">Services</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#">Contact</a>
</li>
</ul>
</div>
</div>
</nav>
<div class="container">
<div class="row">
<?php
$login=0;
//login prosses if get login and login name
if(isset($_COOKIE['login']) && isset($_COOKIE['login_name'])){
if(!empty($_COOKIE['login']) && !empty($_COOKIE['login_name'])){
$name=base64_decode($_COOKIE['login_name']);
$login=1;
//login able=1 setting-up
}
}
if($login == 1 && !empty($name)){
//user login true
?>
<div class="col-lg-12 text-center w3-teal w3-text-white">
<h3>Panel-screen</h3>
<h2 class='w3-grey w3-inline' ><?php print($name); ?></h2>
<hr>
<a class='w3-margin w3-padding w3-white' href='?logout=1'>Logout-exit</a>
<br><br><br>
</div>
<?php
}else{
// if login not work, then show login page
?>
<div class='w3-grey w3-block w3-margin w3-padding'>
Test-Login
<label class='w3-block w3-margin w3-padding'>
<b>name</b>
<input type='text' name='v1' class='form-control'>
</label>
<label class='w3-block w3-margin w3-padding'>
<b>Pass</b>
<input type='password' name='v2' class='form-control'>
</label>
<div id='teter3' class='w3-btn w3-red'>LOG?N TRY</div>
</div>
<?php } ?>
</div>
</div>
<script>
$('#teter3').click(function(){
//clicking login button fast try login
window.location.href+='?login=1&v1='+$('input[name=v1]').val()+'&v2='+$('input[name=v2]').val();
});
</script>
</body>
</html>
Thats above code copy and paste into index.php,
and run local host from google chrome,
type user name and any password and click login button.
Then click chrome browser (i) icon and observe cookies
there code base64 copy and, using any tools for decode
(https://www.base64decode.org/)
Google search to base64 online decoder
Possibility of cookie stealing....
some examples
url: http://host/hg/admin.php
Username: ' or 1/*
Password: any
b) Cookie based authentication
Cookie: loged=yes
Cookie: username=admin
Cookie: user_level=1
Url: http://host/hg/sign.php
Location: <XSS>
Website: javascript:alert(123)
Message: <XSS>
When is stolen session information how use?
So simple example..
step:1
step:2
now will run another browser (Firefox-developer version)
because firefox able to add remove cookie-editor
https://www.mozilla.org/tr/firefox/developer/
download and install mozilla firefox
and open local host index.php
Click right menu and “inspect element(Q)” click then bottom panel opening..
storage -> cookies selected
sample my values and names:
login_name = ZGVtbzEy
login = 1
how long can it be added
my adding two cookie..
and reload page
and getting-show user panel page,? mean login to user account this only simple example... any malicious people be able to make.. can be partial on many websites, You can try..
yes ? try alltime all cross platform browsers.. that works many possibilities, ? doest observe of slowdown. ? using for few web app.
first adding php head setting-up
thats only small prevention:
// **PREVENTING SESSION HIJACKING**
// Prevents javascript XSS attacks aimed to steal the session ID
ini_set('session.cookie_httponly', 1);
// **PREVENTING SESSION FIXATION**
// Session ID cannot be passed through URLs
ini_set('session.use_only_cookies', 1);
// Uses a secure connection (HTTPS) if possible
ini_set('session.cookie_secure'
my special cookie resetter function, Reseting and delete-unset all cookie.
function cookie_reset(){
global $cookie_sure;
if(isset($_SERVER['HTTP_COOKIE'])){
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie){ //loop all cookie
$parts = explode('=', $cookie);
if($parts){
$name = trim($parts[0]);
if($name){
// if need specificly cookie skip
if($name=='cook_rem'){continue;}
setcookie($name,'',time()-$time);
setcookie($name,'',time()-$time, '/');
}
}
}
}
//reload page
echo "window.location.href='index.php';";
exit;
//stop prossing
}
getting ip data (HTTP_CLIENT_IP)
function getip(){$ip="0";
if(isset($_SERVER['HTTP_CLIENT_IP']) && isset($_SERVER['HTTP_X_FORWARDED_FOR']) && isset($_SERVER['REMOTE_ADDR'])){
if (!empty($_SERVER['HTTP_CLIENT_IP'])){
$ip=$_SERVER['HTTP_CLIENT_IP'];
}elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}else{
$ip=$_SERVER['REMOTE_ADDR'];
}
}else{$ip="0";}
return $ip;
}
step:4
Custom key code generate (CLIENT key unique)
generating custom-key (iphone,android,chrome,firefox)
function key_gen(){
// iphone,android,mobile,firefox, all browsers...
$e="";
if(isset($_SERVER['HTTP_USER_AGENT'])){
if(!empty($_SERVER['HTTP_USER_AGENT'])){
$e=$_SERVER['HTTP_USER_AGENT'];
}else{$e="0";}
}
else{$e="0";}
return sha1(getip().$e);
//sha hash return key
}
custom key code generate (CLIENT key unique)
now if the incoming key is correct
$new=key_gen();
if(isset($_COOKIE['key'])){
if($new !== $_COOKIE['key'] && !empty($_COOKIE['key'])){
cookie_reset();
echo "window.location.href='index.php';";exit;
}
}
also replacing login php code
if(isset($_GET['login']) =='1' && isset($_GET['v1']) && isset($_GET['v2'])){
$v1=rawurldecode ($_GET['v1']);
$v2=$_GET['v2'];
$usr_c=base64_encode($v1.'-xx-'.$new);
setcookie("login_name",$usr_c,$time, "/");
setcookie("login",'1',$time, "/");
setcookie("key",$new,$time,'/');
header('Location: index.php');
exit;
}
login-panel screen/ login screen part
cookie user_name parts using
<div class="container">
<div class="row">
<?php
$login = 0;
if (isset($_COOKIE['login']) && isset($_COOKIE['login_name'])) {
if (!empty($_COOKIE['login']) && !empty($_COOKIE['login_name'])) {
$name = base64_decode($_COOKIE['login_name']);
$ar = explode('-xx-', $name);
if (isset($ar[0]) && isset($ar[1])) {
if ($ar[1] !== $new) {
cookie_reset();
echo "window.location.href='index.php';";
exit;
}
$usr_name = $ar[0];
$login = 1;
}
}
}
if ($login == 1) {
echo "Panel-screen
";
?>
<div class="col-lg-12 text-center w3-teal w3-text-white">
<h3>Panel-screen</h3>
<h2 class='w3-grey w3-inline' ><?php
print($usr_name);
?>
</h2>
<hr>
<a class='w3-margin w3-padding w3-white' href='?logout=1'>Logout-exit</a>
<br><br><br>
</div>
<?php
} else {
?>
<div class='w3-grey w3-block w3-margin w3-padding'>
Test-Login
<label class='w3-block w3-margin w3-padding'>
<b>name</b>
<input type='text' name='v1' class='form-control'>
</label>
<label class='w3-block w3-margin w3-padding'>
<b>Pass</b>
<input type='password' name='v2' class='form-control'>
</label>
<div id='teter3' class='w3-btn w3-red'>LOG?N TRY</div>
</div>
<?php
}
?>
</div>
</div>
step1: google chorome, localhost create login and copy all cookie information
step2:
open again firefox-developer
Click right menu and “inspect element(Q)” click then bottom panel opening..
storage -> cookies selected
all cookie adding (+) click and reload page
system is doing...if the logged in information is stolen, it will delete the whole thing
(all cookie remove) and reload page... i think so secure...Specially-produced, compact solution.
### Finish these index.php code (Total-head-latest state)
<?php
//global cookie time setup option
$time=time() + (86400 * 30);
// **PREVENTING SESSION HIJACKING**
// Prevents javascript XSS attacks aimed to steal the session ID
ini_set('session.cookie_httponly', 1);
// **PREVENTING SESSION FIXATION**
// Session ID cannot be passed through URLs
ini_set('session.use_only_cookies', 1);
// Uses a secure connection (HTTPS) if possible
ini_set('session.cookie_secure', 1);
function cookie_reset(){
global $cookie_sure;
if(isset($_SERVER['HTTP_COOKIE'])){
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie){
$parts = explode('=', $cookie);
if($parts){
$name = trim($parts[0]);
if($name){
if($name=='cook_rem'){continue;}
setcookie($name,'',time()-$time);
setcookie($name,'',time()-$time, '/');
}
}
}
}
echo "window.location.href='index.php';";exit;
}
function getip(){$ip="0";
if(isset($_SERVER['HTTP_CLIENT_IP']) && isset($_SERVER['HTTP_X_FORWARDED_FOR']) && isset($_SERVER['REMOTE_ADDR'])){
if (!empty($_SERVER['HTTP_CLIENT_IP'])){
$ip=$_SERVER['HTTP_CLIENT_IP'];
}elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}else{
$ip=$_SERVER['REMOTE_ADDR'];
}
}else{$ip="0";}
return $ip;
}
function key_gen(){
$e="";
if(isset($_SERVER['HTTP_USER_AGENT'])){
if(!empty($_SERVER['HTTP_USER_AGENT'])){
$e=$_SERVER['HTTP_USER_AGENT'];
}else{$e="0";}
}
else{$e="0";}
return sha1(getip().$e);
}
//generate-new
$new=key_gen();
if(isset($_COOKIE['key'])){
if($new !== $_COOKIE['key'] && !empty($_COOKIE['key'])){
cookie_reset();
echo "window.location.href='index.php';";exit;
}
}
if(isset($_GET['logout'])){
setcookie("login_name","",-1, "/");
setcookie("login","",-1, "/");
header('Location: index.php');
exit;
}
if(isset($_GET['login']) =='1' && isset($_GET['v1']) && isset($_GET['v2'])){
$v1=rawurldecode ($_GET['v1']);
$v2=$_GET['v2'];
$usr_c=base64_encode($v1.'-xx-'.$new);
setcookie("login_name",$usr_c,$time, "/");
setcookie("login",'1',$time, "/");
setcookie("key",$new,$time,'/');
header('Location: index.php');
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title>Bare - Start Bootstrap Template</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css">
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
<style>
body {padding-top: 54px;}
@media (min-width: 992px) {
body {padding-top: 56px;}
}
</style>
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-dark fixed-top">
<div class="container">
<a class="navbar-brand" href="#">Start Bootstrap</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarResponsive" aria-controls="navbarResponsive" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarResponsive">
<ul class="navbar-nav ml-auto">
<li class="nav-item active">
<a class="nav-link" href="#">Home
<span class="sr-only">(current)</span>
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#">About</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#">Services</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#">Contact</a>
</li>
</ul>
</div>
</div>
</nav>
<div class="container">
<div class="row">
<?php
$login=0;
if(isset($_COOKIE['login']) && isset($_COOKIE['login_name'])){
if(!empty($_COOKIE['login']) && !empty($_COOKIE['login_name'])){
$name=base64_decode($_COOKIE['login_name']);
$ar=explode('-xx-',$name);
if(isset($ar[0]) && isset($ar[1])){
if($ar[1] !== $new){
//if cookie not valid
cookie_reset();
echo "window.location.href='index.php';";
exit;
}
$usr_name=$ar[0];
$login=1;
// login able
}
}
}
if($login == 1){
echo "Panel-screen
xx";
?>
<div class="col-lg-12 text-center w3-teal w3-text-white">
<h3>Panel-screen</h3>
<h2 class='w3-grey w3-inline' ><?php print($usr_name); ?></h2>
<hr>
<a class='w3-margin w3-padding w3-white' href='?logout=1'>Logout-exit</a>
<br><br><br>
</div>
<?php }else{ ?>
<div class='w3-grey w3-block w3-margin w3-padding'>
Test-Login
<label class='w3-block w3-margin w3-padding'>
<b>name</b>
<input type='text' name='v1' class='form-control'>
</label>
<label class='w3-block w3-margin w3-padding'>
<b>Pass</b>
<input type='password' name='v2' class='form-control'>
</label>
<div id='teter3' class='w3-btn w3-red'>LOG?N TRY</div>
</div>
<?php } ?>
</div>
</div>
<script>
$('#teter3').click(function(){
//try to login redirect
window.location.href+='?login=1&v1='+$('input[name=v1]').val()+'&v2='+$('input[name=v2]').val();
});
</script>
</body>
</html>