So, you want to set up a keylogger within a website. Ultimately it is fairly simple. there are 2 items you will need. First will be a way to log the keystrokes and second would be a way to capture the keystrokes.
For the logging of the key strokes, the simplest way would be with a small script similar to the following one. This script accepts any GET or POST parameter and then logs it to the specified file. Of course with this, it is assumed that you have a place to host this script and that the script has the proper permissions to create and write to the file.
It should be noted that I have used a version of that logging script for numerous situations, mostly for social engineering. It works well for credential harvesting websites. It also is useful as a simple data exfiltration script.
With that taken care of, now we need to build a way to capture the key strokes. One of the simplest ways to go about this is demonstrated in the following code sample. This code when included within a webpage (with the proper surrounding "script" tags) will capture every key pressed (as long as it is a printable character) and then send it off to a secondary logging script.
The previous simple key capture script has a few limitations. The primary one is that it only captures printable characters. Thus, key presses like [Backspace], [tab], [enter], [arrow keys], and so on will not be captured. To account for these missing keys, it is important to not only listen for "onkeypress" but also for "onkeydown". The following code takes this into account to provide a much more complete key capturing script.
Hopefully, you will find these scripts of use. As always, if you have any questions/comments/criticisms, please feel free to let me know.
For the logging of the key strokes, the simplest way would be with a small script similar to the following one. This script accepts any GET or POST parameter and then logs it to the specified file. Of course with this, it is assumed that you have a place to host this script and that the script has the proper permissions to create and write to the file.
It should be noted that I have used a version of that logging script for numerous situations, mostly for social engineering. It works well for credential harvesting websites. It also is useful as a simple data exfiltration script.
With that taken care of, now we need to build a way to capture the key strokes. One of the simplest ways to go about this is demonstrated in the following code sample. This code when included within a webpage (with the proper surrounding "script" tags) will capture every key pressed (as long as it is a printable character) and then send it off to a secondary logging script.
The previous simple key capture script has a few limitations. The primary one is that it only captures printable characters. Thus, key presses like [Backspace], [tab], [enter], [arrow keys], and so on will not be captured. To account for these missing keys, it is important to not only listen for "onkeypress" but also for "onkeydown". The following code takes this into account to provide a much more complete key capturing script.
Hopefully, you will find these scripts of use. As always, if you have any questions/comments/criticisms, please feel free to let me know.
No comments:
Post a Comment