sniff mouse and keyboard events
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin project cleanup Aug 18, 2017
sniffMK.xcodeproj
sniffMK added kCGEventTapDisabledByTimeout Aug 29, 2017
.gitignore Initial code commit Aug 18, 2017
License.md Create License.md Aug 18, 2017
README.md Update README.md Aug 18, 2017

README.md

sniffMK

sniffMK is a simple utility designed to sniff mouse and keyboard events on macOS. It is based on code from amit singh's website; (http://osxbook.com)

It was designed to facilitate malware analysis (specifically OSX/FruitFly which can simulate both mouse and keyboard events - see BlackHat/DefCon slides for details).

Run sniffMK, as root, to start sniffing events:

# ./sniffMK
mouse/keyboard sniffer
based on code from amit singh (http://osxbook.com)

event: left mouse down
x: 821.285156
y: 727.726562

event: left mouse up
x: 821.285156
y: 727.726562

event: key down
key modifiers: shift 
keycode: 0x4/h

event: key up
keycode: 0x4/h

event: key down
keycode: 0x22/i

event: key up
keycode: 0x22/i

....

event: key down
key modifiers: control 
keycode: 0x8/c

To only capture mouse events, execute sniffMK with the -mouse commandline argument.
Similarly, execute it with the -keyboard commandline argument to only capture keyboard events.