Jump to content

Keylogger


Sebkinne

Recommended Posts

Hey everyone,

As you all know, Digininja and WhistleMaster have been working hard to bring you their Keylogger infusion.

This infusion is now ready and you will find it in your local Pineapple bar.

Seeing as this is a rather complex module, there are bound to be issues with it.

Some of the issues we know about, some we don't. We ask you to report any issues you are having / any bugs you are experiencing. Please do this in an ordered fashion. Read through the entire thread and see if your issue has already been reported. If so and you have more to add, please quote the issue and add your findings to it.

Please do not complain that something doesn't work. We are all working together to make this a great module, but please don't ask for ETAs.

Note that for the module to work you may need to run the 2.7.5 firmware. This is due to kernel dependencies of ebtables.

List of known issues upon release:

  • If the browser sends a GET request that has the full url ie "GET http://blah.com/file HTTP/1.1" instead of "GET http://blah.com/file HTTP/1.1", some pages will fail to load (wikimedia for example - means no CSS for wikipedia).
  • If an input field already has an onkeypress method attached to it, it will get overwritten - this will probably break the site's functionality. Can be fixed quite quickly but more on that later.
  • The install_keylogger() javascript function doesn't always fire if the page takes too long to load.
  • Typing in input forms has a bit of a lag about it. Not much we can do about that.

We are looking forward to your feedback and hope you enjoy this module! We will keep enhancing it's performance and reliability and try to iron out any issues found.

Link to comment
Share on other sites

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Thanks to Seb and WM for their help with this. As Seb says, we know there are a few bugs, I know how to fix some of them and just need to find time to do it, but now this is fairly stable we wanted to get it out there and into peoples hands so it can be tested and bugs found.

If you want to know how the proxy works then I've put quite a few commends in proxy.rb, k.php and k.js but I'm also planning to do a write up on it.

Enjoy

Link to comment
Share on other sites

Well it works. What do you attribute the slow entry to? When I rolled my own solution, I didn't run into this issue.. however it didn't inject into the page nearly as well as this one. Great work guys!

-Shark3y

The reason for the input lag is because every key pressed is transmitted via a post request. It is being run synchronously. Otherwise the key order could get messed up.

The issue with doing it asynchronously is that we would need to also transmit a time-stamp. This is something that could be incorporated into a future version.

Link to comment
Share on other sites

I've a bit of a plan to leave it as it is for now and collect bug reports then do upgrades and bug fixes in a single release.

That is unless a module-stopping bug comes in, then I'll fix it early.

Link to comment
Share on other sites

i think i may be doing something wrong because i am not getting any data when i login to sites. My setup is below:

i have updated the firmware to 2.7.5 and installed the keylogger to my usb.

I have then connected the pineapple to a AP with internet access.

I then turned the keylogger on.

I then went to a few sites to login (firefox loads some sites ok but internet explorer is terrible it will not even load sites such as facebook)

No data was returned.

If my setup is wrong please tell me because iv been waiting for this to come out since i heard it was in development

Link to comment
Share on other sites

Is your pineapple acting as a bridge or a router? If you don't know then it will be bridge.

Try to see if you can get the keylogger javascript through the browser, visit http://172.16.42.1/k.js and see if it gives you a file.

We are only keylogging on HTTP sites as you can't inject into HTTPS, didn't Facebook go HTTPS only recently?

Link to comment
Share on other sites

  • 2 weeks later...

Is your pineapple acting as a bridge or a router? If you don't know then it will be bridge.

Try to see if you can get the keylogger javascript through the browser, visit http://172.16.42.1/k.js and see if it gives you a file.

We are only keylogging on HTTP sites as you can't inject into HTTPS, didn't Facebook go HTTPS only recently?

This Link for test it,

Link to comment
Share on other sites

What is your network setup ? From which interface are you sharing the internet ?

Typical setup using a laptop to route traffic through. Laptop wlan0 is furthest upstream, to eth0 then to br-lan on the pineapple and it's wlan0.

Everything else is working ok, e.g., sslstrip and urlsnarf. Do I need to have those off for the keylogger to work?

Link to comment
Share on other sites

Figured it out: If URLsnarf is running Keylogger does not work. Any thoughts on why this is and what we can do about it? (also my URLsnarf is configured for wlan0 since if its on br-lan, which it is by default, it conflicts with SSLstrip)

Two other things:

1) the logs should go into /usb/data/

2) needs the autostart feature

Edited by comatose603
Link to comment
Share on other sites

The reason for this is that they both (and sslstrip) redirect all port 80 traffic that is heading over the network bridge to themselves. There can be only one recipient of this traffic so when you start one you kill the other.

I've got a partially implemented solution to this in my proxy but haven't had time to finish it yet so for now you are limited to one or the other.

We didn't realise this otherwise we could have put up a warning when you try to start multiple apps.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...