116 replies to this topic

[Whistle Master]

Hi guys !

EDIT: New version pending Old version is not available anymore.

I'm working on a new module: a javascript keylogger. You can install new templates for websites you want to capture keys. Please don't hesitate to share with us new working templates. I will integrate them in future version

Module is available through module system.

Edited by Whistle Master, 28 December 2012 - 01:12 PM.

[Mr-Protocol]

You do understand that keystrokes do not pass through the network right? Unless you are talking about other types of keys...

[Whistle Master]

It's a javascript keylogger. Everything is redirected to the pineapple with DNSspoof and then I use an iframe to display the requested page based on available templates (e.g. facebook, gmail, etc.). All keystrokes are recorded to files and then displayed from the pineapple control center.

I added a screenshot

[Mr-Protocol]

Ah, was curious how you were getting that to work. Screenshot was broken when I posted

[RebelCork]

That looks about as legit as this :

Edited by RebelCork, 01 April 2012 - 03:12 PM.

[digininja]

I assume you've looked at the one built in to w3af.

[Whistle Master]

I assume you've looked at the one built in to w3af.

No I did not. I had the idea when I saw the metasploit keylogger and I took the idea of using templates from SET.

[Whistle Master]

That looks about as legit as this :

I can assure you that it works. I will send the module to Seb as soon as I finished the last details (configuration updates, etc.)

[digininja]

Sorry, meant BeEF not w3af. Been a long day.

[telot]

That looks about as legit as this :

I smell a fellow redditor...


So how bout that narwhal baconing? Bout what time does that occur again?

But seriously, Master Chef Whistle Master did it again! Mixing dnsspoof with a dash of metasploit for a little key logging action - beautiful! Can't wait to try it out!



telot

Edited by telot, 01 April 2012 - 03:59 PM.

[Whistle Master]

I smell a fellow redditor...


So how bout that narwhal baconing? Bout what time does that occur again?

But seriously, Master Chef Whistle Master did it again! Mixing dnsspoof with a dash of metasploit for a little key logging action - beautiful! Can't wait to try it out!



telot

Actually, it's a standalone, you don't need metasploit

[RebelCork]

Can't wait to try it out either.

Can BEEF be installed on the pineapple itself, or am I just thinking a load of bull (groan)

[digininja]

You wouldn't exactly install BeEF on it as it is a framework, all you need is to inject the javascript hook into pages using the pineapple and have it point at the controller elsewhere.

[ptrac3]

It seems to be not a "keylogger" but a credentials grabber that uses fake logins templates..

[digininja]

what does?

[hfam]

what does?

ahaha! Ya beat me to it.

Can't wait to give this one a try! Some of you guys are really blowin' it up out here with the add-ons, brilliant stuff, thanks all!

Super fired up for the official release of the modules-enabled firmware!!

[Whistle Master]

It seems to be not a "keylogger" but a credentials grabber that uses fake logins templates..

Every keystroke is captured when the "victim" arrives on the fake login templates, that's why I called it keylogger, but you're right, strictly speaking, I could call it Credentials Grabber but it's more longer to write than keylogger

[PatriceKing]

Great job Mr. WM! Can't wait to try it.

[Whistle Master]

Just a quick update, I'm still working on the keylogger module. It needs more testing and then I will release a first version with two templates already installed (facebook and gmail).

[MrBurN]

sweet, keep up the good work !