Whistle Master Posted April 1, 2012 Share Posted April 1, 2012 (edited) Hi guys ! EDIT: New version pending ;) Old version is not available anymore. I'm working on a new module: a javascript keylogger. You can install new templates for websites you want to capture keys. Please don't hesitate to share with us new working templates. I will integrate them in future version Module is available through module system. Edited December 28, 2012 by Whistle Master Link to comment Share on other sites More sharing options...
Mr-Protocol Posted April 1, 2012 Share Posted April 1, 2012 You do understand that keystrokes do not pass through the network right? Unless you are talking about other types of keys... Link to comment Share on other sites More sharing options...
Whistle Master Posted April 1, 2012 Author Share Posted April 1, 2012 It's a javascript keylogger. Everything is redirected to the pineapple with DNSspoof and then I use an iframe to display the requested page based on available templates (e.g. facebook, gmail, etc.). All keystrokes are recorded to files and then displayed from the pineapple control center. I added a screenshot ;) Link to comment Share on other sites More sharing options...
Mr-Protocol Posted April 1, 2012 Share Posted April 1, 2012 Ah, was curious how you were getting that to work. Screenshot was broken when I posted ;) Link to comment Share on other sites More sharing options...
RebelCork Posted April 1, 2012 Share Posted April 1, 2012 (edited) That looks about as legit as this : ;) Edited April 1, 2012 by RebelCork Link to comment Share on other sites More sharing options...
digininja Posted April 1, 2012 Share Posted April 1, 2012 I assume you've looked at the one built in to w3af. Link to comment Share on other sites More sharing options...
Whistle Master Posted April 1, 2012 Author Share Posted April 1, 2012 I assume you've looked at the one built in to w3af. No I did not. I had the idea when I saw the metasploit keylogger and I took the idea of using templates from SET. Link to comment Share on other sites More sharing options...
Whistle Master Posted April 1, 2012 Author Share Posted April 1, 2012 That looks about as legit as this : ;) I can assure you that it works. I will send the module to Seb as soon as I finished the last details (configuration updates, etc.) Link to comment Share on other sites More sharing options...
digininja Posted April 1, 2012 Share Posted April 1, 2012 Sorry, meant BeEF not w3af. Been a long day. Link to comment Share on other sites More sharing options...
telot Posted April 1, 2012 Share Posted April 1, 2012 (edited) That looks about as legit as this : ;) I smell a fellow redditor... So how bout that narwhal baconing? Bout what time does that occur again? ;) But seriously, Master Chef Whistle Master did it again! Mixing dnsspoof with a dash of metasploit for a little key logging action - beautiful! Can't wait to try it out! telot Edited April 1, 2012 by telot Link to comment Share on other sites More sharing options...
Whistle Master Posted April 1, 2012 Author Share Posted April 1, 2012 I smell a fellow redditor... So how bout that narwhal baconing? Bout what time does that occur again? ;) But seriously, Master Chef Whistle Master did it again! Mixing dnsspoof with a dash of metasploit for a little key logging action - beautiful! Can't wait to try it out! telot Actually, it's a standalone, you don't need metasploit :) Link to comment Share on other sites More sharing options...
RebelCork Posted April 1, 2012 Share Posted April 1, 2012 Can't wait to try it out either. Can BEEF be installed on the pineapple itself, or am I just thinking a load of bull (groan) Link to comment Share on other sites More sharing options...
digininja Posted April 1, 2012 Share Posted April 1, 2012 You wouldn't exactly install BeEF on it as it is a framework, all you need is to inject the javascript hook into pages using the pineapple and have it point at the controller elsewhere. Link to comment Share on other sites More sharing options...
ptrac3 Posted April 2, 2012 Share Posted April 2, 2012 It seems to be not a "keylogger" but a credentials grabber that uses fake logins templates.. Link to comment Share on other sites More sharing options...
digininja Posted April 2, 2012 Share Posted April 2, 2012 what does? Link to comment Share on other sites More sharing options...
hfam Posted April 2, 2012 Share Posted April 2, 2012 what does? ahaha! Ya beat me to it. :) Can't wait to give this one a try! Some of you guys are really blowin' it up out here with the add-ons, brilliant stuff, thanks all! Super fired up for the official release of the modules-enabled firmware!! Link to comment Share on other sites More sharing options...
Whistle Master Posted April 3, 2012 Author Share Posted April 3, 2012 It seems to be not a "keylogger" but a credentials grabber that uses fake logins templates.. Every keystroke is captured when the "victim" arrives on the fake login templates, that's why I called it keylogger, but you're right, strictly speaking, I could call it Credentials Grabber but it's more longer to write than keylogger :P Link to comment Share on other sites More sharing options...
PatriceKing Posted April 3, 2012 Share Posted April 3, 2012 Great job Mr. WM! Can't wait to try it. Link to comment Share on other sites More sharing options...
Whistle Master Posted April 7, 2012 Author Share Posted April 7, 2012 Just a quick update, I'm still working on the keylogger module. It needs more testing and then I will release a first version with two templates already installed (facebook and gmail). Link to comment Share on other sites More sharing options...
MrBurN Posted April 8, 2012 Share Posted April 8, 2012 sweet, keep up the good work ! Link to comment Share on other sites More sharing options...
Whistle Master Posted April 8, 2012 Author Share Posted April 8, 2012 First version has been sent to Seb! Please report here every bugs. Thanks! Link to comment Share on other sites More sharing options...
JimJensen Posted April 8, 2012 Share Posted April 8, 2012 When I click on lauch it loads http://172.16.42.1/pineapple/modules/Keylogger/redirect.php but the page is blank. When I ssh to /www/pineapple/modules I don't see a keylogger directory. I have dns spoof enabled. Did I miss a step or something? The page is blank but rapidly reloading. Link to comment Share on other sites More sharing options...
Whistle Master Posted April 8, 2012 Author Share Posted April 8, 2012 (edited) Oups, little mistake in the module.conf file :( I send an updated version to Seb right now. Just re-install the module. Edited April 8, 2012 by Whistle Master Link to comment Share on other sites More sharing options...
Dosk3n Posted April 8, 2012 Share Posted April 8, 2012 Excellent work mate. My only probem is the facebook template. It doesnt display the login page correctly. This is the same on SET though. Through SET the only way to get a better login page is by using the manual option of selecting what page to clone. Gmail login is spot on though. Link to comment Share on other sites More sharing options...
Whistle Master Posted April 9, 2012 Author Share Posted April 9, 2012 Excellent work mate. My only probem is the facebook template. It doesnt display the login page correctly. This is the same on SET though. Through SET the only way to get a better login page is by using the manual option of selecting what page to clone. Gmail login is spot on though. I spotted this issue also. I will work on a better template for facebook. If you have a better one or other templates, don't hesitate to share it and I will integrate it in the next version :) Link to comment Share on other sites More sharing options...
Recommended Posts