Keylogger

[TheRaver]

I have a template for hotmail works great in ie :)

unfortunately i cant upload it :(

[Darren Kitchen]

Would be wicked to make it a general purpose keylogger, not just for specific sites.

[Vulture]

Would be wicked to make it a general purpose keylogger, not just for specific sites.

Darren,

Didn't even think about that, genius.... Please correct any of the following if this was not your intention.

Whistle Master,

I think Darren is alluding to having a JavaScript function that is loaded on every page (would have to be an ettercap filter) the script would be listening for keys to be pressed via jQuery's http://api.jquery.com/keypress/ function since keylogger already uses the jQuery library, then have it make a call back to the server and upload the data via a simple php script.

This would actually be quite amazing since the user would be able to pass to their site unaffected, the DNS Spoof functionality would not need to be enabled, and the user would have little knowledge of what is going on, even if they were to be watching a Firebug console log. We also eliminate the need for SSLStrip's functionality since we are logging the strokes not the stream.

[RebelCork]

somehow, it makes me think of this :

oldie, but goodie :)

[whitehat]

I'm interested to try this as soon as you're willing to share a beta version :)

[Whistle Master]

I'm interested to try this as soon as you're willing to share a beta version :)

A first version is already out. You can find it in the modules section of your pineapple v1.1.1.

Thanks everyone for your comments :) I will dig into the ettercap direction for a generic keylogger.

[Infiltrator]

Every keystroke is captured when the "victim" arrives on the fake login templates, that's why I called it keylogger, but you're right, strictly speaking, I could call it Credentials Grabber but it's more longer to write than keylogger :P

Yeah, I wondered about that too, how could a pineapple do keylogging, it would be more like collecting/sniffing the credentials from a login page.

[telot]

Yeah, I wondered about that too, how could a pineapple do keylogging, it would be more like collecting/sniffing the credentials from a login page.

Zomg Infiltrator is in the Jasager forums! Get back to Questions/Hacks & Mods/Business IT!

Haha just kidding Inf, you're always welcome here! Just had to give you some crap because you're such a prominent poster on all the other forums and we so rarely get to enjoy your expertise here on the Jasager page :)

telot

[shadowmmm]

anyone with an updated facebook template.or did i miss something how to fix the one in the folder. :)

[whitehat]

A first version is already out.

Awesome!

[PatriceKing]

great job WM ! please upload more templates...! ;)

[Whistle Master]

great job WM ! please upload more templates...! ;)

Actually, I won't continue the development of the module with templates. I'm working on a generic version with ettercap ;)

[telot]

Actually, I won't continue the development of the module with templates. I'm working on a generic version with ettercap ;)

:::JUMPING UP AND DOWN:::

WOOOOOOOOHOOOOOOOO!

telot

[RebelCork]

The development here just keeps getting better and better.

Who would have thought that when the MKIV came out that we would have such a growing community developing the little pineapple ??

Evil: God isn't interested in technology. He cares nothing for the microchip or the silicon revolution. Look how he spends his time, forty-three species of parrots! Nipples for men!

Robert: Slugs.

Evil: Slugs! HE created slugs! They can't hear. They can't speak. They can't operate machinery. Are we not in the hands of a lunatic?

[Isolot]

keylogger? how will you apply the keylogger? dns spoof to a page with the hook? but then you are spoofing to the page and the user wont be able to get to the internet? turn spoof on then off quickly? that's a bit clunky.

what we really need is nodogsplash working, that way we can put a beef hook (or your keylogger) into the splash page and the user will only see it once then continue browsing. The beef hook can point to beef on 172.16.42.42 then you can run the keylogging module and many others.

I have seen one guy on here pushing nodogsplash but his posts for help have fallen on deaf ears. Nodogsplash will also control the bandwidth usage for us! its the answer to the pineapple dreams!

i get the following error when trying to start up nodogsplash:

root@Pineapple:/usb/etc/nodogsplash# ln -s /usb/etc/nodogsplash/ /etc/nodogsplas

h

root@Pineapple:/# nodogsplash

root@Pineapple:/# iptables v1.4.10: Couldn't load match `mark':File not found

Try `iptables -h' or 'iptables --help' for more information.

[3][Thu Jan 1 01:32:14 1970][2504](fw_iptables.c:180) Nonzero exit status 2 from command: iptables -t nat -A ndsOUT -m mark --mark 0x200 -j ACCEPT

iptables v1.4.10: Couldn't load match `mark':File not found

Try `iptables -h' or 'iptables --help' for more information.

[3][Thu Jan 1 01:32:14 1970][2504](fw_iptables.c:180) Nonzero exit status 2 from command: iptables -t nat -A ndsOUT -m mark --mark 0x400 -j ACCEPT

iptables v1.4.10: Couldn't load match `mark':File not found

Try `iptables -h' or 'iptables --help' for more information.

[3][Thu Jan 1 01:32:14 1970][2504](fw_iptables.c:180) Nonzero exit status 2 from command: iptables -t filter -A ndsRTR -m mark --mark 0x100 -j DROP

Using intrapositioned negation (`--option ! this`) is deprecated in favor of extrapositioned (`! --option this`).

iptables v1.4.10: Couldn't load match `mark':File not found

Try `iptables -h' or 'iptables --help' for more information.

[3][Thu Jan 1 01:32:14 1970][2504](fw_iptables.c:180) Nonzero exit status 2 from command: iptables -t filter -A ndsRTR -m mark --mark 0x200 -j ACCEPT

iptables v1.4.10: Couldn't load match `mark':File not found

Try `iptables -h' or 'iptables --help' for more information.

[3][Thu Jan 1 01:32:14 1970][2504](fw_iptables.c:180) Nonzero exit status 2 from command: iptables -t filter -A ndsNET -m mark --mark 0x100 -j DROP

iptables v1.4.10: Couldn't load match `mark':File not found

Try `iptables -h' or 'iptables --help' for more information.

[3][Thu Jan 1 01:32:14 1970][2504](fw_iptables.c:180) Nonzero exit status 2 from command: iptables -t filter -A ndsNET -m mark --mark 0x200 -j ACCEPT

iptables v1.4.10: Couldn't load match `mark':File not found

Try `iptables -h' or 'iptables --help' for more information.

[3][Thu Jan 1 01:32:14 1970][2504](fw_iptables.c:180) Nonzero exit status 2 from command: iptables -t filter -A ndsNET -m mark --mark 0x400 -j ndsAUT

[3][Thu Jan 1 01:32:15 1970][2504](gateway.c:280) Error initializing firewall rules! Cleaning up

[3][Thu Jan 1 01:32:15 1970][2504](gateway.c:282) Exiting because of error initializing firewall rules

root@Pineapple:/# opkg install iptables-mod-imq

Unknown package 'iptables-mod-imq'.

Collected errors:

* opkg_install_cmd: Cannot install package iptables-mod-imq.

root@Pineapple:/# opkg install iptables

Package iptables (1.4.10-4) installed in root is up to date.

root@Pineapple:/# iptables

iptables v1.4.10: no command specified

Try `iptables -h' or 'iptables --help' for more information.

Perhaps i should get another thread going on this. It would be great if we could get some collective minds working on this!

thanks,

Isolot.

[PineDominator]

keylogger? how will you apply the keylogger? dns spoof to a page with the hook? but then you are spoofing to the page and the user wont be able to get to the internet? turn spoof on then off quickly? that's a bit clunky.

what we really need is nodogsplash working, that way we can put a beef hook (or your keylogger) into the splash page and the user will only see it once then continue browsing. The beef hook can point to beef on 172.16.42.42 then you can run the keylogging module and many others.

I have seen one guy on here pushing nodogsplash but his posts for help have fallen on deaf ears. Nodogsplash will also control the bandwidth usage for us! its the answer to the pineapple dreams!

i get the following error when trying to start up nodogsplash:

root@Pineapple:/usb/etc/nodogsplash# ln -s /usb/etc/nodogsplash/ /etc/nodogsplas

h

root@Pineapple:/# nodogsplash

root@Pineapple:/# iptables v1.4.10: Couldn't load match `mark':File not found

Try `iptables -h' or 'iptables --help' for more information.

[3][Thu Jan 1 01:32:14 1970][2504](fw_iptables.c:180) Nonzero exit status 2 from command: iptables -t nat -A ndsOUT -m mark --mark 0x200 -j ACCEPT

iptables v1.4.10: Couldn't load match `mark':File not found

Try `iptables -h' or 'iptables --help' for more information.

[3][Thu Jan 1 01:32:14 1970][2504](fw_iptables.c:180) Nonzero exit status 2 from command: iptables -t nat -A ndsOUT -m mark --mark 0x400 -j ACCEPT

iptables v1.4.10: Couldn't load match `mark':File not found

Try `iptables -h' or 'iptables --help' for more information.

[3][Thu Jan 1 01:32:14 1970][2504](fw_iptables.c:180) Nonzero exit status 2 from command: iptables -t filter -A ndsRTR -m mark --mark 0x100 -j DROP

Using intrapositioned negation (`--option ! this`) is deprecated in favor of extrapositioned (`! --option this`).

iptables v1.4.10: Couldn't load match `mark':File not found

Try `iptables -h' or 'iptables --help' for more information.

[3][Thu Jan 1 01:32:14 1970][2504](fw_iptables.c:180) Nonzero exit status 2 from command: iptables -t filter -A ndsRTR -m mark --mark 0x200 -j ACCEPT

iptables v1.4.10: Couldn't load match `mark':File not found

Try `iptables -h' or 'iptables --help' for more information.

[3][Thu Jan 1 01:32:14 1970][2504](fw_iptables.c:180) Nonzero exit status 2 from command: iptables -t filter -A ndsNET -m mark --mark 0x100 -j DROP

iptables v1.4.10: Couldn't load match `mark':File not found

Try `iptables -h' or 'iptables --help' for more information.

[3][Thu Jan 1 01:32:14 1970][2504](fw_iptables.c:180) Nonzero exit status 2 from command: iptables -t filter -A ndsNET -m mark --mark 0x200 -j ACCEPT

iptables v1.4.10: Couldn't load match `mark':File not found

Try `iptables -h' or 'iptables --help' for more information.

[3][Thu Jan 1 01:32:14 1970][2504](fw_iptables.c:180) Nonzero exit status 2 from command: iptables -t filter -A ndsNET -m mark --mark 0x400 -j ndsAUT

[3][Thu Jan 1 01:32:15 1970][2504](gateway.c:280) Error initializing firewall rules! Cleaning up

[3][Thu Jan 1 01:32:15 1970][2504](gateway.c:282) Exiting because of error initializing firewall rules

root@Pineapple:/# opkg install iptables-mod-imq

Unknown package 'iptables-mod-imq'.

Collected errors:

* opkg_install_cmd: Cannot install package iptables-mod-imq.

root@Pineapple:/# opkg install iptables

Package iptables (1.4.10-4) installed in root is up to date.

root@Pineapple:/# iptables

iptables v1.4.10: no command specified

Try `iptables -h' or 'iptables --help' for more information.

Perhaps i should get another thread going on this. It would be great if we could get some collective minds working on this!

thanks,

Isolot.

isolot WM is in the process of trying to get ettercap working, that way almost all pages can be injected with the key-logger code, I can't wait:-D

[AnonEcon]

I would love to see a video of this (install and application). You could put it on SecurityTube and/or YouTube.

Was there a D/L link?

Clearly, if this works it's the best part of the Pineapple thus far.

Edited April 13, 2012 by AnonEcon

[shadowmmm]

so looking forward.agree will be best module

[Deathstormer]

Has anyone else had an issue with this not logging all keys entered?

I.E with the gmail template, i enter Bill as the username, Smith as the Password.

all i see in the Keylogger interface is.

* gmail

* Keys

> mih -which should really be Smith.

Any Ideas?

[Whistle Master]

the issue may be because javascript is not fast enough to get all the keys from the beginning.

Whatever, I'm currently working on a generic version which does not use templates but ettercap. I'm still getting some problems with ettercap though :o

[Vulture]

WM,

Got another idea I will try tonight and update you on the progress. I believe we are very close and it may actually be the built of ettercap we are using.

[Sebkinne]

I had ettercap working.

Will report back soon.

Best,

Sebkinne

[Vulture]

Sebkinne,

That is amazing news, if you wouldn't mind after you release the details to explain why it didn't work WM and myself have been working on this with no progress or understanding of why it does not seem to function, and I found little on other sites detailing the issue.

[Whistle Master]

Sebkinne,

That is amazing news, if you wouldn't mind after you release the details to explain why it didn't work WM and myself have been working on this with no progress or understanding of why it does not seem to function, and I found little on other sites detailing the issue.

I totally agree :P Everything is ready, just waiting for a solution for ettercap working!

[shadowmmm]

still sooooooooooooooooo looking forward to this :)