Jump to content

Keylogger


Go to solution Solved by digininja,

Recommended Posts

  • Replies 119
  • Created
  • Last Reply

Top Posters In This Topic

i've not completely familiarized myself with the pineapple, i know enough about it. I just put OpenWRT on a TP-Link MR3020 (the one they use for PirateBox) and thought to myself im going to make it more like a pineapple.

I digress, could you not just route them through a proxy that, instead of injecting an ad, you inject the JS. have the ajax point to HTML5 socket or nodeJS, hell you may even be able to open an XMLHttpRequest to "<anydomain-like-google.com/pineapple/kl" then just filter (regex) the request at the proxy for "/pineapple/kl" and redirect it to wherever you want to run it. I do XSS hacking this way alot.

Just my 2 cents, they do this kind of JS for logging mouse movements and keys on OWA (OpenWebAnilitics) and piwik and store it in DB so you can replay a session, its sick.

Link to post
Share on other sites
  • 1 month later...
  • 4 weeks later...

Is there any progress with this module?? WM i am really hoping you are steel working on it because it sounds just PERFECT!

Is there any way of installing v. 1.1?? It has all I need ;)

Edited by Giannhs
Link to post
Share on other sites

Instead of using ettercap, (the filters don't work properly) use sslstrip to write an iframe in the response body. If you provide me with your java script code, I can modify sslstrip for you to do that, so that your sslstrip module will also do key logging!

This can also be taken further to do all kinds of things like for example sending users to a computer running metasploit, set etc.

while you are at it might as well do a SET module since I have SET working on my router.

Link to post
Share on other sites

To be honest, I did not give a try since quite a long time :unsure: I have everything ready but I need to investigate some stuff with Seb on ettercap. You are right thaihenry, this could also be done with a modified version of sslstrip, I will give it a try.

Link to post
Share on other sites

Is there a module out there that will dump all traffic for every one connected to the pineapple to a file so i can open it in say wire shark or something like that latter?

Link to post
Share on other sites

Is there a module out there that will dump all traffic for every one connected to the pineapple to a file so i can open it in say wire shark or something like that latter?

Yes for sure it is call tcpdump it will capture all traffic and put it in a pcap file for your wireshark pleasure, but SSL traffic is going to be useless, so run sslstrip with it to have an all seeing eye :)

Link to post
Share on other sites

getting an error with tcpdump "/usb/modules/tcpdump/tcpdump.sh: line 2: tcpdump: not found" is there a guid on how to use this any where?

Cheer Molotof.

Link to post
Share on other sites

getting an error with tcpdump "/usb/modules/tcpdump/tcpdump.sh: line 2: tcpdump: not found" is there a guid on how to use this any where?

Cheer Molotof.

I would ask that question here http://forums.hak5.org/index.php?showtopic=26338&st=0&p=201321&hl=+tcpdump%20+module&fromsearch=1entry201321

sounds like you need to install tcpdump try the opkg module to do this.

Link to post
Share on other sites
  • 2 weeks later...

Instead of using ettercap, (the filters don't work properly) use sslstrip to write an iframe in the response body. If you provide me with your java script code, I can modify sslstrip for you to do that, so that your sslstrip module will also do key logging!

This can also be taken further to do all kinds of things like for example sending users to a computer running metasploit, set etc.

while you are at it might as well do a SET module since I have SET working on my router.

How is SET working out for you ?

I presume its the Metasploit-less version ?

Link to post
Share on other sites

How is SET working out for you ?

I presume its the Metasploit-less version ?

Yes that is correct, I have not done much testing on it otherwise. You just need to manually install the prerequisites as having SET install them for you will not work.

Also have quite a few other python tools working great like mitmproxy

Link to post
Share on other sites

Yes that is correct, I have not done much testing on it otherwise. You just need to manually install the prerequisites as having SET install them for you will not work.

Also have quite a few other python tools working great like mitmproxy

Can you please shed some light on mitmproxy configuration and advantages?

Link to post
Share on other sites

Yes that is correct, I have not done much testing on it otherwise. You just need to manually install the prerequisites as having SET install them for you will not work.

Also have quite a few other python tools working great like mitmproxy

Can you do a write on how you install SET on the pineapple or post a link to how its done, as one common thread here on the forums is on how to clone websites.

SET's inbuilt cloner would be ideal, and it would only take a quick module to access the data that is received ( i believe SET generates a html/xml file for you)

This would make the pineapple more deadly :)

Link to post
Share on other sites
  • 1 month later...
  • 2 months later...

I may be misunderstanding the entire process behind this, but I do not understand how an ettercap filter would be the best way to do this.

If I am correct, it is javascript that is doing the keylogging and reporting, and an iframe just displays the rest of the pages. If this is the case, would it not be easier to redirect all dns queries to a landing page that loads the javascript and then referral page in an iframe? This would not be a 'true' keylogger as it would only work while in a browser on a box connected to the pineapple, but it is far more than a 'credentials grabber' as some are suggesting.

From looking at the screenshots, this is exactly what the module looks like it is doing. All queries are being redirected to pineapple: "172.16.42.1 *" the landing page is redirecting to login.php (which would house the javascript and referrer iframe redirect), and then the keylogger part is just reading a file.

The implementation of this is a keylogger that will work on any webpage in a browser. It will grab all creds as well as emails, forum posts, things of the such.

...right?

Link to post
Share on other sites
  • 4 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...