Keylogger

[Boba Fett]

This it´s the expected output method?

(
    [0] => h
    [1] => code:104
    [2] => element_name:password
    [3] => element_id:Unknown
    [4] => form:Unknown
    [5] => url:http://cloud.wifipineapple.com/index.php?portal
    [6] => group:1430
)

[digininja]

Yes.

That says that you typed a h (which has ascii code 104) on a form element called password, the element doesn't have an id and the form doesn't have a name. The URL you typed it on is http://cloud.wifipineapple.com/index.php?portal .

The group is there to tie multiple key presses together if you have multiple users all typing at once.

[Boba Fett]

Nice so its works! But its hard to read when the input its large

[Sebkinne]

Nice so its works! But its hard to read when the input its large

The next version will be much cleaner and have eliminated input lag.

[Vulture]

Seb, any info on the next version release? I have come back from the dead and it looks like the injection issues have been figured out!

I tested this out and found that upon the initial connection of the client the first site seems to get the injection but after that no injection occurs. Additionally I noticed the horrible lag indicated above, let me know if there is anything I can assist with.

[Sebkinne]

Seb, any info on the next version release? I have come back from the dead and it looks like the injection issues have been figured out!

I tested this out and found that upon the initial connection of the client the first site seems to get the injection but after that no injection occurs. Additionally I noticed the horrible lag indicated above, let me know if there is anything I can assist with.

Nice to have you back!

Personally I am more focused on the new UI than this module right now - but I'll put out a new version soon as lots of people seem to want it.

I'll have to talk to Digininja a little before that though.

Best,

Seb

[--nick--]

Can somebody make a guide please and then link me to that guide?

In what directory must I put my clonedsite.html?

Can I just place any clonedsite.html in that location?

Can somebody incorporate the jsapi api into the mark 4 firmware?

Edited May 1, 2013 by --nick--

[Sebkinne]

I think you are thinking of the wrong module?

The keylogger injects into any page, you don't ever supply any cloned site..

[Lord Talon]

Hey Seb,
GREAT WORK!! on the keylogger! :)

how is the group id generated?

... i thought it would be cool to have a clean "chat-based" output file, grouped by users, something like:

USER1

Thu, May 2nd 2013 - 17:30 | http://www.imdb.com/find?q=BLAAAA&s=all

Inputtext

Inputtext2 a little later in the same box

Thu, May 2nd 2013 - 17:35 | http://www.anothersite.com

another site or another box

USER2

Thu, May 2nd 2013 - 17:32 | http://www.site.com

typed between lines of user1

Thu, May 2nd 2013 - 17:45 | http://www.anothersite.com

bla bla

are you working currently on something like that?
... if not i can try it myself to write a litte script :P

to assign a log to a user, i think it would be nice to have a few more infos like "unique" user-id (mac, ip, etc.) and date/time

[digininja]

The group id is a random number generated each time the k.js file is downloaded and ran. Its purpose is to allow all inputs from that page to be tied together.

Feel free to make changes and send them over, we will have a look and see what we think.

And not wanting to blow my own trumpet but I wrote the script. Seb helped with some debugging and packaging and WM helped with some stuff as well.

[Sebkinne]

And not wanting to blow my own trumpet but I wrote the script. Seb helped with some debugging and packaging and WM helped with some stuff as well.

I was just about to post this. I just helped with packaging and debugging it. Digininja did the magic and WM did the module magic ;)

[wifi_fun]

Total beginner question, I am seeing the javascript file being injected, I am using Wikipedia.org so it is not SSL, and can reach the file from my victim machine but I am not seeing data in the log on the module. Any ideas? I am running the pineapple through a shared network connection on a my Win8 laptop.

[digininja]

It sounds like you know at least a bit about debugging so I'd suggest running something like Firebug and checking that the the javascript is loaded when the page loads. If it is then put a break point on the key press function and see if that gets hit. At some point something will be missing and hopefully we can help you fix it from there.

[wifi_fun]

Worked on this a bit more tonight and below is what I have found:

• Found the URL generated and can put that URL in FireFox or IE and it posts data to the module screen without issue
• Loaded FireBug and stepped through the code and it looked like it was working fine
• Closed FireBug and continued entering in form fields and it worked
• Went to IE or a new page in FireFox and nothing was sent
• Verified that the file was included
• Started FireBug in FireFox on the same page and it started working again

In summary, I am still not sure since it runs fine when FireBug is loaded but not before that. Any thoughts?

[kpoeticg]

Has anybody else noticed this in the install.sh output?

root@Pineapple:/usb/infusions/keylogger# ./install.sh
Installing kmod-ebtables (3.7.6-1) to root...
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ebtables:
* kernel (= 3.7.6-1-457c49a821916a4f100490a4508003ce) *
* opkg_install_cmd: Cannot install package kmod-ebtables.
Installing kmod-ebtables-ipv4 (3.7.6-1) to root...
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ebtables-ipv4:
* kernel (= 3.7.6-1-457c49a821916a4f100490a4508003ce) * kmod-ebtables *
* opkg_install_cmd: Cannot install package kmod-ebtables-ipv4.
Installing ebtables (2.0.10-4-1) to usb...
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for ebtables:
* kmod-ebtables *
* opkg_install_cmd: Cannot install package ebtables.
Downloading http://cloud.wifipineapple.com/packages/Packages.gz.

[--nick--]

how can i add more sites to work in this module? i only receive logs from slashdot.org.

why won't it do https?

[digininja]

it won't do https as the messages are encrypted so it can't inject the logger

It should do any http based site, you don't add new sites to it, it should just work

[TimberSweet]

Has anybody else noticed this in the install.sh output?

root@Pineapple:/usb/infusions/keylogger# ./install.sh

Installing kmod-ebtables (3.7.6-1) to root...

Collected errors:

* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ebtables:

* kernel (= 3.7.6-1-457c49a821916a4f100490a4508003ce) *

* opkg_install_cmd: Cannot install package kmod-ebtables.

Installing kmod-ebtables-ipv4 (3.7.6-1) to root...

Collected errors:

* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ebtables-ipv4:

* kernel (= 3.7.6-1-457c49a821916a4f100490a4508003ce) * kmod-ebtables *

* opkg_install_cmd: Cannot install package kmod-ebtables-ipv4.

Installing ebtables (2.0.10-4-1) to usb...

Collected errors:

* satisfy_dependencies_for: Cannot satisfy the following dependencies for ebtables:

* kmod-ebtables *

* opkg_install_cmd: Cannot install package ebtables.

Downloading http://cloud.wifipineapple.com/packages/Packages.gz.

Yep, I get exactly the same and keylogger doesn't work on mine running 2.8.1. The proxy just crashes by the looks of it. Output from my install.sh below:

Multiple packages (kmod-ebtables and kmod-ebtables) providing same name marked HOLD or PREFER. Using latest.

Installing kmod-ebtables (3.7.6-1) to root...

Collected errors:

* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ebtables:

* kernel (= 3.7.6-1-457c49a821916a4f100490a4508003ce) *

* opkg_install_cmd: Cannot install package kmod-ebtables.

Multiple packages (kmod-ebtables-ipv4 and kmod-ebtables-ipv4) providing same name marked HOLD or PREFER. Using latest.

Installing kmod-ebtables-ipv4 (3.7.6-1) to root...

Collected errors:

* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ebtables-ipv4:

* kernel (= 3.7.6-1-457c49a821916a4f100490a4508003ce) * kernel (= 3.3.8-1-d6597ebf6203328d3519ea3c3371a493) *

* opkg_install_cmd: Cannot install package kmod-ebtables-ipv4.

Installing ebtables (2.0.10-4-1) to usb...

Collected errors:

* opkg_install_pkg: Package ebtables md5sum mismatch. Either the opkg or the package index are corrupt. Try 'opkg update'.

* opkg_install_cmd: Cannot install package ebtables.

Downloading http://cloud.wifipineapple.com/packages/Packages.gz.

Updated list of available packages in /var/opkg-lists/pineapple_packages.

Package ruby (1.9.2-p0-1) installed in usb is up to date.

Package ruby-gems (1.9.2-p0-1) installed in usb is up to date.

Package ruby-core (1.9.2-p0-1) installed in usb is up to date.

Package ruby-enc (1.9.2-p0-1) installed in usb is up to date.

TS

[digininja]

Looks like we need to rebuild the ebtables packages, I'll tell Seb.

[TimberSweet]

Thanks.

Just done a clean install on a 2.8.1 pineapple and with nothing else running apart from networkmanager it still fails.

Symptoms are the same - pineapple will route traffic with the proxy off but as soon as the proxy is started, the traffic stops being routed.

TS

[digininja]

That will happen. The ebtables package is used to route traffic so if it doesn't get installed then things will break.

[Skipper]

Sorry for gravedigging but can this be used alongside sslstrip?

[tstusr]

That will happen. The ebtables package is used to route traffic so if it doesn't get installed then things will break.

Is this already fixed?

I installed the keylogger on a clean pineapple via the infusions web menu. It injects the js, but does not collect data.

Thanks!

PS: This is the output of my keylogger install.sh:

root@Pineapple:/usb/infusions/keylogger# opkg update
Downloading http://cloud.wifipineapple.com/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/pineapple_packages.
root@Pineapple:/usb/infusions/keylogger# ./install.sh
Multiple packages (kmod-ebtables and kmod-ebtables) providing same name marked HOLD or PREFER. Using latest.
Upgrading kmod-ebtables on usb from 3.3.8-1 to 3.7.6-1...
Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ebtables:
 *      kernel (= 3.7.6-1-457c49a821916a4f100490a4508003ce) *
 * opkg_install_cmd: Cannot install package kmod-ebtables.
Collected errors:
 * pkg_init_from_file: Malformed package file ./dep/kmod-ebtables-ipv4.ipk.
Installing ebtables (2.0.10-4-1) to usb...
Collected errors:
 * opkg_install_pkg: Package ebtables md5sum mismatch. Either the opkg or the package index are corrupt. Try 'opkg update'.
 * opkg_install_cmd: Cannot install package ebtables.
Downloading http://cloud.wifipineapple.com/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/pineapple_packages.
Package ruby (1.9.2-p0-1) installed in usb is up to date.
Package ruby-gems (1.9.2-p0-1) installed in usb is up to date.
Package ruby-core (1.9.2-p0-1) installed in usb is up to date.
Package ruby-enc (1.9.2-p0-1) installed in usb is up to date.

Edited July 9, 2013 by tstusr

[makfor49]

(is this topic alive? i hope yes)

pineapple (2.8.1) tethering osx

ics eth1 --> wlan0

client connect to pineapple (the ap is open , no security auth)

client open a http site (many) and write on some fields (most in contact form, some in forum and blogs)

i just reset my pineapple

in pineapple running just the keylogger , nothing else

the keylogger not grap key strokes ... i try to refresh ... i open the directory and is empty no file created

when i give on my mac the "http://192.168.2.4/k.js" i receive the code

when i give on client pc the "http://172.16.42.1/k.js" , i receive the code again !!!

(are the above is right? or i have understand something wrong?)

how can i check/test if the keylogger work/running ?

any idea ???

thank you

EDIT >>>

(hi again)

the keylogger begin to work after i close the cron from status page , the cron was start automatically so i thought that is not a problem (?)

something else that i do (i doit after close the cron and before check if work) is that i go to configuration page of key logger , i show here the server ip (was the right) and i press SAVE !!! the "save" shutdown the key logger , so i start it again ... and know grap data ...

now i open again the cron and the key logger still work fine ... !!!!!!!!??????!!!!!!! i cant understand what happen here ... ok i am noobie but that is little strange .... hihihihihi !!! (?)

i have some problems about the results , sometime loose keystrokes and sometimes when i delete the text that i was wrote in the field a letter cant deleted ... i try to make more test 's

thank you

Edited September 29, 2013 by makfor49

[waddell]

Will this be ported over to Firmware v3.X?

Also is there anywhere I can manually download this on my pc (just to inspect the code)?

Edited October 3, 2013 by waddell