module
Capture: HTTP JavaScript Keylogger
| Disclosed | Created |
|---|---|
| N/A | 2018-05-30 |
Disclosed
N/A
Created
2018-05-30
Description
This modules runs a web server that demonstrates keystroke
logging through JavaScript. The DEMO option can be set to enable
a page that demonstrates this technique. Future improvements will
allow for a configurable template to be used with this module.
To use this module with an existing web page, simply add a
script source tag pointing to the URL of this service ending
in the .js extension. For example, if URIPATH is set to "test",
the following URL will load this script into the calling site:
http://server:port/test/anything.js
logging through JavaScript. The DEMO option can be set to enable
a page that demonstrates this technique. Future improvements will
allow for a configurable template to be used with this module.
To use this module with an existing web page, simply add a
script source tag pointing to the URL of this service ending
in the .js extension. For example, if URIPATH is set to "test",
the following URL will load this script into the calling site:
http://server:port/test/anything.js
Authors
Marcus J. Carey mjc@threatagent.com
hdm x@hdm.io
hdm x@hdm.io
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.