Keystroke logger (My first "malicious" program)
h
Baconman321

Keystroke logger

It's what it sounds like. A keystroke logger that logs your every key press. Install as a userscript using tampermonkey (you might be able to use another userscript extension but I only tested it on tampermonkey so beware).
Installation link is on the mainpage.

How it works

Basically it adds a keyup event listener to the website you are on and when you are about to leave or refresh the page where it sends it to the server to store in a LOG file.

Security concerns

Before you say "Well, baconman, that's malicious! I won't install it because then you can see my passwords so yoooo we need an admin here to ban this dude!!!", I want to alert you that I have methods in place to prevent people from seeing your keystrokes. First, I mix up the chars client-side. Then when I send them to the server I hash them before storing them in a LOG file. This is meant to be an example of something a hacker might use to access sensitive information, but I don't want to actually steal your passwords. In the case of a security breach I will delete the contents of the file immediately. I assure you your safety by providing complete transparency. Check main.go to see how it works. No env's used!

If you don't like having it on constantly (as it requires you to confirm leaving the page every time), then you can turn it off by clicking the tampermonkey extension and clicking the toggle switch for the userscript named "keystroke logger" that is running. You can turn it back on at any time by doing clicking the toggle button again.

Oh and also, a word to people who have done this before:

Please don't bully me this is my first "malicious" program so I probably made some mistakes and/or things that could have been done better.

Yes, it probably would be easier to establish a connection to the server via a websocket and send data that way, but I don't know how to do websockets that well.

Conclusion

My keystroke logger is a project whipped up by me to demonstrate a method a hacker might use to gain access to sensitive information.
Hope you like it!

EDIT:

I am not including client-side character mixing as it causes problems.

You are viewing a single comment. View All
Baconman321

@tussiez Tampermonkey? All you have to do to install the userscript is click on the link on the main webpage that comes up when you load my website. :>