Search for
Login | Username Password Forgot? | Email: | Create Account
Technology / Internet | Entries: 319 | Views: 4551 | Modified: 2 months ago | | Add to My Feeds
Report
Image representing Facebook as depicted in Cru...
Image via CrunchBase

If you’ve read my previous post about hacking myspace account using keylogger on ‘myspace account hacking - does your wife cheat on you?’ , the same thing can also be implemented in hacking into facebook account by using more advanced keylogging method like javascript keylogger. Hack Password Facebook with javascript keylogger can be achieved by combining those both XSS vulnerabilities and Javascript Keylogger itself. Facebook was vulnerable to some XSS back then , this hole can be a good opportunity for intruders to infect a lot of facebook members with their web malware , including javascript keylogger ! And of course by keylogging , intruders can retrieve those facebook users ’s password easily , and then extend their hack into hack facebook profiles , etc

A good implementation of javascript keylogger can be found on http://www.xssed.com/article/25/Paper_Smashing_the_Web_for_fun_&_profit_using_XSS/. Exceprts :

Introduction

This article is dedicated to all this people that believe XSS is not a serious Web application vulnerability. Using XSS vulnerabilities someone can actually make lots of money. I don’t have any responsibility how this knowledge is going to be used, this article was created at of love of hacking and not to hack other people sites. Recently I became very interested to XSS and decided to write an article that fully explains how to inject a JavaScript key logger, and by saying fully explain I mean describe in full detail how can someone perform XSS filter invasion and run my JavaScript key logger in order to steal user names, passwords and user credentials. The scary part is that you don’t have to be a JavaScript expert to write effective JavaScript malicious code, you just have to have a good understanding of the Web. In the following article I provide the reader with two flavors of practically the same JavaScript key logger.

In order to understand this article you have to know:

1. How to write Html web forms (look at [4]).
2. How to write Javascript DOM objects (look at [3]).
3. Basic functionality of Http protocol (look at [1]).
4. Understand JavaScript what obfuscation is (have a look at [5]).
5. Understand how to use Burp Suite1.1 (look at [6]).

The functionality of your XSS

Before you exploit an XSS someone has to understand what is the functionality a XSS exploit should have. By saying functionality I mean what is the reason of your XSS, e.g. to deface a website, to cause a redirect or to steal user credentials (something that is the most interesting!!). In our situation we have to think about writing a key logger XSS. So that is why we have to make some thoughts about what is a log-in page form, from the user perspective, for example what is the average user name and password length? And how fast the an average user is typing? We are going to use this information to build up two flavors of JavaScript key loggers that run in IE, Firefox, Opera and Netscape. So our program is going to steal the user credential based only on time (e.g. auto execute after certain amount of time) or based only on password length (e.g. auto execute after the user types 5 characters) or based on both time and password length (e.g. maybe perform some character mapping, like check if Enter or Tab buttons have been pressed).

You can also read insanesecurity’s article to extend your understanding of userscript keylogger.


More from แนวคิดใหม่ในแบบคาสิโนออนไลน์

Browser Fuzzer 2 09 Jan 28
Facebook hack 2009 09 Jan 7

^ Back To Top