HTTP keylogger

HTTP keylogger

Software

The tool allows to perform Man-in-the-middle attack and inject monitoring JavaScript into the HTTP/S communication. The monitoring script is able to record information about the submitted HTML forms; the contents and location of pasted texts from the clipboard; extract credentials that are stored in the browser when the user visits the domain. The extracted information is sent to the monitoring server, where it is further processed and assigned to individual unique user identifiers. The monitoring server also allows operators to view stored data using a simple web interface. Injecting of a custom JavaScript code into HTTP/S communication is made possible by modification of SSLSplit tool. The implemented tool was designed to demonstrate the above-mentioned security issues and serves to enhance user awareness about network security.

The tool allows to perform Man-in-the-middle attack and inject monitoring JavaScript into the HTTP/S communication. The monitoring script is able to record information about the submitted HTML forms; the contents and location of pasted texts from the clipboard; extract credentials that are stored in the browser when the user visits the domain. The extracted information is sent to the monitoring server, where it is further processed and assigned to individual unique user identifiers. The monitoring server also allows operators to view stored data using a simple web interface. Injecting of a custom JavaScript code into HTTP/S communication is made possible by modification of SSLSplit tool. The implemented tool was designed to demonstrate the above-mentioned security issues and serves to enhance user awareness about network security.

web activity monitoring, SSLSplit

web activity monitoring, SSLSplit

https://github.com/nesfit/sslsplit_keylogger

K využití výsledku jiným subjektem je vždy nutné nabytí licence

https://github.com/nesfit/sslsplit_keylogger