Ever installed a keylogger on your “own” machine for research purposes, and found that the machine you’re testing on has some crummy anti keylogger based software? Frustrating right? Wrong, cause I am going to show you an exploit to use if you want to keylog Internet explorer.
So there is a couple of things we need to accomplish to get this working properly.
- Get access to the browser object.
- Find a means to inject some malicious code.
- figure out what code to inject.
Now anti keylogger software tends to intercept the key events at a keyboard driver level, and then fire off some random key events. These are consumed, and the legitimate key strokes are fired inside the target window. Bearing in mind that your code has no control over anything in between, and lets asume that nuking the keylogger is not possible for some reason (some keyloggers are very good at limiting uninstall capability). So how can we intercept keystrokes to IE?
Ok, more tips for you. If your keylogger is in the browser window, eg. a browser plugin, keylogger p0wn3d. But lets say that the user is fully aware of malicious browser based plugins. Not that easy to hide, especially in IE 8, and windows 7, both of which will spawn popup windows alerting the user to the installation of a plugin. How would we insert a keylogger now? Anyone?
Open up visual studio, and create an internet explorer object. then enter the following code:
foreach(InternetExplorer ie in new ShellWindows())
Loop through each ie object checking the location parameter, and creating an object from that.
ieToP0wn = ie;
Cool, so now we have access to the browser object. 1 down!
Cool, a means to inject code, and if we can inject code, we can inject a keylogger. So homework for you, google document.innerHTML, and window.onKeypress(). With these you can change web page structure, and add a key event listener. Awesome. Me thinks this looks like a Keylogger :).
Will upload some sample code at a later stage. And you can expect the release of a security tool in the near future to test your IE browser security software. Watch this space.