CYBERSEC RESEARCH

Site Injector Tool

This tool is for testing “anti-keylogging” products and does this a number of ways. We’re releasing it without proper testing or error handling for POC. As an example; if the web application is protecting the cookie and you don’t select DOM protection, the tool will fail with a “Access Denied” message and you would need to close and re-open the tool.

ANTI ANTI-KEYLOGGER

Overview:

Ever installed a keylogger on your “own” machine for research purposes, and found that the machine you’re testing on has some crummy anti keylogger based software? Frustrating right? Wrong, cause you can exploit it if you want to keylog Internet explorer.

The Solution:

So there is a couple of things we need to accomplish to get this working properly.

  1. Get access to the browser object.
  2. Find a means to inject some malicious code.
  3. Figure out what code to inject.

Anti Keylogger software tends to intercept the key Anti Keylogger software tends to intercept the key events at a keyboard driver level, and then fire off some random key events. These are consumed, and the legitimate key strokes are fired inside the target window. Bearing in mind that your code has no control over anything in between, and lets asume that nuking the keylogger is not possible for some reason (some keyloggers are very good at limiting uninstall capability). So how can we intercept keystrokes to IE? Open up visual studio, and create an internet explorer object. then enter the following code:

foreach(InternetExplorer ShellWindows())