XSS Keylogger Tutorial

• Download xss keylogger files from the link given  below.

1.    Data.txt
2.    Keylogger.php
3.    Keylogger.js
4.    xss.php 

Download - https://mega.co.nz/#!xAdDDCSb!InVw_HIiFwkGvyVkUdCPdlIwIPpoZ_y-UZAF1E65dJ8

• Now open keylogger.js with any text editor & find the line "localhost" & replace it  with you website where you will be hosting your xss keylogger files. Like for example if i upload my files to my3gb.com then i will be replacing localhost with my3gb.com.

•  Open your xss.php in your browser. It is designed to view the logs of the victim. Firstly enter your website name (where you uploaded your files) in the enter URL field & click on Go!.

•  It will generate & give you an evil script. You will be using this script to launch the attack. Below i have shown an simple demo on  a test website http://demo.testfire.net/ .

• Firstly i injected my script into the vulnerable search field.

•  Now after injecting the script. Let's check weather its working or not !. Just type anything in the search field. Now get back to your xss.php & check the logs. Any entered text on the webpage where we injected the script will be recorded & shown in our log viewer.