Today we’re going to be implementing keylogging and screenshot capture with threading; some of the core aspects attributed to Python programming, which we just began to scratch. Undoubtedly one of the most logical and intuitive languages in my opinion, it also has a wide range of modules for mostly anything you could think of… chances are, if you’ve thought about it, someone else most likely did so first and created a third-party module for it; always worth a double-check! 🙂
Once again we will focus on the Windows platform for most of the functions, however support will be added as it is required. Let’s break down the modules needed:
- PyHook will be used for most of the keylogging action. Head over there, download and install the corresponding version with your Python install.
- Python Imaging Library will be used for the screenshot capture. Download and install corresponding version as well.
As shown in previous videos of this series, we will be using PyInstaller (I’m using version 1.5.1, seems to work the best) for compiling, which means programming should be done on a Windows machine as compiling from a different operating system — such as Linux — isn’t possible (seen here) just yet.
This is quite irrelevant to our programming for this article, since both the keylogger and the screenshot capture functions will be focused on Windows… just thought I would point it out so if somebody spent their time setting up a programming environment in Linux, they will realize in time. 😉
From my experience with other programming languages, I had the impression this would be somewhat hard to do… after a Google search, however, I realized there are a ton of keyloggers already written in Python (to my surprise)! The first link (“Python Keylogger” from DaniWeb) is short and sweet, just the way I like it… not to mention it works flawlessly. Big thumbs up for K.B. Carte!!!
Then it was simply a matter of formatting the output, sanitizing a few keystrokes, for example: enter and backspace — think about it, when somebody types a password, if you don’t sanitize the backspaces and they delete some characters, how would you know which ones were deleted? Of course, timestamps don’t hurt either. To finish off, I used some of the win32api functions to fetch the active window at all times.
This one was a no-brainer, I just thought about it, realized how easy some of the examples online were and decided to implement it. Piece of cake! I did not expect the intrinsic connection between both the Keylogger function and the Screenshot function, that would happen next…
Upon some testing, I realized that today mostly every browser automatically remembers emails, username, etc. so when I would get a log back, they wouldn’t contain those. Or in some cases, only a letter or two — which is the case when somebody starts typing an email and then the drop-down list shows up and they select the previously memorized email/username. How to get around this limitation? It’s almost embarrassing to have the password but not the username. lol
The idea was pretty simple: we can check the active window for what website it is; compare it to a list of login pages and using automated screenshot capture, we can take a series of shots stealthily. There is some luck involved in which the person must access the website and login after certain amount of seconds (which you can specify), but it surely takes care of it for most of the cases.
This feature is optional and must be configured manually of course. One interesting thing to note is that it is also saved in the logs when exactly it happened and what is the first image corresponding to the matched website. This way it’s easy to know which keystrokes go with what images. From there simply a matter of downloading the images and checking it out.
Click here to download the client & server: [ DOWNLOAD ]
Enjoy the vid! 😉