Firefox plugins and multiplatform keyboard hooks

I’ve been asked to make a user-logger for several systems. The requirements are

– Multiplatform (XP, Vista, Windows 7, BSD, Linux and all for 32&64bits)
– It should grab web form credentials and be expandable to grab the mouse in places where the login is done using clicks.
– It should be expandable by unskilled programmers.
– It should not trigger the Antivirus or other common automated monitoring programs.
– It has to be a software only solution.
– It has to be doable with limited local user credentials (no admin rights)
– It has to upload the contents to a web server.
– A keylogger proof of concept in less than 24h

The fastest solution is not to make several system wide hooks (hard to mantain) but to make a simple navigator plugin using only Javascript and with less than a thousand lines of code. The web is the platform.

There are articles at least 2 year old that suggest the same so I have no problems to do it and explain the recipe:

Some official firefox keylogger add-ons:
Xenotix keylogger
Nifty keylogger
Keylogger 1.6 by lipo-codes

In firefox <4 it was common to change the file nLoginManagerPrompter.js like this:
(but a complete keylogger is needed now, not only a login grabber. Note:
Firefox 4+ uses omni.ja[r] for preferences now and I didn’t bother looking at it.

/* trick to save login credentials allways without user notification
* _showSaveLoginNotification
* Displays a notification bar (rather than a popup), to allow the user to
* save the specified login. This allows the user to see the results of
* their login, and only save a login which they know worked.
_showSaveLoginNotification : function (aNotifyBox, aLogin) {

var pwmgr = this._pwmgr;

* _removeLoginNotifications

More info about the old aproach:

It seems someone has done it before and it is quite well documented. It is a bit old and has some minor mistakes so I’ll comment about it later.

Edit: I decided not to update the post, a developer could change it easily and I don’t want to help script kiddies.


Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de

Estás comentando usando tu cuenta de Cerrar sesión /  Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión /  Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión /  Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión /  Cambiar )

Conectando a %s