Internet Explorer Key Logger using Browser Helper Objects

• Download IE_Keylogger.zip-36.62KB

Introduction

This article will show you how to create a key logger for Internet Explorer.
The application will send to a specified server all the URLs accessed by the browser and all the information sent via POST.

What Are Browser Helper Objects?

From this point of view, Internet Explorer is just like any other Win32-based program with its own memory space to preserve. With Browser Helper Objects you can write components that Internet Explorer will load each time it starts up. Such objects run in the same memory context as the browser and can perform any action on the available windows and modules. For example, a BHO could detect the browser's typical events, such as GoBack, GoForward, and DocumentComplete; access the browser's menu and toolbar and make changes; create windows to display additional information on the currently viewed page; and install hooks to monitor messages and actions.

There are three essential things you should know about BHO:

• The BHO is tied to the browser's main window. In practice, this means a new instance of the object is created as soon as a new browser window is created.
• Any instance of the BHO lives and dies with the browser's instance.
• BHOs only exist in Internet Explorer, version 4.0 and later.

Internet Explorer Key Logger project structure

This application is composed from two modules. One written in PHP which will be installed on the server where we want to send the desired information, and other written in C++ which will send data from Internet Explorer Browser.

1. PHP & MySQL Module

• database.php - contains all the settings needed to connect to a MySQL database such as host, database name, username and password.
• send_data.php - used to insert the desired information in the database. Receives two parameters via POST, representing the accessed URL and the associated POST.
• show_results.php – display all results from database.
• dump.sql - contains the database structure.

2. Browser Helper Object module

In stdafx.h you have the following directives
#define SERVER_IP "127.0.0.1" #define SERVER_PATH "LoggerPhp/send_data.php"
As you can guess this are used to know where we should send the desired information.

In CCKeyLogger we are doing the whole things.

• STDMETHOD(SetSite)(IUnknown *pUnkSite); - this method is where the BHO is initialized and where you would perform all the tasks that happen only once. When you navigate to a URL with Internet Explorer, you should wait for a couple of events to make sure the required document has been completely downloaded and then initialized. Only at this point can you safely access its content through the exposed object model, if any. This means you need to acquire a pointer to IWebBrowser2, the interface that renders the WebBrowser object.
• void CCKeyLogger::OnBeforeNavigate(DISPPARAMS *pDispParams) - Called each time a navigation occurs. Here we are taking the URL and POST data and sending them to OnPostDataOnServer.
• BOOL CCKeyLogger::OnPostDataOnServer(CString szPost , CString szURL) – Here we convert the szPost variable in base 64(T he base-64 system is a numeral system with 64 as its base. It is the largest power-of-two base that can be represented using single printable ASCII characters. ), and call OnMakeRequest .
• BOOL CCKeyLogger::OnMakeRequest(CString server , CString path , CString post) – This function send your information’s to the specified server.

References

• Browser Helper Objects: The Browser the Way You Want It
• Building Browser Helper Objects with Visual Studio 2005
• About Browser Extensions

License

This article, along with any associated source code and files, is licensed under The Intelliproject Open License (IPOL)

About the author