Cross platform keylogger
Question:
I’m looking for ways to watch mouse and keyboard events on Windows, Linux and Mac from Python.
My application is a time tracker. I’m not looking into the event, I just record the time when it happens. If there are no events for a certain time, say 10 minutes, I assume that the user has left and stop the current project.
When the user returns (events come in again), I wait a moment (so this doesn’t get triggered by the cleaning crew or your pets or an earthquake). If the events persist over a longer period of time, I assume that the user has returned and I pop up a small, inactive window where she can choose to add the time interval to “break”, the current project (meeting, etc) or a different project.
I’ve solved the keylogger for Windows using the pyHook.
On Linux, I have found a solution but I don’t like it: I can watch all device nodes in /etc/input and update a timestamp somewhere in /var or /tmp every time I see an event. There are two drawbacks: 1. I can’t tell whether the event if from the user who is running the time tracker and 2. this little program needs to be run as root (not good).
On Mac, I have no idea, yet.
Questions:
-
Is there a better way to know whether the user is creating events than watching the event devices on Linux?
-
Any pointers how to do that on a Mac?
Answers:
There are couple of open source apps that might give you some pointers:
- PyKeylogger is python keylogger for windows and linux
- logKext is a c++ keylogger for mac
There’s a great article on Writing Linux Kernel Keyloggers
http://www.phrack.com/issues.html?issue=59&id=14#article
If you are attempting to run a honeypot, then definitely give Sebek a try:
https://projects.honeynet.org/sebek/
Sebek is a data capture tool designed
to capture attacker’s activities on a
honeypot, without the attacker
(hopefully) knowing it. It has two
components. The first is a client that
runs on the honeypots, its purpose is
to capture all of the attackers
activities (keystrokes, file uploads,
passwords) then covertly send the data
to the server. The second component is
the server which collects the data
from the honeypots. The server
normally runs on the Honeywall
gateway, but can also run
independently. For more information on
Sebek, please see
http://www.honeynet.org/tools/sebek
But, if you’d rather follow the script kiddie route / not learn, then try out the following apps:
LINUX
http://sourceforge.net/projects/lkl/
WINDOWS
http://www.rohos.com/kid-logger/
http://code.google.com/p/freelogger/
ADVICE: You’re better off writing your own for learning-and-profit purposes.
Here’s one i implemented in windows
https://xart3mis.github.io/posts/keylogger/#final-code
I’m looking for ways to watch mouse and keyboard events on Windows, Linux and Mac from Python.
My application is a time tracker. I’m not looking into the event, I just record the time when it happens. If there are no events for a certain time, say 10 minutes, I assume that the user has left and stop the current project.
When the user returns (events come in again), I wait a moment (so this doesn’t get triggered by the cleaning crew or your pets or an earthquake). If the events persist over a longer period of time, I assume that the user has returned and I pop up a small, inactive window where she can choose to add the time interval to “break”, the current project (meeting, etc) or a different project.
I’ve solved the keylogger for Windows using the pyHook.
On Linux, I have found a solution but I don’t like it: I can watch all device nodes in /etc/input and update a timestamp somewhere in /var or /tmp every time I see an event. There are two drawbacks: 1. I can’t tell whether the event if from the user who is running the time tracker and 2. this little program needs to be run as root (not good).
On Mac, I have no idea, yet.
Questions:
-
Is there a better way to know whether the user is creating events than watching the event devices on Linux?
-
Any pointers how to do that on a Mac?
There are couple of open source apps that might give you some pointers:
- PyKeylogger is python keylogger for windows and linux
- logKext is a c++ keylogger for mac
There’s a great article on Writing Linux Kernel Keyloggers
http://www.phrack.com/issues.html?issue=59&id=14#article
If you are attempting to run a honeypot, then definitely give Sebek a try:
https://projects.honeynet.org/sebek/
Sebek is a data capture tool designed
to capture attacker’s activities on a
honeypot, without the attacker
(hopefully) knowing it. It has two
components. The first is a client that
runs on the honeypots, its purpose is
to capture all of the attackers
activities (keystrokes, file uploads,
passwords) then covertly send the data
to the server. The second component is
the server which collects the data
from the honeypots. The server
normally runs on the Honeywall
gateway, but can also run
independently. For more information on
Sebek, please see
http://www.honeynet.org/tools/sebek
But, if you’d rather follow the script kiddie route / not learn, then try out the following apps:
LINUX
http://sourceforge.net/projects/lkl/
WINDOWS
http://www.rohos.com/kid-logger/
http://code.google.com/p/freelogger/
ADVICE: You’re better off writing your own for learning-and-profit purposes.
Here’s one i implemented in windows
https://xart3mis.github.io/posts/keylogger/#final-code