Python software with a PHP webpanel that injects a JS keylogger into the Slack desktop client. This software is confirmed to be working with slack versions 4.3.4 and 4.4 beta 3.
Upload the files from the site folder to your website. Create a database with a table called messagelog and one field (VARCHAR 255) called message.
Modify config.php to include your database username, password, and database name. You can also set a new username/password for the webpanel here.
Install the requirements listed in requirements.txt. Open up SlackAttack.py with your IDE/text editor and modify line 10 to include the link to your upload.php file.
Download and install PyInstaller. Build the file but ensure you include the --noconsole and --onefile options.
Currently this program is very simple. It injects a JavaScript keylogger into the latest version of Slack. The process is as follows:
- Locates Slack and finds the newest version.
- Kills the slack process.
- Extracts the
app.asarfile into a folder called app. - Modifies
main-preload-entry-point.bundle.jsto include the keylogger. - Deletes the
app.asarfile to ensure that slack runs off the app folder.
The keylogger will log all keys entered, and when the user hits "Enter" it will send the currently logged message to your server as POST data.
This software isn't perfect, but I will be doing my best to improve it.
- The webpanel currently looks terrible.
- Finding the newest version is kind of janky and should be improved.
- Only works on windows.
- Runs off the app folder when it should repackage it into app.asar.
- Currently only logs messages when timestamps would be nice.
This software was made as a proof of concept and is not inteded to be use maliciously. I am not responsible for any legal issues that arise from you using this.