Man in the browser
In this section, we will discuss a new method. As you may already know, all browsers offer to save your username and password when you submit the data into a login page. The next time you visit the same login page, you will see that your username and password are automatically filled in without typing a single letter. Also, there is dedicated third-party software such as LastPass,
that can do the same job for you. The point here is that, if the target is using this method to log in, then neither the keylogger nor the clipboard methods will work.
Let's take a quick look. We'll be using the LastPass plugin on the Firefox browser. Open the browser here and go to the Gmail account. We will use the previous clipboard script before logging into the Gmail account:
# Python For Offensive PenTest # Download Link https://pypi.python.org/pypi/pyperclip/1.5.11 # Clipboard Hijacking import pyperclip import time list = [] # we create a list which will store the clipboard content...