Self-hosted mouse click/keydown counter thingamajig =] (OS X/Wind0ngs lol)
|
6 months ago | |
---|---|---|
ass | 7 months ago | |
bin | 7 months ago | |
release | 6 months ago | |
sauce | 6 months ago | |
.editorconfig | 9 months ago | |
.gitattributes | 3 years ago | |
.gitignore | 7 months ago | |
LICENSE | 3 years ago | |
README.md | 7 months ago |
This is something very similar to WhatPulse, except the sauce is completely open and you can connect this shit to your own SQL serbur. ;];] It's available for le macOS and 64-bit Wind0ngs.
Muy importante: this is just the client side for monitoring keystr0kes/mouse clicks. You can use (almost) any already available graphing tool to visualise that shit.
Also, the zipperin0s I've included in this repo are debug builds, so when shit hits the fan it should make troubleshooting it a bit easier. =]
A MySQL serbur obviously, just make sure the version is 5.5 or highur. One thing you'll definitely need to do if you want to use SSL/TLS connections to MySQL (and you should): make sure the SSL cert used by the server is a trusted one.
Shit was tested on El Capitan (10.11) and Mojave
Since it uses keychain bullshit there's no actual ca-certificates
directory by default. The .app
has a bundled certs
dir containing CAs related to LetsEncrypt only (since you're pr0lly using that anyways), but you can override this location (see Config section for more deetz).
If you're not using LetsEncrypt:
openssl rehash <cert dir>
if your version supports it, if you installed it w/ Homebrew it's not in your PATH
so use something similar to /usr/local/opt/openssl@1.1/bin/openssl
insteadc_rehash <cert dir>
instead (although it might generate wrong hashes so verification will still fail, I'm unsure how to generate the proper ones manually lmao)Shit was tested on Wind0ngs 10 because righteously fuck 8.x (and who uses W7 anymore?)
It seems the MySQL client library checks against the machine's certificate store, so there's no need for a certs
dir like with macOS. =] My LetsEncrypt cert was accepted right away, but if you ever need to add a self-signed cert:
Install Certificate
Current User
store but you actually need Local Machine
my dude, so click that shitPlace all certs in the following store
insteadTrusted Root Certification Authoritays
store or Intermediate Certification Authoritays
, depending on what kind of cert it isNext
until it says it completed lolI've included a qt lil' SQL schema, so just import that in your SQL serbur and set up a user for the DB. ez pz
Issa p simple yo:
.app
file in /Applications
or some shitSystem Preferences
> Security & Privacy
> Privacy
tab > Accessibility
on the left > make sure the list on the right contains str0kem.app
(maybe use the +
button to add em) and check that b0x m8.app
bundle, the new (sandboxed) location will be shown in a dialogIf you want it to start at user login and restart when it dies:
First, copy the p00perty list file to the proper directory:
cp ass/com.jemoeder.lief.str0kem.plist.example ~/Library/LaunchAgents/com.jemoeder.lief.str0kem.plist
Then make sure the contents of that file are referring to the proper path. By default it looks for /Applications/str0kem.app/Contents/MacOS/str0kem
so if you didn't move the .app
under /Applications
, adjust that f00kin path. =] It should never address the .app
directly, it always needs the executable hidden inside.
And finally:
launchctl load -w ~/Library/LaunchAgents/com.jemoeder.lief.str0kem.plist
Every time the executable rips it'll be restarted by launchd
, which usually happens within a few seconds. To stop this shit just use the above command, except substitute load
for unload
0bv. ;]
Again fairly simple y0, it doesn't even need memey installer bullshit so it's pretty much a portable exe. =]
%LOCALAPPDATA%
due to permissions, it runs as a regular user and never asks for admin/UAC shit)AppData/Roaming
folder, the full location will be shown in a dialogNote: it requires certain .dll
and .pem
files to run properly, which I've embedded into the .exe
and they get extracted when you run that shit. It will put them in the same direct0ry as the .exe
, hence my inclusion of a dir in the .zip
file. ;]
If you want it to start at user login and restart when it dies:
Run
dial0g)taskschd.msc
Task Scheduler (Local)
followed by Import Task
CHANGEME
under General
> Security options
, so change that shit to your own userTriggers
tab and edit the At log on
triggur, edit the CHANGEME
here tooActions
tab and confirm that the path to str0kem.exe
exists (default is a direct0ry under %LOCALAPPDATA%
), also make sure there are 3 DLLs and a PEM file next to the .exe
Wind0ngs will try to start the pr0gram every minute (can't do it m0ar often w/ Task Scheduler lol) as well as at user l0g0n, but it won't run duplicate instances. You could run it as a service but there's no way to run it just for a specific user. ;]
Note: apparently sometimes the extraction of embedded files might fail when str0kem runs through the scheduled task. In that case you could just enable Run with highest privileges
in the task settings. =] But really it should work without that because your own account should have full permissions on its AppData directories, so if there's a permissions error you likely fucked shit up. [=[[=[==[[==[
Since """proper""" JSON doesn't actually allow comments, I'll talk a bit about em config here (although it should be pretty clear imo tbh fams):
{
"main": {
"host": "mysql.example.com",
"port": 3306,
"ssl": true,
"sslverify": true,
"sslcapath": "/Users/toplels/local/etc/certs",
"user": "ayylmao",
"pass": "poopfarts",
"dbname": "str0kem",
"dbtable": "keymouse",
"dbinterval": 300,
"logrotate": 2,
"debug": false
}
}
Muy importante: don't end the last lines in a hash with a comma, that shit rips on wind0ngs kek.
Pretty much half of it is required, exceptions being:
port
: defaults to 3306ssl
: defaults to true, since you're prolly connecting over tEh iNtErWEbSsslverify
: verify SSL certs, defaults to true cuz inb4MITM my d00dsslcapath
: path containing a bunch of hashed Certification Authority certs, defaults to the bundled certs
dir for macOS only and simply NULL
for Wind0ngs (because it doesn't work on there, it requires one CA bundle which is embedded in the exec00table)dbinterval
: how often to connect to the DB, defaults to 300 seclogrotate
: rotate the log file when it gets this big (in megabutts lol), defaults to 2 MBdebug
: log extra shit to logfile, defaults to n0 obvIf you don't wanna use an optional configurable, just leave out the entire line. ;] In some cases it works to pass an empty value but just omit it to be sure.
If the br0gram runs into any problems along the way it'll most likely notify you about it via a dial0g. It also logs some shit to a file in the same dir as the config.
Also, if shit like writing to log fails we obviously cannot log that on disk anywhere, so there are a couple of printf
statements too. You can see these by running the executable directly.
You'll need to call the "hidden" binary directly: /Applications/str0kem.app/Contents/MacOS/str0kem
Since cmd
won't wait for GUI/WinMain
applications to finish (i.e. returns to prompt), you gotta use a bogus pipe: "%LOCALAPPDATA%\str0kem\str0kem.exe" | rem
Otherwise any printf
output will be mixed together with y0 prompt and shit. =]
If the program receives a termination signal it will write the current in-memory counters to a file before it actually exits. Next time it starts up it will start from that point so you won't lose hits. For all platforms there's a timer that runs roughly every minute to write that shit as well.
The counter file should be written if the br0gram receives any of these signals: SIGTERM
, SIGINT
, SIGQUIT
, SIGHUP
, SIGUSR1
, SIGUSR2
. macOS seems to be running timers in series so there's no real need to purposely stall/offset the timer for writing the counter file.
As far as I can tell, unloading through launchctl
and using the Quit
option in Activity Manager (not Force Quit
) both result in the file being properly written. Shutting down y0 Mac goes through launchd
as well so it should be the same for that. [[=[=[==[[=[==[[==[=[
It doesn't actually generate signals the way Unixy systems do, but instead uses the TerminateProcess
API which might kill the process without notification (thanks Microsoft). Meaning the file might only be written on termination if you run the .exe
from a cmd
and you Ctrl+C
that shit (which does seem to gener8 SIGINT
). Also, Wind0ngs seems to be running timers in parallel so we do have to purposely stall/offset the timer for writing the counter file. Otherwise both the MySQL insert and this timer might run together, resulting in a counter file with stale data. As such this particular timer will fire every minute but inside of it there's a wait for at least 200 milliseconds, it will also sleep additional 20ms for as long as MySQL is inserting.
First off, I've included project files/solution bullshit so you should be able to just open those in your IDE and start editing. They should all contain relative paths regarding sauce/incl00d dirs etc, but to make sure it werks try compiling right away without any modifications. Just make sure you've installed the proper libraries first 0bv (i.e. follow the steps below first). ;]
Since it was a fucking pain to figure out how to properly link (embedded) shit, I'm gonna be a br0 and explain all that shit right here. =]
You need a few external libraries for that shit:
libmysqlclient
: with Homebrew you can install it using brew install mysql-connector-c
libzstd
: not really sure where the fuck this comes from but libmysqlclient
seems to need it lel, can prolly find the proper version in the same directory tholibssl
and libcrypto
lelOne thing you'll very likely need to adjust after that is at the top of str0kemAppDelegate.m
:
#include </usr/local/Cellar/mysql-connector-c/8.0.25/include/mysql.h>
Make sure the path and version here match the library installed on your system.
Then also make sure it links against the .a
and .dylib
library files of the same version. If you happen to have v8.0.25 of the connector libs just like me, then you should be good to go. If it still n0 werkies or you have a different version, you gotta edit some shit. Most of the steps required to embed libraries are already done, so it should be a simple matter of:
/usr/local/opt/mysql-connector-c/lib
libmysqlclient.xx.dylib
(where xx
is a number, in my case 21
), libmysqlclient.a
(static library/archive) and libmysqlclient.dylib
(a symlink to the numbered variant)sauce/mac/lib
, overwriting any existing files in the processBuild Phases
tabRun Script
sectionlibmysqlclient.xx.dylib
you copied earlier, make sure the xx
in the script matches your file's version tooAnd that should d0 it. =]
Note: My custom build script used by Xcode has to re-codesign the libmysqlclient
library because we need to modify the "rpath" pointing to libzstd
inside it. Xcode's codesigning step happens before this so the resulting application will other crash due to an incorrect signature. =] The custom script should be able to pick up on your codesigning identity automatically, but if not then just copy the env.sh.example
to env.sh
(next to str0kem.xcodeproj
) and edit the export
line so it uses the proper identity.
Again you need one library, but it involves a couple more steps lol.
libmysqlclient
Add...
on the rightMySQL Connectors
> MySQL Connector/C
until you finally get to choose between x64 and x86 (yes, not the C++ connect0r, because it's fucking shyte)One thing you'll very likely need to adjust after that is at the top of str0kem.cpp
:
#include <C:/Program Files/MySQL/MySQL Connector C 8.0/include/mysql.h>
Make sure the path and version here match the library installed on your system.
Then also make sure it links against the .lib
and .dll
library files of the same version. If you happen to have v8.0 of the connector libs just like me, then you should be good to go. If it still n0 werkies or you have a different version, you gotta edit some shit. Most of the steps required to embed libraries are already done, so it should be a simple matter of:
C:/Program Files/MySQL/MySQL Connector C 8.0/lib
(change version as needed 0bv phambly)libmysql.lib
(static) and libmysql.dll
(shared/dynamic library)sauce/win/lib
, overwriting any existing files in the processCertain MySQL library versions may also require libcrypto
and libssl
, I couldn't find a way to get it working by grabbing them from OpenSSL packages but luckily they are included with the MySQL C++ connector. So just install that as well and copy libcrypto-1_1-x64.dll
and libssl-1_1-x64.dll
to the same sauce/win/lib
dir. You may need to adjust the 1_1
version to something else, as well as changing it in the Visual Studio pr0ject.
And that should d0 it. =]