views:

1089

answers:

2

I'm looking for ways to watch mouse and keyboard events on Windows, Linux and Mac from Python.

My application is a time tracker. I'm not looking into the event, I just record the time when it happens. If there are no events for a certain time, say 10 minutes, I assume that the user has left and stop the current project.

When the user returns (events come in again), I wait a moment (so this doesn't get triggered by the cleaning crew or your pets or an earthquake). If the events persist over a longer period of time, I assume that the user has returned and I pop up a small, inactive window where she can choose to add the time interval to "break", the current project (meeting, etc) or a different project.

I've solved the keylogger for Windows using the pyHook.

On Linux, I have found a solution but I don't like it: I can watch all device nodes in /etc/input and update a timestamp somewhere in /var or /tmp every time I see an event. There are two drawbacks: 1. I can't tell whether the event if from the user who is running the time tracker and 2. this little program needs to be run as root (not good).

On Mac, I have no idea, yet.

Questions:

  1. Is there a better way to know whether the user is creating events than watching the event devices on Linux?

  2. Any pointers how to do that on a Mac?

+3  A: 

There are couple of open source apps that might give you some pointers:

  • PyKeylogger is python keylogger for windows and linux
  • logKext is a c++ keylogger for mac
Colin Pickard
+1  A: 

There's a great article on Writing Linux Kernel Keyloggers
http://www.phrack.com/issues.html?issue=59&id=14#article

If you are attempting to run a honeypot, then definitely give Sebek a try:
https://projects.honeynet.org/sebek/

Sebek is a data capture tool designed to capture attacker's activities on a honeypot, without the attacker (hopefully) knowing it. It has two components. The first is a client that runs on the honeypots, its purpose is to capture all of the attackers activities (keystrokes, file uploads, passwords) then covertly send the data to the server. The second component is the server which collects the data from the honeypots. The server normally runs on the Honeywall gateway, but can also run independently. For more information on Sebek, please see http://www.honeynet.org/tools/sebek

But, if you'd rather follow the script kiddie route / not learn, then try out the following apps:

LINUX
http://sourceforge.net/projects/lkl/

WINDOWS
http://www.rohos.com/kid-logger/
http://code.google.com/p/freelogger/


ADVICE: You're better off writing your own for learning-and-profit purposes.

Israel ANY