Sunday, June 27, 2010

Firefox Extension: Keylogger Beater version 1

This is the help of the old version 1. Please try the latest version.

If you are worried about keylogging programs in your system, you can try this extension. There are two different ways to input with this extension. With the help of Keylogger Beater, a keylogger running in the background can never capture what you have really input, and you will be more confident to do online shopping or online banking.

The input method is different from any traditional ones, so please give a little patience and read the following help carefully before jumping into it.

After you have installed the extension and restart Firefox. You can activate Keylogger Beater by pressing Ctrl-Shift-k when the cursor is inside a text box and you are ready to make some input. You will see a pop-up right below the text box you are about to input into. I will call the pop-up "Virtual Keyboard" hereinafter. To hide the Virtual Keyboard, just press ESC.

Input Method 1: By Keyboard

You can see that each key in the Virtual Keyboard consists of two characters. e.g. [K b]. I call the first character "Real Key" and the second one "Shadow Key". It is simple to use the Virtual Keyboard -- when you press the Shadow Key on your physical keyboard the Real Key is inserted to the cursor position in the text area of the browser.

For example, if the Virtual Keyboard looks like this:
   [A s] [B n] [C v] [D f] [E r] [F g] [G h] [H j] ...
and you want to input "HEAD", you hit "jrsf" on your physical keyboard. A background keylogger will capture "jrsf" as your input while your browser receives "HEAD" correctly.

The Virtual Keyboard is arranged in an alphabetical order of the Real Keys. When you have the Real Key (to input) in your mind, you can easily find the corresponding Shadow Key. The first two rows of the Virtual Keyboard are uppercase letters of the Real Keys; the 3rd and 4th rows are lowercase letters; the 5th row is numbers; and the last three rows are punctuations.

Some characters may look similar, e.g. 1 and l, 0 and O. You will not be confused with the Real Key because they are in the alphabetical order. But you might not distinguish the Shadow Keys sometimes. So I use the background color to give you a hint. If the Shadow Key is a uppercase letter, the background is green; if lowercase, the background is blue; if number, the background is yellow; and if punctuation, the background is red.

Input Method 2: By Mouse

You may want to read the first paragraph of "Input Method 1" to know the definition of "Real Key".

When your mouse hovers over a key of the Virtual Keyboard for 1 second, the "Real Key" of that key will be inserted into the text area of the browser.

Please note that clicking on the Virtual Keyboard has no effect. And I would discourage you to do that because some keyloggers tries to log the screenshot when you click your mouse. With Keylogger Beater, there is no mouse click event that can be captured by a keylogger. Keylogger Beater listens to the mouseover event from the Virtual Keyboard instead.

Context Menu

Besides Ctrl-Shift-k, you can also activate Keylogger Beater via the context menu.

Right click on a text area or a password box and you can find a new menu item "Keylogger Beater". Click on it to turn on the Virtual Keyboard and start your private input.


There are some options you can set to change how Keylogger Beater works. You can open the Options dialog via the menu Tools|Add-ons

Use mouse to input

By default, this option is on. If you uncheck it, hovering the mouse over the Virtual Keyboard will not trigger the input of keys. You then can only use the Shadow Keys to input.

Use keyboard to input

By default, this option is on. If you uncheck it, the "Shadow Key to Real Key" mapping function is disable. That means whatever you hit on the physical keyboard will be entered into the browser intact -- they can be captured by a keylogger. And the Virtual Keyboard will only show the Real Keys because there would be no Shadow Keys. The Virtual Keyboard will be in black and white.

If you use the computer at home and do not worry about peeking over the shoulder, you can use only the mouse with the Virtual Keyboard. Turning this option off gives you a clean Virtual Keyboard.

Alphanumeric characters only

By default, this option is off. Some people may find that the Virtual Keyboard have too many keys, and it is difficult to find a specific punctuation key because they are in no official order. You can check this option to make the Virtual Keyboard contains alphanumeric characters only. That does not mean you can not input a punctuation mark. It just means a punctuation will be input directly from the physical keyboard to the browser without being encoded/decoded by the Virtual Keyboard. It is less secure because a keylogger can capture it.

Colorful virtual keyboard

By default, this option is on. The color of a key in the Virtual Keyboard is determined by the Shadow Key. If a Shadow Key is an uppercase letter, the color is green; if lowercase, it is blue; if number, it is yellow; and if punctuation, it is red.

If you uncheck this option, they are all in black and white.

As we state in the earlier section, if you uncheck "Use keyboard to input", this option has no effect and the keys are all in black and white because there are no Shadow Keys.

Rearrange Virtual Keyboard

Each time you press the shortcut key of Keylogger Beater, the Virtual Keyboard will be re-arranged. So you do not need to worry that a keylogger could steal the mapping rule of the Virtual Keyboard.


You can download and install this extension from the official Firefox Addons website:

Please report bugs and give suggestions on this page instead of on Firefox Addons website because I do not often go there.

Why is Keylogger Beater special?

Keylogger Beater works inside Firefox as an extension. A third party keylogger can capture the events sent from the input devices to an application, but it can not capture anything happens inside an application. If you run Keylogger Beater, a keylogger can only record random inputs of Shadow Keys (from the keyboard to Keylogger Beater), but can not discover what the Real Keys (from Keylogger Beater to the browser) are.

It may be a little bit difficult to use in the beginning. With a little practice, you will find it much easier than texting with a cell phone. :)

Certainly, you will want to review the source code to make sure Keylogger Beater itself is not a spyware. You can do so online at the download site. Just login there to view them.


Sanjay said...

Hi Zen

This is exactly what i was looking for brilliant addon keylogger beater, my only request is can you make the MOUSE INPUT "Random" with large keys and colors for uppercase, lowercase, numbers and punctuations i dont mean shadow keys e.g ICICI UK BANK WEBSITE LINK

Also an update for firefox 3.7a6pre I want to test it on the new layout.

Thank you!!!


Zen said...

Hi Sanjay,

Thanks for the suggestion. I would consider adding the feature of a "Random" keyboard in the next release.

As regards to the support of Firefox 3.7a6pre, it is not a priority to me. Developing extensions for an unstable version could waste a lot of time in determine whether a bug is from the extension or Firefox itself. But if you would like to try things, you can manually modify the downloaded .xpi file yourself to enable it for a newer version of Firefox. Just follow these steps:

1. use winzip or a similar application to extract install.rdf from .xpi;

2. look for 3.6.* inside install.rdf, and change it to whatever version you want.

3. save the new install.rdf and pack it back to .xpi.

4. use Firefox "File|Open File.." menu to open the new .xpi to install it.

Sanjay said...

Hi Zen

Thank you for the reply will wait for the next release and hope "Random" is added optionally as other people may not want that.

I can understand developing for unstable version i did change it manually works fine with 4.0b2pre.

I noticed with "Mouse Input" when you hover any letter it doesn't show the mouse arrow it shows the "I" would look better if you can click with the mouse arrow showing if possible.

Thank you once again for your time and effort.


Raph said...

Hi Zen,

I need a lill help on a similar concept on my Academic project.

I am planning to construct a similar concept but only in the reverse process.

i.e The user presses his original keys. eg: HEAD .
They get translated to temporary password on the pc. eg: jrsf
This translation is based on a dynamic random virtual keyboard that is not visible at the front end. so when the next session is established with the server, the password would be something like: orbs

This is something like fooling the Keylogger with a dynamically varying password everytime. Is something like this possible? I'd appreciate any guidlines you could spare :)

Please help me out sir, simplyramanan at

Zen said...

Hi Raph,

The source code of Keylogger Beater has been made public online for everyone to review. Just sign up to and sign in. Then when you go to, you can find the link of viewing source code. If you have specific questions, you can send me email.

Get This <