I am BSCS student, i have selected Cyber Spy as my Semester project.(C# nd ASP) it will basically get keylogs and screenshots from host computer and save that information in online portal for administrator to check what employees are doing.

I have learnt about keylogging and have basic idea about entering data into database.

I just wanna know how i can send data to my server which has my database and can i save screenshots into database?

i am not asking for code, just want some tips which can help me to achive my gole...

Regards

Folks, before you reply here, I think we need to be a little careful with regards to the rules, specifically:

'Do not ask for help to pursue any illegal activity including, but not limited to, hacking and spamming' and 'Do not pursue any illegal activity within forum posts or by PM'

General advice about sending data to servers and saving screenshots is OK, but detailed advice on keyloggers is getting into dodgy territory methinks.

em not asking about keyloger sir... its my semester project.
i just wanna know how to send data to server and screenshots in database
nothing else
i don't want codes i just want advice/tips :)

For communicating with a server, I'd probably start with a web service. The server exposes a WSDL which the not-keylogger connects to and calls methods on. The only issue with that in my experience is the relatively hard coded nature of web service references in the client.

If the WSDL is basically static then all is well and you can follow tutorials, but if it could change and needs to be arbitrary in the client, you can't conveniently use a web service reference (at least you couldn't the last time I wrote something like this and did the research). So in the past I've used a little helper function that lets you hit an arbitrary WSDL:

WebServiceProxy.CallWebService(
    wsdlUri, 
    "NotKeyLoggerService", 
    "SaveLoggedData", 
    new object[] { loggedData, screenshot });

I know you didn't ask for code, but this helper isn't obvious, so I'll give it to you anyway:

using System;
using System.IO;
using System.Net;
using System.Text;
using System.CodeDom;
using System.Xml.Schema;
using System.Reflection;
using System.Diagnostics;
using System.CodeDom.Compiler;
using System.Xml.Serialization;
using System.Collections.Generic;
using System.Security.Permissions;
using System.Web.Services.Description;

namespace Proxies {
    public static class WebServiceProxy {
        /// <summary>
        /// Calls a web service method with default credentials.
        /// </summary>
        /// <param name="wsdl">Web service URL.</param>
        /// <param name="serviceName">Name of the web service containing the desired method.</param>
        /// <param name="methodName">Name of the method being invoked.</param>
        /// <param name="args">Possibly empty array of method arguments.</param>
        /// <returns>The result of the method as an object.</returns>
        /// <remarks>
        /// If the method has a return type of void, the return value is always null. The
        /// service name is assumed to correspond to the service's implementation class
        /// name (for generating a compilation unit at runtime).
        /// </remarks>
        [SecurityPermissionAttribute(SecurityAction.Demand, Unrestricted = true)]
        public static object CallWebService(string wsdl, string serviceName, string methodName, object[] args) {
            return CallWebService(wsdl, null, null, serviceName, methodName, args);
        }

        /// <summary>
        /// Calls a web service method with specified credentials.
        /// </summary>
        /// <param name="wsdl">Web service URL.</param>
        /// <param name="user">User name for logging into the web service.</param>
        /// <param name="password">Password for logging into the web service.</param>
        /// <param name="serviceName">Name of the web service containing the desired method.</param>
        /// <param name="methodName">Name of the method being invoked.</param>
        /// <param name="args">Possibly empty array of method arguments.</param>
        /// <returns>The result of the method as an object.</returns>
        /// <remarks>
        /// If the method has a return type of void, the return value is always null. The
        /// service name is assumed to correspond to the service's implementation class
        /// name (for generating a compilation unit at runtime).
        /// </remarks>
        [SecurityPermissionAttribute(SecurityAction.Demand, Unrestricted = true)]
        public static object CallWebService(string wsdl, string user, string password, string serviceName, string methodName, object[] args) {
            var importer = GenerateImporter(wsdl, user, password);
            ServiceDescriptionImportWarnings warning = 0;
            var ccUnit = new CodeCompileUnit();
            var cns = new CodeNamespace();

            ccUnit.Namespaces.Add(cns);
            warning = importer.Import(cns, ccUnit);

            if (warning != 0) {
                // Some warnings might be benign, but we can't know for sure, so terminate the request
                throw new Exception("Error importing web service: " + warning);
            }

            return InvokeFromCodeDom(ccUnit, serviceName, methodName, args);
        }

        /// <summary>
        /// Generates a WSDL proxy importer with imported schemas injected.
        /// </summary>
        /// <param name="wsdl">Web service URL.</param>
        /// <param name="user">User name for logging into the web service.</param>
        /// <param name="password">Password for logging into the web service.</param>
        /// <returns>The fully initialized importer.</returns>
        [SecurityPermissionAttribute(SecurityAction.Demand, Unrestricted = true)]
        private static ServiceDescriptionImporter GenerateImporter(string wsdl, string user, string password) {
            var importer = new ServiceDescriptionImporter();

            using (var client = new WebClient()) {
                ServiceDescription description = null;
                var wsdlUri = new Uri(wsdl);

                // Apply requested credentials if provided
                if (!string.IsNullOrEmpty(user))
                    client.Credentials = new NetworkCredential(user, password);

                // Extract the WSDL document file contents
                using (var stream = client.OpenRead(wsdl))
                    description = ServiceDescription.Read(stream);

                // Initialize the usual importer settings
                importer.AddServiceDescription(description, null, null);
                importer.Style = ServiceDescriptionImportStyle.Client;
                importer.CodeGenerationOptions = CodeGenerationOptions.GenerateProperties;

                // Import() won't download and inject import schemas, so we have to do it manually
                foreach (XmlSchema wsdlSchema in description.Types.Schemas) {
                    foreach (XmlSchemaObject includeSchema in wsdlSchema.Includes) {
                        if (includeSchema is XmlSchemaImport) {
                            var externalSchema = (XmlSchemaExternal)includeSchema;
                            var schemaUri = new Uri(wsdlUri, externalSchema.SchemaLocation);

                            using (var schemaStream = client.OpenRead(schemaUri))
                                importer.Schemas.Add(XmlSchema.Read(schemaStream, null));
                        }
                    }
                }
            }

            return importer;
        }

        /// <summary>
        /// Invokes the specified method from a code compile unit.
        /// </summary>
        /// <param name="compileUnit">The compile unit being interpreted.</param>
        /// <param name="className">Name of the class containing the desired method.</param>
        /// <param name="methodName">Name of the method being invoked.</param>
        /// <param name="args">Possibly empty array of method arguments.</param>
        /// <returns>The result of the method as an object.</returns>
        /// <remarks>
        /// If the method has a return type of void, the return value is always null.
        /// </remarks>
        [SecurityPermissionAttribute(SecurityAction.Demand, Unrestricted = true)]
        private static object InvokeFromCodeDom(CodeCompileUnit compileUnit, string className, string methodName, object[] args) {
            using (var provider = CodeDomProvider.CreateProvider("CSharp")) {
                string[] assemblyReferences = new string[] { 
                    "System.dll", 
                    "System.Xml.dll", 
                    "System.Web.dll", 
                    "System.Data.dll", 
                    "System.Web.Services.dll" 
                };
                var parameters = new CompilerParameters(assemblyReferences);
                var results = provider.CompileAssemblyFromDom(parameters, compileUnit);

                if (results.Errors.Count > 0) {
                    var sb = new StringBuilder("DOM Compiler Errors:" + Environment.NewLine);

                    foreach (CompilerError error in results.Errors)
                        sb.AppendLine("\t'" + error.ErrorText + "'");

                    throw new Exception("Web service compiler errors detected. " + sb.ToString());
                }

                var serviceInst = results.CompiledAssembly.CreateInstance(className);
                var methodInst = serviceInst.GetType().GetMethod(methodName);

                return methodInst.Invoke(serviceInst, args);
            }
        }
    }
}

Obviously you'd still need to write the web service and the all of the scaffolding around the client. ;)

thanks it will surely help.....

one more thing if i connect with server with username pass which is hardcoded then if someone reverse eng. it he will get userpass how to tackle that??
should i define role in database that user can write only can't read ?? or something else

if i connect with server with username pass which is hardcoded then if someone reverse eng. it he will get userpass how to tackle that??

Well, you can't defend against proper reverse engineering completely, but a combination of secure strings, obfuscated assemblies, and a non-hardcoded authentication key along with the credentials (such as one generated from a license code) would go a long way toward making it much harder to crack.

This article has been dead for over six months. Start a new discussion instead.