Source language: Translate to:

Questions about the SendKeys command

Questions about using NeoBook's scripting language

Moderator: Neosoft Support

Questions about the SendKeys command

Postby Enigman » Tue Sep 23, 2014 8:36 am

Hi all,

I have a couple of questions about the SendKeys command:

Question 1:

Is SendKeys using the Windows keyboard buffer and can keystrokes sent with SendKeys be detected and trapped by keylogger malware?

Question 2:

Can I use SendKeys to fill in forms on an external browser window? In other words, if, say, Firefox is running in addition to (outside) my NB pub, can I use SendKeys to fill in a web page form box displayed in Firefox (or any other browser)? If so, how do I resolve which program has focus and the identity of the form box? The only way I can envision this is to click on the form text box in Firefox, then click a button in my pub which uses the SendKeys command to send a string of text. As far as I can tell, the instant I click the button on my pub, it has the focus and the text box in Firefox no longer is identified.

Thanks.
User avatar
Enigman
 
Posts: 314
Joined: Tue Apr 12, 2005 3:57 pm
Location: Foothill Ranch, CA

Re: Questions about the SendKeys command

Postby Neosoft Support » Tue Sep 23, 2014 10:13 am

Is SendKeys using the Windows keyboard buffer and can keystrokes sent with SendKeys be detected and trapped by keylogger malware?


I don't think keys are sent through the hardware keyboard buffer, but rather sent as a Windows message. A Windows message could certainly be intercepted. SendKeys uses the Windows keybd_event function which is described here: http://msdn.microsoft.com/en-us/library/windows/desktop/ms646304(v=vs.85).aspx

Can I use SendKeys to fill in forms on an external browser window?


It depends on the browser. As you've discovered with FireFox, the control with the input focus will receive the keys sent by SendKeys. It's not possible to direct keys to specific controls in other programs - only the one with the input focus.
NeoSoft Support
Neosoft Support
NeoSoft Team
 
Posts: 5593
Joined: Thu Mar 31, 2005 10:48 pm
Location: Oregon, USA

Re: Questions about the SendKeys command

Postby Enigman » Tue Sep 23, 2014 10:27 am

It depends on the browser. As you've discovered with FireFox, the control with the input focus will receive the keys sent by SendKeys. It's not possible to direct keys to specific controls in other programs - only the one with the input focus.

Therein lies the problem. My question was related to asking how any external program, such as a browser, maintains a form box focus when I have to go back to my app and click a button to send the data. Or is there a way for me to click my app button first, and THEN go click the form box on a browser and have the data sent? In simpler terms, how do I use SendKeys to enter data in a browser web form? I am looking for an alternative to copy and paste.

People who would use my app are concerned about critical data being passed through the clipboard for fear that a memory logger malware program could see the data in memory.
User avatar
Enigman
 
Posts: 314
Joined: Tue Apr 12, 2005 3:57 pm
Location: Foothill Ranch, CA

Re: Questions about the SendKeys command

Postby Neosoft Support » Wed Sep 24, 2014 9:33 am

It depends entirely on the browser. Many apps will remember what control has the input focus and return to it when the app itself is re-focused. In that case once the desired control is focused in the app you can use NeoBook's SendKeys action to push keys into that control. If FireFox (for whatever reason) doesn't remember which control has the focus, then there probably isn't anything you can do about it.

Have you tried IE or Chrome?
NeoSoft Support
Neosoft Support
NeoSoft Team
 
Posts: 5593
Joined: Thu Mar 31, 2005 10:48 pm
Location: Oregon, USA

Re: Questions about the SendKeys command

Postby Enigman » Wed Sep 24, 2014 9:54 am

If FireFox (for whatever reason) doesn't remember which control has the focus, then there probably isn't anything you can do about it.

I haven't discovered anything yet, and I haven't tried ANY browser yet. I just used the name Firefox because to me that says "browser". I actually mean ANY browser.

Here's what I am trying to do as an alternative to copy and paste:

My app has usernames and passwords. I want to have my app do a series of SendKeys commands to enter data into username and password fields on a page in a browser. What I want to know is how to initiate that action and how to work out the timing.

Would I click a button on my app first, and then go to the browser and click into the text box? If so, how does my app know wait for that and when to send?

Do I click on the browser text box first and then click a button on my app? If so, how does SendKeys know where to send if my app has the focus instead of the browser?

I'm confused about the "cause and effect" of trying to do what I want. Nothing has been attempted so far with any browser.

Thanks.
User avatar
Enigman
 
Posts: 314
Joined: Tue Apr 12, 2005 3:57 pm
Location: Foothill Ranch, CA

This way ?

Postby virger » Wed Sep 24, 2014 11:24 am

Try this, maybe..

Code: Select all
{NeoBook 5 Objects}
NeoBookVer=5.80
ObjectType=20
Name=GrHtml
X=28
Y=24
W=580
H=177
Anchor=0
TabOrder=2
GroupBegin
ObjectType=14
Name=WebHtml
X=0
Y=35
W=262
H=142
Anchor=0
FileName=[PubDir]Html.html
VarName=[WebHtmlStatus]
TitleVarName=[WebHtmlTitle]
URLVarName=[WebHtml]
LineColor=0
LineWidth=1
LineStyle=0
FillColor=12632256
FillPattern=0
Font=Arial
FontSize=10
FontStyle=0
FontCharset=1
TextColor=0
TabOrder=0
ObjectType=8
Name=InfEntra
X=291
Y=29
W=289
H=148
Anchor=0
Font=Arial
FontSize=14
FontStyle=0
FontCharset=1
TextColor=0
Text={\rtf1\ansi\deff0\deftab254{\fonttbl{\f0\fnil\fcharset1 Arial;}}{\colortbl\red0\green0\blue0;\red255\green0\blue0;\red0\green128\blue0;\red0\green0\blue255;\red255\green255\blue0;\red255\green0\blue255;\red128\green0\blue128;\red128\green0\blue0;\red0\green255\blue0;\red0\green255\blue255;\red0\green128\blue128;\red0\green0\blue128;\red255\green255\blue255;\red192\green192\blue192;\red128\green128\blue128;\red0\green0\blue0;\red0\green0\blue0;}\paperw12240\paperh15840\margl1440\margr1440\margt1440\margb1440\margh720\margf720{\*\pnseclvl1\pnucrm\pnstart1\pnhang\pnindent720{\pntxtb}{\pntxta{.}}}¶{\*\pnseclvl2\pnucltr\pnstart1\pnhang\pnindent720{\pntxtb}{\pntxta{.}}}¶{\*\pnseclvl3\pndec\pnstart1\pnhang\pnindent720{\pntxtb}{\pntxta{.}}}¶{\*\pnseclvl4\pnlcltr\pnstart1\pnhang\pnindent720{\pntxtb}{\pntxta{)}}}¶{\*\pnseclvl5\pndec\pnstart1\pnhang\pnindent720{\pntxtb{(}}{\pntxta{)}}}¶{\*\pnseclvl6\pnlcltr\pnstart1\pnhang\pnindent720{\pntxtb{(}}{\pntxta{)}}}¶{\*\pnseclvl7\pnlcrm\pnstart1\pnhang\pnindent720{\pntxtb{(}}{\pntxta{)}}}¶{\*\pnseclvl8\pnlcltr\pnstart1\pnhang\pnindent720{\pntxtb{(}}{\pntxta{)}}}¶{\*\pnseclvl9\pndec\pnstart1\pnhang\pnindent720{\pntxtb{(}}{\pntxta{)}}}¶\endnhere\sectdefaultcl{\pard{\ql\li0\fi0\ri0\sb0\sl\sa0 \plain\f0\fs28\cf0 Usuario\par¶\ql\li0\fi0\ri0\sb0\sl\sa0 \plain\f0\fs20\cf0 \par¶\ql\li0\fi0\ri0\sb0\sl\sa0 \plain\f0\fs20\cf0 \par¶\ql\li0\fi0\ri0\sb0\sl\sa0 \plain\f0\fs28\cf0 Codigo}}¶}
HMargin=5
VMargin=5
LineColor=0
LineWidth=1
LineStyle=0
FillColor=14213368
FillPattern=0
TabOrder=1
ObjectType=9
Name=EnCodigo
X=371
Y=91
W=193
H=37
Anchor=0
Text=NeoBook2014
VarName=[vCodigo]
Align=1
EditPassword=Yes
EditLen=12
LineColor=0
LineWidth=1
LineStyle=0
FillColor=14219488
FillPattern=0
Font=Arial
FontSize=14
FontStyle=0
FontCharset=1
TextColor=0
TabOrder=2
ObjectType=9
Name=EnUsuario
X=371
Y=34
W=193
H=37
Anchor=0
Text=Virger
VarName=[vUsuario]
Align=1
EditLen=0
LineColor=0
LineWidth=1
LineStyle=0
FillColor=14219488
FillPattern=0
Font=Arial
FontSize=14
FontStyle=0
FontCharset=1
TextColor=0
TabOrder=3
ObjectType=3
Name=BtEnviar
X=498
Y=135
W=69
H=33
Anchor=0
Text=Enviar
Align=2
ImageStyle=0
XPTheme=Yes
ObjAction=BrowserSetElement "WebHtml" "usuario" "[vUsuario]"¶BrowserSetElement "WebHtml" "codigo" "[vCodigo]"¶¶BrowserExecScript "WebHtml" "document.getElementById('Enviar').click()" "JScript"
LineColor=0
LineWidth=1
LineStyle=0
FillColor=12632256
FillPattern=0
Font=Arial
FontSize=12
FontStyle=0
FontCharset=1
TextColor=0
TabOrder=4
ObjectType=3
Name=BtHtmlPhp
X=1
Y=0
W=169
H=29
Anchor=0
Text=Crear HTML/PHP
Align=2
ImageStyle=0
XPTheme=Yes
ObjAction=SetVar "[xWebHtml]" "[PubDir]Html.html"¶:Intente¶FileWrite "[PubDir]Php.php"   "All" "<!doctype html>[#13][#10]<html>[#13][#10]<head>[#13][#10]<meta charset=[#34]utf-8[#34]>[#13][#10]<title>RECIBE DE NEOBOOK</title>[#13][#10]</head>[#13][#10]<body>[#13][#10]<?php $usuario = $_GET[#91][#34]usuario[#34][#93];[#13][#10]$codigo =$_GET[#91][#34]codigo[#34][#93]; ?>[#13][#10]ENTRANDA DE === <?php echo $codigo ;?>[#13][#10]</br>[#13][#10]CODIGO === <?php echo $usuario ;?>[#13][#10]<hr size=[#34]4[#34]>[#13][#10]Usuario:<input name=[#34]usuario[#34] type=[#34]text[#34] value=[#34]<?php echo $usuario; ?>[#34] >[#13][#10]Codigo: <input name=[#34]codigo[#34] type=[#34]text[#34] value=[#34]<?php echo $codigo; ?>[#34] >[#13][#10]</body>[#13][#10]</html>"¶FileWrite "[PubDir]Html.html" "All" "<!doctype html>[#13][#10]<html>[#13][#10]<head>[#13][#10]<meta charset=[#34]utf-8[#34]>[#13][#10]<title>My Html In</title>[#13][#10]</head>[#13][#10]<body>[#13][#10]<form action=[#34]Php.php[#34] method=[#34]get[#34]>[#13][#10]Usuario:<input name=[#34]usuario[#34] id=[#34]usuario[#34] type=[#34]text[#34] value=[#34]Su Nombre[#34] size=[#34]20[#34] maxlength=[#34]30[#34]>[#13][#10]Codigo:<input name=[#34]codigo[#34] id=[#34]codigo[#34] type=[#34]password[#34] size=[#34]12[#34] maxlength=[#34]12[#34]>[#13][#10]<input name=[#34]enviar[#34] id=[#34]enviar[#34] type=[#34]submit[#34] value=[#34]Enviar[#34]>[#13][#10]</form>[#13][#10]</body>[#13][#10]</html>"¶fileexists "[PubDir]Html.html" "[sn]"¶if "[sn]" "=" "False"¶    gotoline "Intente"¶endif¶SetVar "[WebHtml]" "[xWebHtml]"¶delay "50"¶RefreshObject "WebHtml"
LineColor=0
LineWidth=1
LineStyle=0
FillColor=12632256
FillPattern=0
Font=Arial
FontSize=12
FontStyle=0
FontCharset=1
TextColor=0
TabOrder=5
GroupEnd


PURA VIDA
DESDE COSTA RICA
COSTA RICA
PURA VIDA
User avatar
virger
 
Posts: 509
Joined: Mon Sep 18, 2006 12:21 pm
Location: Costa Rica, America Central

Re: Questions about the SendKeys command

Postby Enigman » Wed Sep 24, 2014 11:46 am

I am asking about an external browser program, not an embedded browser object.

Thanks.
User avatar
Enigman
 
Posts: 314
Joined: Tue Apr 12, 2005 3:57 pm
Location: Foothill Ranch, CA

Re: Questions about the SendKeys command

Postby Tony Kroos » Thu Sep 25, 2014 2:07 am

Check other passkeepers software and see how it works, for example I do use AnyPassword (see "Send" tab in key's properties window). You set Window Caption and|or Class Name first (using finder tool, in Neobook u can use plugins to get receiver window info), then u can 1) find and 2) activate this window (browser, etc...), then 3) send keys to currently active window (hpwSendKeys can do all this job If I can remember). Navigate through browser html elements (forms, inputs) by sending TAB key, then Send Keys containing user/password to currently focused html element. And last thing - user have to set up these steps manually for each login form everywhere he needs (websites, etc...) since there's different environment, see how it works in other software (mentioned above for example).

p.s.: of course, at first you may want to check if the Window (browser etc...) has started already, otherwise have an option to start a link to login form (if u cannot find Window)
Tony Kroos
 
Posts: 402
Joined: Thu Oct 15, 2009 3:43 pm

Re: Questions about the SendKeys command

Postby Enigman » Thu Sep 25, 2014 8:25 am

Check other passkeepers software and see how it works, for example I do use AnyPassword

Checking other programs is something I do at times and then adopt what I like. I notice that the interface on other program tends to look like Windows explorer, though, and mine is more of a database entry form design.

You set Window Caption and|or Class Name first (using finder tool, in Neobook u can use plugins to get receiver window info), then u can 1) find and 2) activate this window (browser, etc...), then 3) send keys to currently active window (hpwSendKeys can do all this job If I can remember). Navigate through browser html elements (forms, inputs) by sending TAB key, then Send Keys containing user/password to currently focused html element. And last thing - user have to set up these steps manually for each login form everywhere he needs (websites, etc...) since there's different environment

In my design I really do not want to have functions that require huge amounts of rig-a-ma-roll for the user to have to do. I current offer a copy and paste solution for getting login information to forms. I thought If I could work out an easy way to have the program be able to auto-type into forms I would include that as well, but I really don't want to have users determining window handles and command line parameters just for the auto-login. My design revolves around simple database interface functions and strong data security as well as portability. It is designed to run exclusively from a flash drive.

Also, for security reasons, primarily, I cannot use plug-ins for this project. Whatever I do I have to be able to do it with native NB commands.

One approach I considered was to launch the username or password transmit on a timer, then the user clicks the box on the browser within ten seconds and it sends the keys to the focused object. I haven't tried that and it has the potential to be messy, so I dunno. If I can find a way to do this sans plug-in I will. Otherwise I will stick with copy and paste. But I will check out the program you suggested.

Thanks.
User avatar
Enigman
 
Posts: 314
Joined: Tue Apr 12, 2005 3:57 pm
Location: Foothill Ranch, CA

Re: Questions about the SendKeys command

Postby Neosoft Support » Thu Sep 25, 2014 10:11 am

The SendKeys action requires the name of the application exe in order to know where to send the keystrokes, so you will have to prompt your users for at least that much. For example, I'm using the Chrome browser to write this reply. The text box I'm typing into has the input focus. I can insert text into the box by executing the following from a running NeoBook app:

SendKeys "chrome.exe" "Hello from NeoBook!"

Hello from NeoBook!

It works!
NeoSoft Support
Neosoft Support
NeoSoft Team
 
Posts: 5593
Joined: Thu Mar 31, 2005 10:48 pm
Location: Oregon, USA

Re: Questions about the SendKeys command

Postby Tony Kroos » Thu Sep 25, 2014 10:24 am

a copy-paste solution? You will totally ruin security point of your application ) every keylogger has a clipboard monitor
Tony Kroos
 
Posts: 402
Joined: Thu Oct 15, 2009 3:43 pm

Re: Questions about the SendKeys command

Postby Enigman » Thu Sep 25, 2014 11:13 am

Tony Kroos wrote:a copy-paste solution? You will totally ruin security point of your application ) every keylogger has a clipboard monitor

Yes, well, ... it comes with a warning about that, and without it there is no option for transmitting data at all, so the clipboard is wiped on a short timer. Realistically since the data can be displayed on my screen I cannot stop them from copying and pasting manually, so I might as well administer it as much as possible. What's the alternative? If I block copy and paste then the user looks at my screen and manually types the U & P into the web form. Doesn't that play right into the hands of a keylogger? You betcha. So instead I offer a clipboard that lasts X seconds before it is cleared so transfer happens much faster than typing and no keys are pressed. It is some level of improvement, depending on what's going on in the user's system.

This is why I want to explore using SendKeys since it might be a little more obscure to try and trap the Windows OS message function. But, I'm also advising users that if they don't have something on their system to monitor for malware and remove it, then no software for passwords can protect them 100%. Anything a program does uses memory, and if a memory logger is allowed on their system, the system memory variables can be logged. Game over. Users must take some minimum level of responsibility for their own security. My program does as much as possible. It strongly secures the stored data, does not display the critical data on screen unless the user tells it to, provides virtual keyboards that do NOT use the keyboard buffer or Windows system, and has triple layer master login security. I also designed it to run exclusively from a flash drive so when you leave your system you take the drive with you and no data exists on the computer to be investigated by anyone while you are away. Anything else I can think of, or hear about, and add, I will.

Any kind of transmission of usernames and passwords can be hacked in some way. That's why I really don't want to go too far into that. If a user is concerned about security, then they must take minimum steps to enforce it. A malware/virus scanner is a must.

If you have any ideas about a better way to transmit logins, I would LOVE to hear it. :D

Thanks.
User avatar
Enigman
 
Posts: 314
Joined: Tue Apr 12, 2005 3:57 pm
Location: Foothill Ranch, CA

Re: Questions about the SendKeys command

Postby Enigman » Thu Sep 25, 2014 11:25 am

I'm using the Chrome browser to write this reply. The text box I'm typing into has the input focus. I can insert text into the box by executing the following from a running NeoBook app:

SendKeys "chrome.exe" "Hello from NeoBook!"

Hmmmmm ... so if I first focus a text box in the browser, then click over to a NB app and click a send button, Chrome still remembers it's last focused object and as long as I point to the exe the data will arrive?

Okay, I can work with that. I could add an option to the Options box asking what browser they use for logging into websites, then provide a radio button list of known browsers and set the exe name in the background.

Do you have any idea how "hackable" the sendKeys Windows messaging is compared to other methods?

Thanks much. :D
User avatar
Enigman
 
Posts: 314
Joined: Tue Apr 12, 2005 3:57 pm
Location: Foothill Ranch, CA

Re: Questions about the SendKeys command

Postby Tony Kroos » Thu Sep 25, 2014 12:36 pm

Do you have any idea how "hackable" the sendKeys Windows messaging is compared to other methods?

it's hackable easily, for example see API Monitor tool. but it's definitely more secure than copypaste, bcoz since clipboard is a native windows component, AV pay absolutely no attention to it, but tools like api monitor will be possibly detected...

I bet u can pick some good ideas from this article
Tony Kroos
 
Posts: 402
Joined: Thu Oct 15, 2009 3:43 pm

Re: Questions about the SendKeys command

Postby Tony Kroos » Thu Sep 25, 2014 1:00 pm

also there's no point in security when the user "securely" gets login-password into login form and then uses a non-SSLsecured regular HTTP connection...
Tony Kroos
 
Posts: 402
Joined: Thu Oct 15, 2009 3:43 pm

Next

Return to NeoBook Action Commands

Who is online

Users browsing this forum: No registered users and 2 guests