I recently stumbled across a presentation of Chema Alonso from the Defcon 20 Conference where he was talking about how he created a Javascript botnet from scratch and how he used it to find scammers and hackers.
Everything is done via a stock SQUID proxy with small config changes.
The idea is pretty simple:
[Server] Install Squid on a linux server
[Payload] Modify the server so all transmitted javascript files will get one extra piece of code that does things like send all data entered in forms to your server
[Cache] Set the caching time of the modified .js files as high as possible
Read More:
https://blog.haschek.at/post/fd9bc
