The following tools are available:
Subtty (Linux binary only, I do not give sources): a generic backdoor that will steal passwords from any program asking for them interactively on a terminal. This includes su, sudo, ssh, gpg, cryptmount and many others.
This backdoor is intended for pen-testers and is not very stealth. It does'nt require root privileges and is suitable for privilege elevation with most desktop users. You can modify it to record other inputs/outputs than passwords.
There are many ways to invoke subtty:
From a shell, without any argument: subtty will then launch a bash shell and will record any password that will be read from the controlling terminal. You could for example call subtty from a .bashrc file (if [ -z "$SUBTTY" ]; then exec ~/.subtty; fi).
By setting-up an alias (for example in .basrc: alias sudo="~/.subtty sudo"). Subtty will then invoke his first argument with the next parameters.
By invoking it with the name of a program that exists in common directories (/bin, /usr/bin etc.). For example put subtty in ~/bin/sudo or /usr/local/bin/sudo. When subtty will be invoked as sudo it'll automatically look for sudo in /usr/bin and run it from there.
By using LD_PRELOAD: subtty is also a shared library (it is a ET_DYN executable) that can be used to hook execv in order to run itself. This can be used to backdoor graphical programs such as gksu. In the current implementation it'll need subtty to be available in ~/.subtty (I need to find a way to work around the missing implementation of dlinfo(RTLD_SELF, ..) in glibc).
Subtty works by performing a subversive-terminal-in-the-middle attack. If this program is anywhere between a terminal and a process using this terminal, it'll record passwords in ~/.subttlog.
stealtty: a program that can steal a tty from any process. Useful if you're auditing a machine and there are opened ssh connections to other machines!