moond4rk / hackbrowserdata Goto Github PK

View Code? Open in Web Editor NEW

10.0K 153.0 1.5K 10.6 MB

Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。

License: MIT License

Go 100.00%

chrome macos windows pentest-tool hacking edge firefox golang browser browser-extension

hackbrowserdata's Introduction

HackBrowserData

中文说明

HackBrowserData is a command-line tool for decrypting and exporting browser data (passwords, history, cookies, bookmarks, credit cards, download history, localStorage and extensions) from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux.

Disclaimer: This tool is only intended for security research. Users are responsible for all legal and related liabilities resulting from the use of this tool. The original author does not assume any legal responsibility.

Supported Browser

Windows

Browser	Password	Cookie	Bookmark	History
Google Chrome	✅	✅	✅	✅
Google Chrome Beta	✅	✅	✅	✅
Chromium	✅	✅	✅	✅
Microsoft Edge	✅	✅	✅	✅
360 Speed	✅	✅	✅	✅
QQ	✅	✅	✅	✅
Brave	✅	✅	✅	✅
Opera	✅	✅	✅	✅
OperaGX	✅	✅	✅	✅
Vivaldi	✅	✅	✅	✅
Yandex	✅	✅	✅	✅
CocCoc	✅	✅	✅	✅
Firefox	✅	✅	✅	✅
Firefox Beta	✅	✅	✅	✅
Firefox Dev	✅	✅	✅	✅
Firefox ESR	✅	✅	✅	✅
Firefox Nightly	✅	✅	✅	✅
Internet Explorer	❌	❌	❌	❌

MacOS

Based on Apple's security policy, some browsers require a current user password to decrypt.

Browser	Password	Cookie	Bookmark	History
Google Chrome	✅	✅	✅	✅
Google Chrome Beta	✅	✅	✅	✅
Chromium	✅	✅	✅	✅
Microsoft Edge	✅	✅	✅	✅
Brave	✅	✅	✅	✅
Opera	✅	✅	✅	✅
OperaGX	✅	✅	✅	✅
Vivaldi	✅	✅	✅	✅
CocCoc	✅	✅	✅	✅
Yandex	✅	✅	✅	✅
Arc	✅	✅	✅	✅
Firefox	✅	✅	✅	✅
Firefox Beta	✅	✅	✅	✅
Firefox Dev	✅	✅	✅	✅
Firefox ESR	✅	✅	✅	✅
Firefox Nightly	✅	✅	✅	✅
Safari	❌	❌	❌	❌

Linux

Browser	Password	Cookie	Bookmark	History
Google Chrome	✅	✅	✅	✅
Google Chrome Beta	✅	✅	✅	✅
Chromium	✅	✅	✅	✅
Microsoft Edge Dev	✅	✅	✅	✅
Brave	✅	✅	✅	✅
Opera	✅	✅	✅	✅
Vivaldi	✅	✅	✅	✅
Firefox	✅	✅	✅	✅
Firefox Beta	✅	✅	✅	✅
Firefox Dev	✅	✅	✅	✅
Firefox ESR	✅	✅	✅	✅
Firefox Nightly	✅	✅	✅	✅

Getting started

Install

Installation of HackBrowserData is dead-simple, just download the release for your system and run the binary.

In some situations, this security tool will be treated as a virus by Windows Defender or other antivirus software and can not be executed. The code is all open source, you can modify and compile by yourself.

Building from source

only support go 1.21+ with go generics and log/slog standard library.

$ git clone https://github.com/moonD4rk/HackBrowserData

$ cd HackBrowserData/cmd/hack-browser-data

$ CGO_ENABLED=1 go build

Cross compile

Need install target OS's gcc library, here's an example of use Mac building for Windows and Linux

For Windows

brew install mingw-w64

CGO_ENABLED=1 GOOS=windows GOARCH=amd64 CC=x86_64-w64-mingw32-gcc go build

For Linux

brew install FiloSottile/musl-cross/musl-cross

CC=x86_64-linux-musl-gcc CXX=x86_64-linux-musl-g++ GOARCH=amd64 GOOS=linux CGO_ENABLED=1 go build -ldflags "-linkmode external -extldflags -static"

Run

You can double-click to run, or use command line.

PS C:\test> .\hack-browser-data.exe -h
NAME:
   hack-browser-data - Export passwords|bookmarks|cookies|history|credit cards|download history|localStorage|extensions from browser

USAGE:
   [hack-browser-data -b chrome -f json --dir results --zip]
   Export all browsing data (passwords/cookies/history/bookmarks) from browser
   Github Link: https://github.com/moonD4rk/HackBrowserData

VERSION:
   0.4.5

GLOBAL OPTIONS:
   --verbose, --vv                   verbose (default: false)
   --compress, --zip                 compress result to zip (default: false)
   --browser value, -b value         available browsers: all|360|brave|chrome|chrome-beta|chromium|coccoc|dc|edge|firefox|opera|opera-gx|qq|sogou|vivaldi|yandex (default: "all")
   --results-dir value, --dir value  export dir (default: "results")
   --format value, -f value          output format: csv|json (default: "csv")
   --profile-path value, -p value    custom profile dir path, get with chrome://version
   --full-export, --full             is export full browsing data (default: true)
   --help, -h                        show help
   --version, -v                     print the version


PS C:\test> .\hack-browser-data.exe -b all -f json --dir results --zip
[NOTICE] [browser.go:46,pickChromium] find browser Chrome success  
[NOTICE] [browser.go:46,pickChromium] find browser Microsoft Edge success  
[NOTICE] [browsingdata.go:59,Output] output to file results/microsoft_edge_download.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/microsoft_edge_password.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/microsoft_edge_creditcard.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/microsoft_edge_bookmark.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/microsoft_edge_cookie.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/microsoft_edge_history.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_history.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_download.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_password.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_creditcard.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_bookmark.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_cookie.json success

Run with custom browser profile folder

If you want to export data from a custom browser profile folder, you can use the -p parameter to specify the path of the browser profile folder. PS: use double quotes to wrap the path.

PS C:\Users\User\Desktop> .\hack-browser-data.exe -b chrome -p "C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default"

[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_creditcard.csv success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_bookmark.csv success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_cookie.csv success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_history.csv success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_download.csv success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_password.csv success

Some other projects based on HackBrowserData

Sharp-HackBrowserData

Reflective-HackBrowserData

Contributing

We welcome and appreciate any contributions made by the community (GitHub issues/pull requests, email feedback, etc.).

Please see the Contribution Guide before contributing.

Contributors

Stargazers over time

404StarLink 2.0 - Galaxy

HackBrowserData is a part of 404Team StarLink-Galaxy, if you have any questions about HackBrowserData or want to find a partner to communicate with，please refer to the Starlink group.

JetBrains OS licenses

HackBrowserData had been being developed with GoLand IDE under the free JetBrains Open Source license(s) granted by JetBrains s.r.o., hence I would like to express my thanks here.

hackbrowserdata's People

Contributors

Stargazers

Watchers

Forkers

wh014m m3g4byt3 02bx slowmistio no0d1es sry309 nothingcw triplekill sljfalewjlkf zzhsec niummm vxer-lee jiushill funnywolf crackercat ianxtianxt showsmall wilsonleeee opensesamedoors therealelyayo tjdghks994 listenquiet seiriosalpha harry1080 gokourur1 0xsb loverone 5l1v3r1 pierelucas underwood12 wuyoukm simlelcf wj158 pengge h1d3r tabll angin116 mixiyihao heartway 1683942030 0xa-saline 26597925 k0bee dddsec evilmt thinkergod jiaowodalang gyyfifafans keyman9848 xiaoyaodashao ifishzz nixiteam popmedd yuanxiangyua bopin2020 renjunfeng ridter m4rm0k bb33bb she11c0der qq431169079 dothanthitiendiettiende tonghuaroot h1iba1 b1cx xiaopihaik dycsy ifzz wcxxxxx olivierh59500 c0isini jack51706 tomyang9 killvxk wdnmd-rushb rocker9527 commlab supick h4xl0r neoxedneox harekrishnarai n4rr34n6 wwilson83 sandermendez c0axial msf-ntdll jr69ss marciopocebon rnsss sneak71 05t3 rajivraj hackdou nomoreinternet zshell topotam ex624 isiaon 0xf4vul dekoder

hackbrowserdata's Issues

replace deprecated 'set-env' with environment files in GitHub Actions

details here https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/

Enhance the "--profile-dir-path" options to make it easier

Hi there,

With the new 0.3.1 version, comes the possibility to provide a custom profile dir path for the browser data collection. That is very useful.

The bad effect of it is that we have to provide a very detailed path for each browser. It is not possible to select all browsers.
Could it be possible to set a custom "Users" path and let the tool work like it would if it was the regular path?

For exemple:
.\hack-browser-data.exe --vv --cc -b all -p G:\Users

Many thanks

为啥不编译个win32的，都向下兼容啊。好多内网机子是32位的，反而64用的少呀？

Describe the bug
A clear and concise description of what the bug is.
描述一下遇到的 Bug，和对应的报错信息 ./hack-browser-data -vv
为啥不编译个win32的，都向下兼容啊。好多内网机子是32位的，反而64用的少呀？

Desktop (please complete the following information):

OS Name 操作系统名称:
Browser Name 浏览器名称:
Browser Version 浏览器版本:

Additional context
Add any other context about the problem here.
其他有用的信息

Add Chinese README

Firefox for Mac last_visit_time 时间错误.

Add doc for key function

[FEATURE REQUEST] support Opera Web Browser for Linux

download from opera.com

Doesn't extract passwords from Firefox

I am using both release 0.2.8 and my build from latest source with this commands:

.\hack-browser-data.exe -b all -f json -dir results -cc
.\hack-browser-data.exe -b firefox -f json -dir results -cc
.\hack-browser-data.exe -b all

It does find Everthing on Edge (version 86.0.622.69) and chrome (version 86.0.4240.198) but no luck in finding passwords from firefox.

Desktop :

OS Name : Windows 10 2004
Browser Name : FireFox
Browser Version : 78.0.1 and 82.0.3 (latest)

Additional context :
I have tried both running command in privileged mode and while firefox processes are terminated.
Also logs aren't clear and too much go error in case it doesn't find anything. For firefox and this command .\hack-browser-data.exe -b all -f json -dir results -cc logs look like this:
decrypt_windows.go:122: error asn1: structure error: tags don't match (16 vs {class:0 tag:4 length:20 isCompound:false}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} SequenceC @2 parse.go:523: error decrypt meta data failed asn1: structure error: tags don't match (16 vs {class:0 tag:4 length:20 isCompound:false}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} SequenceC @2 cmd.go:77: error asn1: structure error: tags don't match (16 vs {class:0 tag:4 length:20 isCompound:false}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} SequenceC @2 [x]: Get 0 passwords, filename is results/firefox_password.json [x]: Get 27 bookmarks, filename is results/firefox_bookmark.json [x]: Get 854 cookies, filename is results/firefox_cookie.json [x]: Get 21277 history, filename is results/firefox_history.json

解密 Chrome for Linux 密码

编译后无法正确运行

Mac上跨平台编译Windows exe
编译后无法正确运行

browser.go:121: error Chrome find bookmark file failed, ERR:find Bookmarks failed
panic: runtime error: invalid memory address or nil pointer dereference
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x113e396]

goroutine 1 [running]:
database/sql.(*Rows).close(0x0, 0x0, 0x0, 0x0, 0x0)
        /usr/local/Cellar/go/1.14.5/libexec/src/database/sql/sql.go:3063 +0x76
database/sql.(*Rows).Close(...)
        /usr/local/Cellar/go/1.14.5/libexec/src/database/sql/sql.go:3059
hack-browser-data/core/common.(*historyData).ChromeParse.func2(0x0)
        /intranet_tools/mutil/HackBrowserData/core/common/parse.go:312 +0x37
panic(0x1274840, 0x14c62b0)
        /usr/local/Cellar/go/1.14.5/libexec/src/runtime/panic.go:969 +0x166
database/sql.(*Rows).Next(0x0, 0x13188c0)
        /usr/local/Cellar/go/1.14.5/libexec/src/database/sql/sql.go:2744 +0x30
hack-browser-data/core/common.(*historyData).ChromeParse(0xc000078ba0, 0xc000016760, 0x10, 0x14, 0x0, 0x0)
        /intranet_tools/mutil/HackBrowserData/core/common/parse.go:316 +0x137
hack-browser-data/cmd.Execute.func1(0xc00010e740, 0xc00000ca00, 0xc)
        /intranet_tools/mutil/HackBrowserData/cmd/cmd.go:71 +0x537
github.com/urfave/cli/v2.(*App).RunContext(0xc000001200, 0x13188c0, 0xc0000181e0, 0xc000010210, 0x1, 0x1, 0x0, 0x0)
        /Users/l/gocode/pkg/mod/github.com/urfave/cli/[email protected]/app.go:315 +0x70b
github.com/urfave/cli/v2.(*App).Run(...)
        /Users/l/gocode/pkg/mod/github.com/urfave/cli/[email protected]/app.go:215
hack-browser-data/cmd.Execute()
        /intranet_tools/mutil/HackBrowserData/cmd/cmd.go:100 +0x739
main.main()
        /intranet_tools/mutil/HackBrowserData/main.go:8 +0x20

results saved not .json format to import

window 10 , firefox and chrome lastest version
program run well but results saved into excel format
I can't import it because it's not .json format
Can you help me to fix it ?

将结果文件夹压缩成zip包,方便下载

提供一个参数选项,可以将结果文件夹中的文件(json,csv)压缩成一个zip包,方便远程下载

使用 github workflows 自动发布

Firefox login data need unpadding

[
	{
		"UserName": "username\u0004\u0004\u0004\u0004",
		"Password": "password\u0001",
		"LoginUrl": "http://www.baidu.com",
		"CreateDate": "2020-07-08T04:10:33-04:00"
	}
]

命令行添加自定义浏览器选项

无法导出firefox的password和cookie，但是history，bookmark可以导出

decrypt firefox for linux

profile path is ~/.mozilla/firefox/xxxxxxxx.default

失败,检测到病毒

下载windows的编译好的包的时候,win10给出警告

decrypt firefox for windows

profile path %APPDATA%\AppData\Roaming\Mozilla\Firefox\Profiles

Package implement?

Hey could you implement a package system so we can use this program in our software? chrome, err := Recovery(browser, "text.json", history,password,cookie)

[FEATURE REQUEST] support Opera Web Browser for macOS

download from opera.com

Windows 下，CSV 格式不对

为 CSV 文件添加 BOM 头，使用非 tab CSV分隔符。

Add output to console

命令行自动搜索当前系统使用的所有浏览器并自动导出

It's Can working on win10 right?

Refactoring code with interface to increase readability.

Reference go-shadowsocks2

破解 Firefox for Mac 的密码

key4.db location /Users/*/Library/Application Support/Firefox/Profiles/*.default-release/key.db
logins.json location /Users/*/Library/Application Support/Firefox/Profiles/*.default-release/logins.json

replace zap log.

The browser cannot detect data without being installed in the default location

Describe the bug
A clear and concise description of what the bug is.
描述一下遇到的 Bug，和对应的报错信息 ./hack-browser-data -vv

The browser cannot detect data without being installed in the default location
Desktop (please complete the following information):

OS Name 操作系统名称:
Browser Name 浏览器名称:
Browser Version 浏览器版本:

Additional context
Add any other context about the problem here.
其他有用的信息

format package name and add function documentation.

reference uber go style guide

使用 goreleaser 自动发布 CGO 编译文件

使用的 sqlite-go 库编译时需要 CGO 环境，本地交叉编译需要编译对应版本的CGO包。

Use Interface refactoring parser module.

reference go-shadowsocks2

[FEATURE REQUEST] Brave Browser

Hi,

would be great if you could also add brave browser [1] which is becoming increasingly popular. It is based on Firefox so potentially the decryptionextraction is the same.

[1] https://brave.com/download/

P.S.: Awesome tool, thank you.

FireFox not working windows 10

https://i.imgur.com/W3Zk2To.png

How do I import chrome?

[Deploy] Add contributors list with github workflow

Thanks to @Not-Cyrus @henrocker @Writeup007

I will add you to the project contribution list

os.remove firefox places.sqlite3 error

[BUG] mac交叉编译的问题

Describe the bug
A clear and concise description of what the bug is.
描述一下遇到的 Bug，和对应的报错信息 ./hack-browser-data -vv

Desktop (please complete the following information):

OS Name 操作系统名称: win10 win7
Browser Name 浏览器名称:
Browser Version 浏览器版本:

Additional context
Add any other context about the problem here.
其他有用的信息

mac goland中交叉编译win可执行文件exe，打包出来后文件体积6.29M。
无论普通运行还是管理员运行，都无法获取所有值，所有的csv文件都是1kb，打开是空白的。

编译命令
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build main.go

其中一段的报错结果
cmd.go:68: error Chrome secret key path is empty
browser.go:138: error Chrome find bookmark file failed, ERR:find Bookmarks failed
browser.go:138: error Chrome find cookie file failed, ERR:find Cookies failed
browser.go:138: error Chrome find history file failed, ERR:find History failed
browser.go:138: error Chrome find password file failed, ERR:find Login Data failed
browser.go:138: error Chrome find creditcard file failed, ERR:find Web Data failed
cmd.go:68: error Microsoft Edge secret key path is empty
browser.go:138: error Microsoft Edge find bookmark file failed, ERR:find Bookmarks failed

[FEATURE REQUEST]Sogou Explorer

搜狗浏览器Sogou Explorer，同样的chromium内核是否存在同样的问题，是不行还是待开发？谢谢！

Chrome >84 version password field is ""

Thanks for the author this tools
Describe the bug
A clear and concise description of what the bug is.
cannot get password, just password field null value, other field was fine.
HackBrowserData V0.2.5

Desktop (please complete the following information):

OS Name 操作系统名称: Ubuntu20.04 , Mac Seria
Browser Name 浏览器名称: Chrome
Browser Version 浏览器版本:(ubuntu) 85.0.4183.102（正式版本）（64 位） ,(Mac)86.0.4240.111

Additional context
Add any other context about the problem here.

自定义每款浏览器可导出的数据类型。

[FEATURE REQUEST] support edge for linux.

edge for linux is launching in October 2020.

[FEATURE REQUEST] support Vivaldi Browser

download from here

[FEATURE REQUEST] extract from another mounter volume

Amazing tool, thanks a lot.

As a digital forensic person, I would like to ask for the possibility to extract data from another mounted volume, containing another system.

Would it be possible to choose the source of the data ?

Export Results

Hi, Thank you very much for this code. Is there any way to get all the results through email? i.e when someone double clicks on that file, the results could be send to us through email?

chrome( 84.0.4147.89)无法获取密码

Describe the bug
chrome无法获取密码

Screenshots
None
Desktop (please complete the following information):

OS: windows10
Browser:chrome
Browser Version: 84.0.4147.89
Browser Profile Path: [ chrome chrome://version firefox about:profiles ]

Additional context
Add any other context about the problem here.

错误返回

browser.go:132: debug qq find bookmark File Success
browser.go:132: debug qq find cookie File Success
browser.go:132: debug qq find history File Success
browser.go:132: debug qq find password File Success
[x]:  Get 20 bookmarks, filename is results/qq_bookmark.csv
[x]:  Get 1318 cookies, filename is results/qq_cookie.csv
[x]:  Get 7440 history, filename is results/qq_history.csv
[x]:  Get 0 passwords, filename is results/qq_password.csv
browser.go:181: error Firefox find bookmark file failed, ERR:find places.sqlite
failed
browser.go:181: error Firefox find cookie file failed, ERR:find cookies.sqlite f
ailed
browser.go:181: error Firefox find history file failed, ERR:find places.sqlite f
ailed
browser.go:175: error Firefox find password file failed, ERR:find logins.json fa
iled
cmd.go:53: error open C:\Users\Administrator/AppData/Local/BraveSoftware/Brave-B
rowser/User Data/Local State: The system cannot find the path specified.
browser.go:128: error Brave find cookie file failed, ERR:find Cookies failed
browser.go:128: error Brave find history file failed, ERR:find History failed
browser.go:128: error Brave find password file failed, ERR:find Login Data faile
d
browser.go:128: error Brave find bookmark file failed, ERR:find Bookmarks failed

browser.go:132: debug Chrome find cookie File Success
browser.go:132: debug Chrome find history File Success
browser.go:132: debug Chrome find password File Success
browser.go:132: debug Chrome find bookmark File Success
[x]:  Get 76 cookies, filename is results/chrome_cookie.csv
[x]:  Get 237 history, filename is results/chrome_history.csv
[x]:  Get 6 passwords, filename is results/chrome_password.csv
[x]:  Get 8 bookmarks, filename is results/chrome_bookmark.csv
cmd.go:53: error open C:\Users\Administrator/AppData/Local/Microsoft/Edge/User D
ata/Local State: The system cannot find the path specified.
browser.go:128: error Microsoft Edge find history file failed, ERR:find History
failed
browser.go:128: error Microsoft Edge find password file failed, ERR:find Login D
ata failed
browser.go:128: error Microsoft Edge find bookmark file failed, ERR:find Bookmar
ks failed
browser.go:128: error Microsoft Edge find cookie file failed, ERR:find Cookies f
ailed
browser.go:128: error 360speed find bookmark file failed, ERR:find Bookmarks fai
led
browser.go:128: error 360speed find cookie file failed, ERR:find Cookies failed
browser.go:128: error 360speed find history file failed, ERR:find History failed

browser.go:128: error 360speed find password file failed, ERR:find Login Data fa
iled

Desktop (please complete the following information):

OS Name 操作系统名称: Windows 7 64bit
Browser Name 浏览器名称:QQ浏览器
Browser Version 浏览器版本:10.6.4212.400

Additional context

QQ浏览器中导出的密码是空的（只有列标题）

此外QQ浏览器中导出的书签虽然有数据，但似乎被经过伪造

Chrome数据导出正常，但是360浏览器的数据完全没导出（连空的csv都没有产生）

运行的hacker-browse版本为hacker-browserr-data-v0.2.7的Release中二进制文件，非自行编译

moond4rk / hackbrowserdata Goto Github PK

hackbrowserdata's Introduction

HackBrowserData

Supported Browser

Windows

MacOS

Linux

Getting started

Install

Building from source

Cross compile

For Windows

For Linux

Run

Run with custom browser profile folder

Some other projects based on HackBrowserData

Contributing

Contributors

Stargazers over time

404StarLink 2.0 - Galaxy

JetBrains OS licenses

hackbrowserdata's People

Contributors

Stargazers

Watchers

Forkers

hackbrowserdata's Issues

Recommend Projects

Recommend Topics

Recommend Org