Connect with us

Ethical Hacking/Pen Testing

HackBrowserData: Decrypt passwords/cookies/history/bookmarks from the browser

Published

on

Disclaimer

HackBrowserData is an open-source tool that could help you decrypt data ( password|bookmark|cookie|history|credit card|download|localStorage|extension ) from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux.

Disclaimer: This tool is limited to security research only, and the user assumes all legal and related responsibilities arising from its use! The author assumes no legal responsibility!

Supported Browser

Windows

Browser Password Cookie Bookmark History
Google Chrome
Google Chrome Beta
Chromium
Microsoft Edge
360 Speed
QQ
Brave
Opera
OperaGX
Vivaldi
Yandex
CocCoc
Firefox
Firefox Beta
Firefox Dev
Firefox ESR
Firefox Nightly
Internet Explorer

MacOS

Based on Apple’s security policy, some browsers require a current user password to decrypt.

Browser Password Cookie Bookmark History
Google Chrome
Google Chrome Beta
Chromium
Microsoft Edge
Brave
Opera
OperaGX
Vivaldi
CocCoc
Firefox
Firefox Beta
Firefox Dev
Firefox ESR
Firefox Nightly
Yandex
Safari

Linux

Browser Password Cookie Bookmark History
Google Chrome
Google Chrome Beta
Chromium
Microsoft Edge Dev
Brave
Opera
Vivaldi
Firefox
Firefox Beta
Firefox Dev
Firefox ESR
Firefox Nightly

Getting started

Install

Installation of HackBrowserData is dead-simple, just download the release for your system and run the binary.

In some situations, this security tool will be treated as a virus by Windows Defender or other antivirus software and can not be executed. The code is all open source, you can modify and compile by yourself.

Building from source

only support go 1.18+ with go generics

$ git clone https://github.com/moonD4rk/HackBrowserData

$ cd HackBrowserData/cmd/hack-browser-data

$ CGO_ENABLED=1 go build

Cross compile

Need install target OS’s gcc library, here’s an example of use Mac building for Windows and Linux

For Windows

brew install mingw-w64

CGO_ENABLED=1 GOOS=windows GOARCH=amd64 CC=x86_64-w64-mingw32-gcc go build

For Linux

brew install FiloSottile/musl-cross/musl-cross

CC=x86_64-linux-musl-gcc CXX=x86_64-linux-musl-g++ GOARCH=amd64 GOOS=linux CGO_ENABLED=1 go build -ldflags "-linkmode external -extldflags -static"

Run

You can double-click to run, or use command line.

PS C:\test> .\hack-browser-data.exe -h
NAME:
   hack-browser-data - Export passwords/cookies/history/bookmarks from browser

USAGE:
   [hack-browser-data -b chrome -f json -dir results -cc]
   Export all browingdata(password/cookie/history/bookmark) from browser
   Github Link: https://github.com/moonD4rk/HackBrowserData

GLOBAL OPTIONS:
   --verbose, --vv                   verbose (default: false)
   --compress, --zip                 compress result to zip (default: false)
   --browser value, -b value         available browsers: all|chrome|opera-gx|vivaldi|coccoc|brave|edge|chromium|chrome-beta|opera|yandex|firefox (default: "all")
   --results-dir value, --dir value  export dir (default: "results")
   --format value, -f value          file name csv|json (default: "csv")
   --profile-path value, -p value    custom profile dir path, get with chrome://version
   --help, -h                        show help (default: false)
   --version, -v                     print the version (default: false)


PS C:\test>  .\hack-browser-data.exe -b all -f json --dir results -zip
[NOTICE] [browser.go:46,pickChromium] find browser Chrome success  
[NOTICE] [browser.go:46,pickChromium] find browser Microsoft Edge success  
[NOTICE] [browsingdata.go:59,Output] output to file results/microsoft_edge_download.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/microsoft_edge_password.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/microsoft_edge_creditcard.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/microsoft_edge_bookmark.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/microsoft_edge_cookie.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/microsoft_edge_history.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_history.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_download.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_password.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_creditcard.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_bookmark.json success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_cookie.json success  

Run with custom browser profile folder

PS C:\Users\User\Desktop> .\hack-browser-data.exe -b chrome -p 'C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default'

[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_creditcard.csv success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_bookmark.csv success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_cookie.csv success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_history.csv success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_download.csv success  
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_password.csv success  

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Ethical Hacking/Pen Testing

Lazy Script ( A perfect Automated All in 1 script for all Newbies ) for Ethical Hacking

Published

on

By

Welcome to the LAZY script v2.1.4

A video Hackersploit made : https://www.youtube.com/watch?v=oBpo5sElrMY

A video sstec made: https://www.youtube.com/watch?v=gSO7c2MN7TY

For feature-recommendation , add it on the “Issues” tab. NOW!

I AM NOT RESPONSIBLE HOW YOU USE THIS TOOL.BE LEGAL AND NOT STUPID.

This script will make your life easier, and of course faster.

Its not only for noobs.Its for whoever wants to type less and do actually more.

What is this

This is a script for Kali Linux that automates many procedures about wifi penetration and hacking. I actually made it for fun for me just to save some time, but i don’t mind publicing it.

Features

NEW FEATURE: Custom keyboard shortcuts!! Launch any tool within lscript , with your own shortcuts!!! (type ks to set your shortcuts)

Enabling-Disabling interfaces faster Changing Mac faster Anonymizing yourself faster View your public IP faster View your MAC faster

TOOLS

You can install whichever tool(s) you want from within lscript! 
Fluxion                         by Deltaxflux
WifiTe                          by derv82
Wifiphisher                     by George Chatzisofroniou
Zatacker                        by LawrenceThePentester
Morpheus                        by Pedro ubuntu  [ r00t-3xp10it ]
Osrframework                    by i3visio
Hakku                           by 4shadoww
Trity                           by Toxic-ig
Cupp                            by Muris Kurgas
Dracnmap                        by Edo -maland-
Fern Wifi Cracker               by Savio-code
Kichthemout                     by Nikolaos Kamarinakis & David Schütz
BeeLogger                       by Alisson Moretto - 4w4k3
Ghost-Phisher                   by Savio-code
Mdk3-master                     by Musket Developer
Anonsurf                        by Und3rf10w
The Eye                         by EgeBalci
Airgeddon                       by v1s1t0r1sh3r3
Xerxes                          by zanyarjamal
Ezsploit                        by rand0m1ze
Katana framework                by PowerScript
4nonimizer                      by Hackplayers
Sslstrip2                       by LeonardoNve
Dns2proxy                       by LeonardoNve
Pupy                            by n1nj4sec
Zirikatu                        by pasahitz
TheFatRat                       by Sceetsec
Angry IP Scanner                by Anton Keks
Sniper                          by 1N3
ReconDog                        by UltimateHackers
RED HAWK                        by Tuhinshubhra
Routersploit                    by Reverse shell
CHAOS                           by Tiagorlampert
Winpayloads                     by Ncc group 
Infoga                          by m4ll0k
nWatch                          by Suraj
Eternal scanner                 by Peterpt
Eaphammer                       by S0lst1c3
Dagon                           by Ekultek
LALIN                           by Screetsec
Ngrok                           by inconshreveable + more
Kwetza                          by Chris Le Roy
Bleachbit                       by Andrew Ziem
Operative framework             by Tristan Granier
Netattack2                      by Christian Klein
Findsploit                      by 1N3
Howdoi                          by Benjamin Gleitzman
Dr0p1t-Framework                by Karim Shoair
FakeImageExploiter              by r00t-3xp10it
Leviathan                       by Utku Sen, Ozge Barbaros
WiFi-Pumpkin                    by P0cL4bs
Avet                            by govolution
Meterpreter_Paranoid_Mode-SSL   by r00t-3xp10it
Koadic                          by zerosum0x0
Empire                          by Will Schroeder,
                                       Justin Warner, 
                                       Matt Nelson,
                                       Steve Borosh,
                                       Alex Rymdeko-harvey, 
                                       Chris Ross
Veil                            by ChrisTruncer
SecHub                          by JoshDelta
DKMC                            by Mr.Un1k0d3r RingZer0 Team
Demiguise                       by Richard Warren
UniByAv                         by Mr.Un1k0d3r RingZer0 Team
LFISuite                        by D35m0nd142
Faraday                         by Infobyte
MSFPC                           by g0tmi1k
NoSQLMap                        by codingo, tcsstool
Evil-Droid                      by Mascerano Bachir
Iftop                           by Paul Warren, Chris Lightfoot
MORE ARE BEING ADDED ON EVERY UPDATE

Wifi password scripts

Handshake       (WPA-WPA2)
Find WPS pin    (WPA-WPA2)
WEP hacking     (WEP)    

Others

Email spoofing
Metasploit automation (create payloads,listeners,save listeners for later etc...)
Auto eternalblue exploiting (check on ks) -> hidden shortcuts
Browser auto-expoiting with BeEF and MITMf
SQLmap automated
+more

How to install (Kali Linux)

(make sure you are a root user)

Official Installation Tutorial on Kali Linux 2020.5: https://youtu.be/xcb5uwP5nSU

Be carefull.If you download it as a .zip file, it will not run.Make sure to follow these simple instructions.

MADE FOR KALI LINUX

cd
apt-get update
git clone https://github.com/arismelachroinos/lscript.git
cd lscript
chmod +x install.sh
./install.sh

How to run it

(make sure you are a root user)

open terminal
type  "l"
press enter

(Not even “lazy”!! Just “l”! The less you type , the better!)

How to uninstall

cd /root/lscript
./uninstall.sh
rmdir -r /root/lscript 

How to update

Run the script
Type "update"

Continue Reading

Ethical Hacking/Pen Testing

Wifi Hacking with Fluxion (Need 2 Wifi Adapters with Monitor mode active)

Published

on

By

Fluxion is the future of MITM WPA attacks

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) fewer bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It’s compatible with the latest release of Kali (rolling). Fluxion’s attacks’ setup is mostly manual, but experimental auto-mode handles some of the attacks’ setup parameters. Read the FAQ before requesting issues.

If you need quick help, fluxion is also available on gitter. You can talk with us on Gitter or on Discord.

Installation

Read here before you do the following steps.
Download the latest revision

git clone git@github.com:FluxionNetwork/fluxion.git

# Or if you prefer https 

git clone https://www.github.com/FluxionNetwork/fluxion.git

Switch to tool’s directory

cd fluxion 

Run fluxion (missing dependencies will be auto-installed)

./fluxion.sh

Fluxion is also available in arch

cd bin/arch
makepkg

or using the blackarch repo

pacman -S fluxion

📜 Changelog

Fluxion gets weekly updates with new features, improvements, and bugfixes. Be sure to check out the changelog here.

:octocat: How to contribute

All contributions are welcome! Code, documentation, graphics, or even design suggestions are welcome; use GitHub to its fullest. Submit pull requests, contribute tutorials or other wiki content — whatever you have to offer, it’ll be appreciated but please follow the style guide.

📖 How it works

  • Scan for a target wireless network.

  • Launch the Handshake Snooper attack.

  • Capture a handshake (necessary for password verification).

  • Launch Captive Portal attack.

  • Spawns a rogue (fake) AP, imitating the original access point.

  • Spawns a DNS server, redirecting all requests to the attacker’s host running the captive portal.

  • Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key.

  • Spawns a jammer, deauthenticating all clients from original AP and luring them to the rogue AP.

  • All authentication attempts at the captive portal are checked against the handshake file captured earlier.

  • The attack will automatically terminate once a correct key has been submitted.

  • The key will be logged and clients will be allowed to reconnect to the target access point.

  • For a guide to the Captive Portal attack, read the Captive Portal attack guide

 

Disclaimer

Neither the project nor its developer promote any kind of illegal activity and are not responsible for any misuse or damage caused by this project.
This project is for educational purpose only.
Please do not use this tool on other people’s devices without their permission.
Do not use this tool to harm others.
Use this project responsibly on your own devices only.
It is the end user’s responsibility to obey all applicable local, state, federal, and international laws.

Continue Reading

Ethical Hacking/Pen Testing

Beelogger for Windows: Send Keylogs to Gmail

Published

on

By

Cloning:
git clone https://github.com/4w4k3/BeeLogger.git
Running:
cd BeeLogger
sudo su
chmod +x install.sh
./install.sh
python bee.py
If you have another version of Python:

python2.7 bee.py
DISCLAIMER:
“DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.” Taken from LICENSE.

Continue Reading

Trending