mirror of
https://github.com/moonD4rk/HackBrowserData.git
synced 2026-07-08 21:37:49 +02:00
feat: add Firefox extract methods and complete data model fields (#527)
* feat: add Firefox extract methods and complete data model fields Firefox extract methods: - extractPasswords: JSON + ASN1PBE decryption via decryptPBE helper - extractCookies: SQLite, plaintext (no encryption), journalOff - extractHistories: SQLite, visit count ASC sort (matches old behavior) - extractDownloads: SQLite, moz_annos JOIN with JSON content parsing - extractBookmarks: SQLite, moz_bookmarks JOIN moz_places - extractExtensions: JSON, filter by location=app-profile - extractLocalStorage: SQLite webappsstore2, reversed originKey parsing Complete data model fields (union of Chromium and Firefox): - CookieEntry: add HasExpire, IsPersistent - DownloadEntry: add MimeType - CreditCardEntry: add NickName, Address - ExtensionEntry: add HomepageURL, Enabled Update Chromium extractors to populate new fields: - extract_cookie.go: fill HasExpire, IsPersistent - extract_download.go: SELECT and fill mime_type - extract_creditcard.go: SELECT nickname, billing_address_id - extract_extension.go: fill HomepageURL, Enabled (state==1) Tests: - Full test coverage for all 7 Firefox extract functions - Password test uses known ASN1PBE test vectors from crypto package - Table-driven tests for parseOriginKey - Updated Chromium tests for new fields * fix: add COALESCE for nullable bookmark title in Firefox query Firefox moz_bookmarks.title can be NULL (PR #500 fixed this in old code). Add COALESCE to handle NULL gracefully in SQL instead of relying on driver-specific NULL→string conversion behavior. * fix: enable journalOff for all Firefox SQLite extractors and populate cookie flags - Set journalOff=true for extract_history, extract_download, extract_bookmark (Firefox databases require PRAGMA journal_mode=off to avoid lock errors) - Populate HasExpire and IsPersistent for Firefox cookies (derived from expiry>0) - Add test assertions for HasExpire/IsPersistent in both Chromium and Firefox
This commit is contained in:
@@ -0,0 +1,44 @@
|
||||
package firefox
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/moond4rk/hackbrowserdata/types"
|
||||
"github.com/moond4rk/hackbrowserdata/utils/sqliteutil"
|
||||
"github.com/moond4rk/hackbrowserdata/utils/typeutil"
|
||||
)
|
||||
|
||||
const firefoxLocalStorageQuery = `SELECT originKey, key, value FROM webappsstore2`
|
||||
|
||||
func extractLocalStorage(path string) ([]types.StorageEntry, error) {
|
||||
return sqliteutil.QueryRows(path, true, firefoxLocalStorageQuery,
|
||||
func(rows *sql.Rows) (types.StorageEntry, error) {
|
||||
var originKey, key, value string
|
||||
if err := rows.Scan(&originKey, &key, &value); err != nil {
|
||||
return types.StorageEntry{}, err
|
||||
}
|
||||
return types.StorageEntry{
|
||||
URL: parseOriginKey(originKey),
|
||||
Key: key,
|
||||
Value: value,
|
||||
}, nil
|
||||
})
|
||||
}
|
||||
|
||||
// parseOriginKey converts Firefox's reversed origin format to a URL.
|
||||
// Example: "moc.buhtig.:https:443" → "https://github.com:443"
|
||||
func parseOriginKey(originKey string) string {
|
||||
parts := strings.SplitN(originKey, ":", 3)
|
||||
if len(parts) < 2 {
|
||||
return originKey
|
||||
}
|
||||
host := string(typeutil.Reverse([]byte(parts[0])))
|
||||
host = strings.TrimPrefix(host, ".")
|
||||
scheme := parts[1]
|
||||
if len(parts) == 3 {
|
||||
return fmt.Sprintf("%s://%s:%s", scheme, host, parts[2])
|
||||
}
|
||||
return fmt.Sprintf("%s://%s", scheme, host)
|
||||
}
|
||||
Reference in New Issue
Block a user