mirror of
https://github.com/moonD4rk/HackBrowserData.git
synced 2026-05-25 19:17:48 +02:00
feat: add Safari password extraction from macOS Keychain (#568)
This commit is contained in:
Roger
+44
-23
@@ -14,7 +14,8 @@ import (
|
||||
"github.com/moond4rk/hackbrowserdata/types"
|
||||
)
|
||||
|
||||
// Browser is the interface that both chromium.Browser and firefox.Browser implement.
|
||||
// Browser is the interface implemented by every engine package —
|
||||
// chromium.Browser, firefox.Browser, and safari.Browser.
|
||||
type Browser interface {
|
||||
BrowserName() string
|
||||
ProfileName() string
|
||||
@@ -27,30 +28,57 @@ type Browser interface {
|
||||
type PickOptions struct {
|
||||
Name string // browser name filter: "all"|"chrome"|"firefox"|...
|
||||
ProfilePath string // custom profile directory override
|
||||
KeychainPassword string // macOS keychain password (ignored on other platforms)
|
||||
KeychainPassword string // macOS only — see browser_darwin.go
|
||||
}
|
||||
|
||||
// PickBrowsers returns browsers matching the given options.
|
||||
// When Name is "all", all known browsers are tried.
|
||||
// ProfilePath overrides the default user data directory (only when targeting a specific browser).
|
||||
// PickBrowsers returns browsers that are fully wired up for Extract: the
|
||||
// key retriever chain and (on macOS) the Keychain password are already
|
||||
// injected, so the caller can call b.Extract directly. This is the entry
|
||||
// point for extraction workflows like `dump`.
|
||||
//
|
||||
// On macOS this may trigger an interactive prompt for the login password
|
||||
// when the target set includes a Chromium variant or Safari. Commands that
|
||||
// only need metadata (name, profile path, per-category counts) should use
|
||||
// DiscoverBrowsers instead to skip injection — and thereby the prompt.
|
||||
//
|
||||
// When Name is "all", all known browsers are tried. ProfilePath overrides
|
||||
// the default user data directory (only when targeting a specific browser).
|
||||
func PickBrowsers(opts PickOptions) ([]Browser, error) {
|
||||
browsers, err := pickFromConfigs(platformBrowsers(), opts)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
inject := newPlatformInjector(opts)
|
||||
for _, b := range browsers {
|
||||
inject(b)
|
||||
}
|
||||
return browsers, nil
|
||||
}
|
||||
|
||||
// DiscoverBrowsers returns browsers for metadata-only workflows — listing,
|
||||
// profile paths, per-category counts. Decryption dependencies are NOT
|
||||
// injected, so calling b.Extract on the returned browsers will not
|
||||
// successfully decrypt protected data (passwords, cookies, credit cards).
|
||||
// CountEntries, BrowserName, ProfileName, and ProfileDir all work
|
||||
// correctly without injection.
|
||||
//
|
||||
// Unlike PickBrowsers, DiscoverBrowsers never prompts for the macOS
|
||||
// Keychain password, making it the correct choice for `list`-style
|
||||
// commands that have no use for the credential.
|
||||
func DiscoverBrowsers(opts PickOptions) ([]Browser, error) {
|
||||
return pickFromConfigs(platformBrowsers(), opts)
|
||||
}
|
||||
|
||||
// pickFromConfigs is the testable core of PickBrowsers. It iterates over
|
||||
// platform browser configs, discovers installed profiles, and injects a
|
||||
// shared key retriever into Chromium browsers for decryption.
|
||||
// pickFromConfigs is the testable core of PickBrowsers: it filters the
|
||||
// platform browser list and discovers installed profiles for each match.
|
||||
// Dependency injection (key retrievers, keychain credentials) is intentionally
|
||||
// NOT done here — see PrepareExtract.
|
||||
func pickFromConfigs(configs []types.BrowserConfig, opts PickOptions) ([]Browser, error) {
|
||||
name := strings.ToLower(opts.Name)
|
||||
if name == "" {
|
||||
name = "all"
|
||||
}
|
||||
|
||||
// Create a single key retriever shared across all Chromium browsers.
|
||||
// On macOS this avoids repeated password prompts; on other platforms
|
||||
// it's harmless (DPAPI reads Local State per-profile, D-Bus is stateless).
|
||||
retriever := keyretriever.DefaultRetriever(opts.KeychainPassword)
|
||||
|
||||
configs = resolveGlobs(configs)
|
||||
|
||||
var browsers []Browser
|
||||
@@ -78,21 +106,14 @@ func pickFromConfigs(configs []types.BrowserConfig, opts PickOptions) ([]Browser
|
||||
continue
|
||||
}
|
||||
|
||||
// Inject the shared key retriever into browsers that need it.
|
||||
// Chromium browsers implement retrieverSetter; Firefox does not.
|
||||
for _, b := range found {
|
||||
if setter, ok := b.(retrieverSetter); ok {
|
||||
setter.SetRetriever(retriever)
|
||||
}
|
||||
}
|
||||
browsers = append(browsers, found...)
|
||||
}
|
||||
return browsers, nil
|
||||
}
|
||||
|
||||
// retrieverSetter is implemented by browsers that need an external key retriever.
|
||||
// This allows pickFromConfigs to inject the shared retriever after construction
|
||||
// without coupling the Browser interface to Chromium-specific concerns.
|
||||
// retrieverSetter is an optional capability interface. Chromium variants
|
||||
// implement it to receive a master-key retriever chain; Firefox and Safari
|
||||
// do not.
|
||||
type retrieverSetter interface {
|
||||
SetRetriever(keyretriever.KeyRetriever)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user