add firefox parser and output

README.md

@@ -13,7 +13,7 @@ hack-browser-data is an open-source tool that could help you export data from br
 | Edge [MacOS]<br />(require password)   |    ✅    |   ✅   |    ✅    |    ✅    |
 | 360 Speed Browser [Windows]        |    ✅    |   ✅   |    ✅    |    ✅    |
 | QQ Browser [Windows]                |    ✅    |   ✅   |    ✅    |    ✅    |
-| FireFox [MacOS]    |   ✅   |   ❌   |    ❌    |    ❌    |
+| FireFox [MacOS]    |   ✅   |   ✅   |    ❌    |    ❌    |
 | FireFox [Windows]    |    ❌    |   ❌   |    ❌    |    ❌    |
 | Safari [MacOS]                      |    ❌    |   ❌   |    ❌    |    ❌    |
 | Internet Explorer [Windows]         |    ❌    |   ❌   |    ❌    |    ❌    |

cmd/cmd.go

@@ -70,7 +70,7 @@ func Execute() {
 					core.ParseResult(dst)
 				}
 			} else {
-				fileList := utils.GetDBPath(browserDir, "key4.db", "logins.json")
+				fileList := utils.GetDBPath(browserDir, "key4.db", "logins.json", utils.FirefoxCookie)
 				for _, v := range fileList {
 					dst := filepath.Base(v)
 					err := utils.CopyDB(v, dst)
@@ -78,6 +78,7 @@ func Execute() {
 						log.Println(err)
 						continue
 					}
+					core.ParseResult(dst)
 					core.DecodeKey4()
 				}
 			}

core/common.go

@@ -48,6 +48,7 @@ type (
 	loginData      struct {
 		UserName    string
 		encryptPass []byte
+		encryptUser []byte
 		Password    string
 		LoginUrl    string
 		CreateDate  time.Time
@@ -90,6 +91,8 @@ func ParseResult(dbname string) {
 		parseCookie()
 	case utils.LoginData:
 		parseLogin()
+	case utils.FirefoxCookie:
+		parseFirefoxCookie()
 	}
 }
 
@@ -449,15 +452,67 @@ func DecodeKey4() {
 		blockMode2 := cipher.NewCBCDecrypter(block, s2.Iv)
 		sq2 := make([]byte, len(s2.Encrypted))
 		blockMode2.CryptBlocks(sq2, s2.Encrypted)
+		u := utils.PKCS7UnPadding(sq)
+		s := utils.PKCS7UnPadding(sq2)
 		FullData.LoginDataSlice = append(FullData.LoginDataSlice, loginData{
-			LoginUrl: v.loginUrl,
+			LoginUrl:   v.LoginUrl,
-			UserName: string(sq),
+			UserName:   string(u),
-			Password: string(sq2),
+			Password:   string(s),
+			CreateDate: v.CreateDate,
 		})
-		log.Errorf("%s:%s:%s", v.loginUrl, string(sq), string(sq2))
 	}
 }
 
+var queryFirefoxCookie = `SELECT name, value, host, path, creationTime, expiry, isSecure, isHttpOnly FROM moz_cookies`
+
+func parseFirefoxCookie() {
+	cookie := cookies{}
+	cookieMap := make(map[string][]cookies)
+	cookieDB, err := sql.Open("sqlite3", utils.FirefoxCookie)
+	defer os.Remove(utils.FirefoxCookie)
+	defer func() {
+		if err := cookieDB.Close(); err != nil {
+			log.Println(err)
+		}
+	}()
+	if err != nil {
+		log.Println(err)
+	}
+	err = cookieDB.Ping()
+	rows, err := cookieDB.Query(queryFirefoxCookie)
+	defer func() {
+		if err := rows.Close(); err != nil {
+			log.Println(err)
+		}
+	}()
+	for rows.Next() {
+		var (
+			name, value, host, path string
+			isSecure, isHttpOnly    int
+			creationTime, expiry    int64
+		)
+		err = rows.Scan(&name, &value, &host, &path, &creationTime, &expiry, &isSecure, &isHttpOnly)
+		cookie = cookies{
+			KeyName:    name,
+			Host:       host,
+			Path:       path,
+			IsSecure:   utils.IntToBool(isSecure),
+			IsHTTPOnly: utils.IntToBool(isHttpOnly),
+			CreateDate: utils.TimeStampFormat(creationTime / 1000000),
+			ExpireDate: utils.TimeStampFormat(expiry),
+		}
+
+		cookie.Value = value
+		if _, ok := cookieMap[host]; ok {
+			cookieMap[host] = append(cookieMap[host], cookie)
+		} else {
+			cookieMap[host] = []cookies{cookie}
+		}
+	}
+	FullData.CookieMap = cookieMap
+
+}
+
 func checkPassword(globalSalt, entrySalt, encryptText []byte) []byte {
 	//byte[] GLMP; // GlobalSalt + MasterPassword
 	//byte[] HP; // SHA1(GLMP)
@@ -482,13 +537,10 @@ func checkPassword(globalSalt, entrySalt, encryptText []byte) []byte {
 	tk.Write(pes)
 	pes = append(pes, entrySalt...)
 	log.Warn(hex.EncodeToString(pes))
-	//k1 = hmac.new(chp, pes + entrySalt, sha1).digest()
-	//tk = hmac.new(chp, pes, sha1).digest()
 	k1 := hmac.New(sha1.New, chp[:])
 	k1.Write(pes)
 	log.Warn(hex.EncodeToString(k1.Sum(nil)))
 	log.Warn(hex.EncodeToString(tk.Sum(nil)))
-	//k2 = hmac.new(chp, tk + entrySalt, sha1).digest()
 	tkPlus := append(tk.Sum(nil), entrySalt...)
 	k2 := hmac.New(sha1.New, chp[:])
 	k2.Write(tkPlus)
@@ -519,14 +571,7 @@ func paddingZero(s []byte, l int) []byte {
 	}
 }
 
-type Logins struct {
+func GetLoginData(loginsJson string) (l []loginData) {
-	encryptUser []byte
-	encryptPass []byte
-	loginUrl    string
-	createTime  int64
-}
-
-func GetLoginData(loginsJson string) (l []Logins) {
 	s, err := ioutil.ReadFile(loginsJson)
 	if err != nil {
 		log.Warn(err)
@@ -536,12 +581,11 @@ func GetLoginData(loginsJson string) (l []Logins) {
 	if h.Exists() {
 		for _, v := range h.Array() {
 			var (
-				m Logins
+				m loginData
 				u []byte
 				p []byte
 			)
-
+			m.LoginUrl = v.Get("formSubmitURL").String()
-			m.loginUrl = v.Get("formSubmitURL").String()
 			u, err = base64.StdEncoding.DecodeString(v.Get("encryptedUsername").String())
 			m.encryptUser = u
 			if err != nil {
@@ -549,7 +593,7 @@ func GetLoginData(loginsJson string) (l []Logins) {
 			}
 			p, err = base64.StdEncoding.DecodeString(v.Get("encryptedPassword").String())
 			m.encryptPass = p
-			m.createTime = v.Get("timeCreated").Int()
+			m.CreateDate = utils.TimeStampFormat(v.Get("timeCreated").Int() / 1000)
 			l = append(l, m)
 		}
 	}

utils/utils.go

@@ -42,6 +42,7 @@ const (
 	History   = "History"
 	Cookies   = "Cookies"
 	Bookmarks = "Bookmarks"
+	FirefoxCookie = "cookies.sqlite"
 )
 
 func ListBrowser() []string {

utils/utils_darwin.go

@@ -115,3 +115,9 @@ func PKCS5UnPadding(src []byte) []byte {
 	unpadding := int(src[length-1])
 	return src[:(length - unpadding)]
 }
+
+func PKCS7UnPadding(origData []byte)[]byte{
+	length := len(origData)
+	unpadding := int(origData[length-1])
+	return origData[:length-unpadding]
+}