CalvinBackup/HackBrowserData
1
0
Fork 0
mirror of https://github.com/moonD4rk/HackBrowserData.git synced 2026-05-19 18:58:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: rename browser layout and add generics util function

Browse Source
This commit is contained in:
ᴍᴏᴏɴD4ʀᴋ
2022-04-08 19:06:04 +08:00
parent 87a026a13e
commit a6efcff6ea
24 changed files with 1717 additions and 244 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/browingdata/bookmark.go
+123
View File
@@ -0,0 +1,123 @@
package browingdata
import (
"database/sql"
"fmt"
"sort"
"time"
"github.com/tidwall/gjson"
"hack-browser-data/internal/item"
"hack-browser-data/internal/utils"
"hack-browser-data/internal/utils/fileutil"
)
type ChromiumBookmark []bookmark
type bookmark struct {
ID int64
Name string
Type string
URL string
DateAdded time.Time
}
func (c *ChromiumBookmark) Parse(masterKey []byte) error {
bookmarks, err := fileutil.ReadFile("bookmark")
if err != nil {
return err
}
r := gjson.Parse(bookmarks)
if r.Exists() {
roots := r.Get("roots")
roots.ForEach(func(key, value gjson.Result) bool {
getBookmarkChildren(value, c)
return true
})
}
// TODO: 使用泛型重构
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].DateAdded.After((*c)[j].DateAdded)
})
return nil
}
func getBookmarkChildren(value gjson.Result, w *ChromiumBookmark) (children gjson.Result) {
const (
bookmarkID = "id"
bookmarkAdded = "date_added"
bookmarkUrl = "url"
bookmarkName = "name"
bookmarkType = "type"
bookmarkChildren = "children"
)
nodeType := value.Get(bookmarkType)
bm := bookmark{
ID: value.Get(bookmarkID).Int(),
Name: value.Get(bookmarkName).String(),
URL: value.Get(bookmarkUrl).String(),
DateAdded: utils.TimeEpochFormat(value.Get(bookmarkAdded).Int()),
}
children = value.Get(bookmarkChildren)
if nodeType.Exists() {
bm.Type = nodeType.String()
*w = append(*w, bm)
if children.Exists() && children.IsArray() {
for _, v := range children.Array() {
children = getBookmarkChildren(v, w)
}
}
}
return children
}
func (c *ChromiumBookmark) Name() string {
return "bookmark"
}
type FirefoxBookmark []bookmark
func (f *FirefoxBookmark) Parse(masterKey []byte) error {
var (
err error
keyDB *sql.DB
bookmarkRows *sql.Rows
)
keyDB, err = sql.Open("sqlite3", item.FirefoxBookmarkFilename)
if err != nil {
return err
}
_, err = keyDB.Exec(closeJournalMode)
defer keyDB.Close()
bookmarkRows, err = keyDB.Query(queryFirefoxBookMark)
if err != nil {
return err
}
defer bookmarkRows.Close()
for bookmarkRows.Next() {
var (
id, bType, dateAdded int64
title, url string
)
if err = bookmarkRows.Scan(&id, &url, &bType, &dateAdded, &title); err != nil {
fmt.Println(err)
}
*f = append(*f, bookmark{
ID: id,
Name: title,
Type: utils.BookmarkType(bType),
URL: url,
DateAdded: utils.TimeStampFormat(dateAdded / 1000000),
})
}
sort.Slice(*f, func(i, j int) bool {
return (*f)[i].DateAdded.After((*f)[j].DateAdded)
})
return nil
}
func (f *FirefoxBookmark) Name() string {
return "bookmark"
}
internal/browingdata/browsingdata.go
+114
View File
@@ -0,0 +1,114 @@
package browingdata
import (
"time"
"hack-browser-data/internal/item"
)
type BrowsingData struct {
sources map[item.Item]Source
}
type Source interface {
Parse(masterKey []byte) error
Name() string
}
func New(sources []item.Item) *BrowsingData {
bd := &BrowsingData{
sources: make(map[item.Item]Source),
}
bd.addSource(sources)
return bd
}
func (b *BrowsingData) addSource(sources []item.Item) {
for _, source := range sources {
switch source {
case item.ChromiumPassword:
b.sources[source] = &ChromiumPassword{}
case item.ChromiumCookie:
b.sources[source] = &ChromiumCookie{}
case item.ChromiumBookmark:
b.sources[source] = &ChromiumBookmark{}
case item.ChromiumHistory:
b.sources[source] = &ChromiumHistory{}
case item.ChromiumDownload:
b.sources[source] = &ChromiumDownload{}
case item.ChromiumCreditCard:
b.sources[source] = &ChromiumCreditCard{}
case item.FirefoxPassword:
b.sources[source] = &FirefoxPassword{}
case item.FirefoxCookie:
b.sources[source] = &FirefoxCookie{}
case item.FirefoxBookmark:
b.sources[source] = &FirefoxBookmark{}
case item.FirefoxHistory:
b.sources[source] = &FirefoxHistory{}
case item.FirefoxDownload:
b.sources[source] = &FirefoxDownload{}
}
}
}
const (
queryChromiumCredit = `SELECT guid, name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards`
queryChromiumLogin = `SELECT origin_url, username_value, password_value, date_created FROM logins`
queryChromiumHistory = `SELECT url, title, visit_count, last_visit_time FROM urls`
queryChromiumDownload = `SELECT target_path, tab_url, total_bytes, start_time, end_time, mime_type FROM downloads`
queryChromiumCookie = `SELECT name, encrypted_value, host_key, path, creation_utc, expires_utc, is_secure, is_httponly, has_expires, is_persistent FROM cookies`
queryFirefoxHistory = `SELECT id, url, last_visit_date, title, visit_count FROM moz_places where title not null`
queryFirefoxDownload = `SELECT place_id, GROUP_CONCAT(content), url, dateAdded FROM (SELECT * FROM moz_annos INNER JOIN moz_places ON moz_annos.place_id=moz_places.id) t GROUP BY place_id`
queryFirefoxBookMark = `SELECT id, url, type, dateAdded, title FROM (SELECT * FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id)`
queryFirefoxCookie = `SELECT name, value, host, path, creationTime, expiry, isSecure, isHttpOnly FROM moz_cookies`
queryMetaData = `SELECT item1, item2 FROM metaData WHERE id = 'password'`
queryNssPrivate = `SELECT a11, a102 from nssPrivate`
closeJournalMode = `PRAGMA journal_mode=off`
)
type (
loginData struct {
UserName string
encryptPass []byte
encryptUser []byte
Password string
LoginUrl string
CreateDate time.Time
}
cookie struct {
Host string
Path string
KeyName string
encryptValue []byte
Value string
IsSecure bool
IsHTTPOnly bool
HasExpire bool
IsPersistent bool
CreateDate time.Time
ExpireDate time.Time
}
history struct {
Title string
Url string
VisitCount int
LastVisitTime time.Time
}
download struct {
TargetPath string
Url string
TotalBytes int64
StartTime time.Time
EndTime time.Time
MimeType string
}
card struct {
GUID string
Name string
ExpirationYear string
ExpirationMonth string
CardNumber string
}
)
internal/browingdata/cookie.go
+117
View File
@@ -0,0 +1,117 @@
package browingdata
import (
"database/sql"
"fmt"
"sort"
"hack-browser-data/internal/browser/item"
"hack-browser-data/internal/decrypter"
"hack-browser-data/internal/utils"
_ "github.com/mattn/go-sqlite3"
)
type ChromiumCookie []cookie
func (c *ChromiumCookie) Parse(masterKey []byte) error {
cookieDB, err := sql.Open("sqlite3", item.ChromiumCookieFilename)
if err != nil {
return err
}
defer cookieDB.Close()
rows, err := cookieDB.Query(queryChromiumCookie)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
key, host, path string
isSecure, isHTTPOnly, hasExpire, isPersistent int
createDate, expireDate int64
value, encryptValue []byte
)
if err = rows.Scan(&key, &encryptValue, &host, &path, &createDate, &expireDate, &isSecure, &isHTTPOnly, &hasExpire, &isPersistent); err != nil {
fmt.Println(err)
}
cookie := cookie{
KeyName: key,
Host: host,
Path: path,
encryptValue: encryptValue,
IsSecure: utils.IntToBool(isSecure),
IsHTTPOnly: utils.IntToBool(isHTTPOnly),
HasExpire: utils.IntToBool(hasExpire),
IsPersistent: utils.IntToBool(isPersistent),
CreateDate: utils.TimeEpochFormat(createDate),
ExpireDate: utils.TimeEpochFormat(expireDate),
}
// TODO: replace DPAPI
if len(encryptValue) > 0 {
if masterKey == nil {
value, err = decrypter.DPApi(encryptValue)
if err != nil {
fmt.Println(err)
}
} else {
value, err = decrypter.ChromePass(masterKey, encryptValue)
if err != nil {
fmt.Println(err)
}
}
}
cookie.Value = string(value)
*c = append(*c, cookie)
}
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].CreateDate.After((*c)[j].CreateDate)
})
return nil
}
func (c *ChromiumCookie) Name() string {
return "cookie"
}
type FirefoxCookie []cookie
func (f *FirefoxCookie) Parse(masterKey []byte) error {
cookieDB, err := sql.Open("sqlite3", item.FirefoxCookieFilename)
if err != nil {
return err
}
defer cookieDB.Close()
rows, err := cookieDB.Query(queryFirefoxCookie)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
name, value, host, path string
isSecure, isHttpOnly int
creationTime, expiry int64
)
if err = rows.Scan(&name, &value, &host, &path, &creationTime, &expiry, &isSecure, &isHttpOnly); err != nil {
fmt.Println(err)
}
*f = append(*f, cookie{
KeyName: name,
Host: host,
Path: path,
IsSecure: utils.IntToBool(isSecure),
IsHTTPOnly: utils.IntToBool(isHttpOnly),
CreateDate: utils.TimeStampFormat(creationTime / 1000000),
ExpireDate: utils.TimeStampFormat(expiry),
Value: value,
})
}
return nil
}
func (f *FirefoxCookie) Name() string {
return "cookie"
}
internal/browingdata/creditcard.go
+59
View File
@@ -0,0 +1,59 @@
package browingdata
import (
"database/sql"
"fmt"
_ "github.com/mattn/go-sqlite3"
"hack-browser-data/internal/browser/item"
"hack-browser-data/internal/decrypter"
)
type ChromiumCreditCard []card
func (c *ChromiumCreditCard) Parse(masterKey []byte) error {
creditDB, err := sql.Open("sqlite3", item.TempChromiumCredit)
if err != nil {
return err
}
defer creditDB.Close()
rows, err := creditDB.Query(queryChromiumCredit)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
name, month, year, guid string
value, encryptValue []byte
)
if err := rows.Scan(&guid, &name, &month, &year, &encryptValue); err != nil {
fmt.Println(err)
}
creditCardInfo := card{
GUID: guid,
Name: name,
ExpirationMonth: month,
ExpirationYear: year,
}
if masterKey == nil {
value, err = decrypter.DPApi(encryptValue)
if err != nil {
return err
}
} else {
value, err = decrypter.ChromePass(masterKey, encryptValue)
if err != nil {
return err
}
}
creditCardInfo.CardNumber = string(value)
*c = append(*c, creditCardInfo)
}
return nil
}
func (c *ChromiumCreditCard) Name() string {
return "creditcard"
}
internal/browingdata/download.go
+112
View File
@@ -0,0 +1,112 @@
package browingdata
import (
"database/sql"
"fmt"
"sort"
"strings"
"github.com/tidwall/gjson"
"hack-browser-data/internal/browser/item"
"hack-browser-data/internal/utils"
_ "github.com/mattn/go-sqlite3"
)
type ChromiumDownload []download
func (c *ChromiumDownload) Parse(masterKey []byte) error {
historyDB, err := sql.Open("sqlite3", item.ChromiumDownloadFilename)
if err != nil {
return err
}
defer historyDB.Close()
rows, err := historyDB.Query(queryChromiumDownload)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
targetPath, tabUrl, mimeType string
totalBytes, startTime, endTime int64
)
if err := rows.Scan(&targetPath, &tabUrl, &totalBytes, &startTime, &endTime, &mimeType); err != nil {
fmt.Println(err)
}
data := download{
TargetPath: targetPath,
Url: tabUrl,
TotalBytes: totalBytes,
StartTime: utils.TimeEpochFormat(startTime),
EndTime: utils.TimeEpochFormat(endTime),
MimeType: mimeType,
}
*c = append(*c, data)
}
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].TotalBytes > (*c)[j].TotalBytes
})
return nil
}
func (c *ChromiumDownload) Name() string {
return "download"
}
type FirefoxDownload []download
func (f *FirefoxDownload) Parse(masterKey []byte) error {
var (
err error
keyDB *sql.DB
downloadRows *sql.Rows
)
keyDB, err = sql.Open("sqlite3", item.FirefoxDownloadFilename)
if err != nil {
return err
}
_, err = keyDB.Exec(closeJournalMode)
if err != nil {
return err
}
defer keyDB.Close()
downloadRows, err = keyDB.Query(queryFirefoxDownload)
if err != nil {
return err
}
defer downloadRows.Close()
for downloadRows.Next() {
var (
content, url string
placeID, dateAdded int64
)
if err = downloadRows.Scan(&placeID, &content, &url, &dateAdded); err != nil {
fmt.Println(err)
}
contentList := strings.Split(content, ",{")
if len(contentList) > 1 {
path := contentList[0]
json := "{" + contentList[1]
endTime := gjson.Get(json, "endTime")
fileSize := gjson.Get(json, "fileSize")
*f = append(*f, download{
TargetPath: path,
Url: url,
TotalBytes: fileSize.Int(),
StartTime: utils.TimeStampFormat(dateAdded / 1000000),
EndTime: utils.TimeStampFormat(endTime.Int() / 1000),
})
}
}
sort.Slice(*f, func(i, j int) bool {
return (*f)[i].TotalBytes < (*f)[j].TotalBytes
})
return nil
}
func (f *FirefoxDownload) Name() string {
return "download"
}
internal/browingdata/history.go
+102
View File
@@ -0,0 +1,102 @@
package browingdata
import (
"database/sql"
"fmt"
"sort"
"hack-browser-data/internal/browser/item"
"hack-browser-data/internal/utils"
_ "github.com/mattn/go-sqlite3"
)
type ChromiumHistory []history
func (c *ChromiumHistory) Parse(masterKey []byte) error {
historyDB, err := sql.Open("sqlite3", item.ChromiumHistoryFilename)
if err != nil {
return err
}
defer historyDB.Close()
rows, err := historyDB.Query(queryChromiumHistory)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
url, title string
visitCount int
lastVisitTime int64
)
// TODO: handle rows error
if err := rows.Scan(&url, &title, &visitCount, &lastVisitTime); err != nil {
fmt.Println(err)
}
data := history{
Url: url,
Title: title,
VisitCount: visitCount,
LastVisitTime: utils.TimeEpochFormat(lastVisitTime),
}
*c = append(*c, data)
}
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].VisitCount > (*c)[j].VisitCount
})
return nil
}
func (c *ChromiumHistory) Name() string {
return "history"
}
type FirefoxHistory []history
func (f *FirefoxHistory) Parse(masterKey []byte) error {
var (
err error
keyDB *sql.DB
historyRows *sql.Rows
)
keyDB, err = sql.Open("sqlite3", item.FirefoxHistoryFilename)
if err != nil {
return err
}
_, err = keyDB.Exec(closeJournalMode)
if err != nil {
return err
}
defer keyDB.Close()
historyRows, err = keyDB.Query(queryFirefoxHistory)
if err != nil {
return err
}
defer historyRows.Close()
for historyRows.Next() {
var (
id, visitDate int64
url, title string
visitCount int
)
if err = historyRows.Scan(&id, &url, &visitDate, &title, &visitCount); err != nil {
fmt.Println(err)
}
*f = append(*f, history{
Title: title,
Url: url,
VisitCount: visitCount,
LastVisitTime: utils.TimeStampFormat(visitDate / 1000000),
})
}
sort.Slice(*f, func(i, j int) bool {
return (*f)[i].VisitCount < (*f)[j].VisitCount
})
return nil
}
func (f *FirefoxHistory) Name() string {
return "history"
}
internal/browingdata/password.go
+199
View File
@@ -0,0 +1,199 @@
package browingdata
import (
"bytes"
"database/sql"
"encoding/base64"
"fmt"
"io/ioutil"
"sort"
"time"
"hack-browser-data/internal/browser/item"
decrypter2 "hack-browser-data/internal/decrypter"
"hack-browser-data/internal/utils"
_ "github.com/mattn/go-sqlite3"
"github.com/tidwall/gjson"
)
type ChromiumPassword []loginData
func (c *ChromiumPassword) Parse(masterKey []byte) error {
loginDB, err := sql.Open("sqlite3", item.TempChromiumPassword)
if err != nil {
return err
}
defer loginDB.Close()
rows, err := loginDB.Query(queryChromiumLogin)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
url, username string
pwd, password []byte
create int64
)
if err := rows.Scan(&url, &username, &pwd, &create); err != nil {
fmt.Println(err)
}
login := loginData{
UserName: username,
encryptPass: pwd,
LoginUrl: url,
}
if len(pwd) > 0 {
if masterKey == nil {
password, err = decrypter2.DPApi(pwd)
if err != nil {
fmt.Println(err)
}
} else {
password, err = decrypter2.ChromePass(masterKey, pwd)
if err != nil {
fmt.Println(err)
}
}
}
if create > time.Now().Unix() {
login.CreateDate = utils.TimeEpochFormat(create)
} else {
login.CreateDate = utils.TimeStampFormat(create)
}
login.Password = string(password)
*c = append(*c, login)
}
// sort with create date
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].CreateDate.After((*c)[j].CreateDate)
})
return nil
}
func (c *ChromiumPassword) Name() string {
return "password"
}
type FirefoxPassword []loginData
func (f *FirefoxPassword) Parse(masterKey []byte) error {
globalSalt, metaBytes, nssA11, nssA102, err := getFirefoxDecryptKey(item.FirefoxKey4Filename)
if err != nil {
return err
}
metaPBE, err := decrypter2.NewASN1PBE(metaBytes)
if err != nil {
return err
}
k, err := metaPBE.Decrypt(globalSalt, masterKey)
if err != nil {
return err
}
keyLin := []byte{248, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}
if bytes.Contains(k, []byte("password-check")) {
m := bytes.Compare(nssA102, keyLin)
if m == 0 {
nssPBE, err := decrypter2.NewASN1PBE(nssA11)
if err != nil {
return err
}
finallyKey, err := nssPBE.Decrypt(globalSalt, masterKey)
finallyKey = finallyKey[:24]
if err != nil {
return err
}
allLogin, err := getFirefoxLoginData(item.FirefoxPasswordFilename)
if err != nil {
return err
}
for _, v := range allLogin {
userPBE, err := decrypter2.NewASN1PBE(v.encryptUser)
if err != nil {
return err
}
pwdPBE, err := decrypter2.NewASN1PBE(v.encryptPass)
if err != nil {
return err
}
user, err := userPBE.Decrypt(finallyKey, masterKey)
if err != nil {
return err
}
pwd, err := pwdPBE.Decrypt(finallyKey, masterKey)
if err != nil {
return err
}
*f = append(*f, loginData{
LoginUrl: v.LoginUrl,
UserName: string(decrypter2.PKCS5UnPadding(user)),
Password: string(decrypter2.PKCS5UnPadding(pwd)),
CreateDate: v.CreateDate,
})
}
}
}
sort.Slice(*f, func(i, j int) bool {
return (*f)[i].CreateDate.After((*f)[j].CreateDate)
})
return nil
}
func (f *FirefoxPassword) Name() string {
return "password"
}
func getFirefoxDecryptKey(key4file string) (item1, item2, a11, a102 []byte, err error) {
var (
keyDB *sql.DB
)
keyDB, err = sql.Open("sqlite3", key4file)
if err != nil {
return nil, nil, nil, nil, err
}
defer keyDB.Close()
if err = keyDB.QueryRow(queryMetaData).Scan(&item1, &item2); err != nil {
return nil, nil, nil, nil, err
}
if err = keyDB.QueryRow(queryNssPrivate).Scan(&a11, &a102); err != nil {
return nil, nil, nil, nil, err
}
return item1, item2, a11, a102, nil
}
func getFirefoxLoginData(loginJson string) (l []loginData, err error) {
s, err := ioutil.ReadFile(loginJson)
if err != nil {
return nil, err
}
h := gjson.GetBytes(s, "logins")
if h.Exists() {
for _, v := range h.Array() {
var (
m loginData
user []byte
pass []byte
)
m.LoginUrl = v.Get("formSubmitURL").String()
user, err = base64.StdEncoding.DecodeString(v.Get("encryptedUsername").String())
if err != nil {
return nil, err
}
pass, err = base64.StdEncoding.DecodeString(v.Get("encryptedPassword").String())
if err != nil {
return nil, err
}
m.encryptUser = user
m.encryptPass = pass
m.CreateDate = utils.TimeStampFormat(v.Get("timeCreated").Int() / 1000)
l = append(l, m)
}
}
return l, nil
}