CalvinBackup/HackBrowserData
1
0
Fork 0
mirror of https://github.com/moonD4rk/HackBrowserData.git synced 2026-05-19 18:58:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactoring code with interface, Close #22

Browse Source
This commit is contained in:
ᴍᴏᴏɴD4ʀᴋ
2020-08-01 02:36:44 +08:00
parent 436e74f0df
commit b732c13959
9 changed files with 637 additions and 703 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/common/parse.go
+399 -297
View File
@@ -6,6 +6,7 @@ import (
"encoding/base64"
"io/ioutil"
"os"
"path/filepath"
"sort"
"time"
@@ -17,17 +18,13 @@ import (
"github.com/tidwall/gjson"
)
const (
ChromePassword = "Login Data"
ChromeHistory = "History"
ChromeCookies = "Cookies"
ChromeBookmarks = "Bookmarks"
FirefoxCookie = "cookies.sqlite"
FirefoxKey4DB = "key4.db"
FirefoxLoginData = "logins.json"
FirefoxData = "places.sqlite"
FirefoxKey3DB = "key3.db"
)
type Item interface {
ChromeParse(key []byte) error
FirefoxParse() error
OutPut(format, browser, dir string) error
CopyItem() error
Release() error
}
var (
queryChromiumLogin = `SELECT origin_url, username_value, password_value, date_created FROM logins`
@@ -41,75 +38,17 @@ var (
closeJournalMode = `PRAGMA journal_mode=off`
)
type (
BrowserData struct {
Logins
Bookmarks
History
Cookies
}
Logins struct {
logins []loginData
}
Bookmarks struct {
bookmarks []bookmark
}
History struct {
history []history
}
Cookies struct {
cookies map[string][]cookies
}
)
type bookmarks struct {
mainPath string
bookmarks []bookmark
}
type (
loginData struct {
UserName string
encryptPass []byte
encryptUser []byte
Password string
LoginUrl string
CreateDate time.Time
}
bookmark struct {
ID int64
Name string
Type string
URL string
DateAdded time.Time
}
cookies struct {
Host string
Path string
KeyName string
encryptValue []byte
Value string
IsSecure bool
IsHTTPOnly bool
HasExpire bool
IsPersistent bool
CreateDate time.Time
ExpireDate time.Time
}
history struct {
Title string
Url string
VisitCount int
LastVisitTime time.Time
}
)
func NewBookmarks(main, sub string) Item {
return &bookmarks{mainPath: main}
}
const (
bookmarkID = "id"
bookmarkAdded = "date_added"
bookmarkUrl = "url"
bookmarkName = "name"
bookmarkType = "type"
bookmarkChildren = "children"
)
func (b *Bookmarks) ChromeParse(key []byte) error {
bookmarks, err := utils.ReadFile(ChromeBookmarks)
func (b *bookmarks) ChromeParse(key []byte) error {
bookmarks, err := utils.ReadFile(ChromeBookmarkFile)
if err != nil {
log.Error(err)
return err
@@ -125,55 +64,7 @@ func (b *Bookmarks) ChromeParse(key []byte) error {
return nil
}
func (l *Logins) ChromeParse(key []byte) error {
loginDB, err := sql.Open("sqlite3", ChromePassword)
if err != nil {
log.Error(err)
return err
}
defer func() {
if err := loginDB.Close(); err != nil {
log.Debug(err)
}
}()
rows, err := loginDB.Query(queryChromiumLogin)
defer func() {
if err := rows.Close(); err != nil {
log.Debug(err)
}
}()
for rows.Next() {
var (
url, username string
pwd, password []byte
create int64
)
err = rows.Scan(&url, &username, &pwd, &create)
login := loginData{
UserName: username,
encryptPass: pwd,
LoginUrl: url,
}
if key == nil {
password, err = decrypt.DPApi(pwd)
} else {
password, err = decrypt.ChromePass(key, pwd)
}
if err != nil {
log.Debugf("%s have empty password %s", login.LoginUrl, err.Error())
}
if create > time.Now().Unix() {
login.CreateDate = utils.TimeEpochFormat(create)
} else {
login.CreateDate = utils.TimeStampFormat(create)
}
login.Password = string(password)
l.logins = append(l.logins, login)
}
return nil
}
func getBookmarkChildren(value gjson.Result, b *Bookmarks) (children gjson.Result) {
func getBookmarkChildren(value gjson.Result, b *bookmarks) (children gjson.Result) {
nodeType := value.Get(bookmarkType)
bm := bookmark{
ID: value.Get(bookmarkID).Int(),
@@ -194,8 +85,212 @@ func getBookmarkChildren(value gjson.Result, b *Bookmarks) (children gjson.Resul
return children
}
func (h *History) ChromeParse(key []byte) error {
historyDB, err := sql.Open("sqlite3", ChromeHistory)
func (b *bookmarks) FirefoxParse() error {
var (
err error
keyDB *sql.DB
bookmarkRows *sql.Rows
tempMap map[int64]string
bookmarkUrl string
)
keyDB, err = sql.Open("sqlite3", FirefoxDataFile)
if err != nil {
log.Error(err)
return err
}
defer func() {
if err := keyDB.Close(); err != nil {
log.Error(err)
}
if err := bookmarkRows.Close(); err != nil {
log.Error(err)
}
}()
_, err = keyDB.Exec(closeJournalMode)
if err != nil {
log.Error(err)
}
bookmarkRows, err = keyDB.Query(queryFirefoxBookMarks)
if err != nil {
log.Error(err)
}
for bookmarkRows.Next() {
var (
id, fk, bType, dateAdded int64
title string
)
err = bookmarkRows.Scan(&id, &fk, &bType, &dateAdded, &title)
if url, ok := tempMap[id]; ok {
bookmarkUrl = url
}
b.bookmarks = append(b.bookmarks, bookmark{
ID: id,
Name: title,
Type: utils.BookMarkType(bType),
URL: bookmarkUrl,
DateAdded: utils.TimeStampFormat(dateAdded / 1000000),
})
}
return nil
}
func (b *bookmarks) CopyItem() error {
return utils.CopyDB(b.mainPath, filepath.Base(b.mainPath))
}
func (b *bookmarks) Release() error {
return os.Remove(filepath.Base(b.mainPath))
}
func (b *bookmarks) OutPut(format, browser, dir string) error {
sort.Slice(b.bookmarks, func(i, j int) bool {
return b.bookmarks[i].ID < b.bookmarks[j].ID
})
switch format {
case "json":
err := b.outPutJson(browser, dir)
return err
case "csv":
err := b.outPutCsv(browser, dir)
return err
}
return nil
}
type cookies struct {
mainPath string
cookies map[string][]cookie
}
func NewCookies(main, sub string) Item {
return &cookies{mainPath: main}
}
func (c *cookies) ChromeParse(secretKey []byte) error {
c.cookies = make(map[string][]cookie)
cookieDB, err := sql.Open("sqlite3", ChromeCookieFile)
if err != nil {
log.Debug(err)
return err
}
defer func() {
if err := cookieDB.Close(); err != nil {
log.Debug(err)
}
}()
rows, err := cookieDB.Query(queryChromiumCookie)
defer func() {
if err := rows.Close(); err != nil {
log.Debug(err)
}
}()
for rows.Next() {
var (
key, host, path string
isSecure, isHTTPOnly, hasExpire, isPersistent int
createDate, expireDate int64
value, encryptValue []byte
)
err = rows.Scan(&key, &encryptValue, &host, &path, &createDate, &expireDate, &isSecure, &isHTTPOnly, &hasExpire, &isPersistent)
cookie := cookie{
KeyName: key,
Host: host,
Path: path,
encryptValue: encryptValue,
IsSecure: utils.IntToBool(isSecure),
IsHTTPOnly: utils.IntToBool(isHTTPOnly),
HasExpire: utils.IntToBool(hasExpire),
IsPersistent: utils.IntToBool(isPersistent),
CreateDate: utils.TimeEpochFormat(createDate),
ExpireDate: utils.TimeEpochFormat(expireDate),
}
// remove prefix 'v10'
if secretKey == nil {
value, err = decrypt.DPApi(encryptValue)
} else {
value, err = decrypt.ChromePass(secretKey, encryptValue)
}
cookie.Value = string(value)
c.cookies[host] = append(c.cookies[host], cookie)
}
return nil
}
func (c *cookies) FirefoxParse() error {
c.cookies = make(map[string][]cookie)
cookieDB, err := sql.Open("sqlite3", FirefoxCookieFile)
if err != nil {
log.Debug(err)
return err
}
defer func() {
if err := cookieDB.Close(); err != nil {
log.Debug(err)
}
}()
rows, err := cookieDB.Query(queryFirefoxCookie)
if err != nil {
log.Error(err)
return err
}
defer func() {
if err := rows.Close(); err != nil {
log.Debug(err)
}
}()
for rows.Next() {
var (
name, value, host, path string
isSecure, isHttpOnly int
creationTime, expiry int64
)
err = rows.Scan(&name, &value, &host, &path, &creationTime, &expiry, &isSecure, &isHttpOnly)
c.cookies[host] = append(c.cookies[host], cookie{
KeyName: name,
Host: host,
Path: path,
IsSecure: utils.IntToBool(isSecure),
IsHTTPOnly: utils.IntToBool(isHttpOnly),
CreateDate: utils.TimeStampFormat(creationTime / 1000000),
ExpireDate: utils.TimeStampFormat(expiry),
Value: value,
})
}
return nil
}
func (c *cookies) CopyItem() error {
return utils.CopyDB(c.mainPath, filepath.Base(c.mainPath))
}
func (c *cookies) Release() error {
return os.Remove(filepath.Base(c.mainPath))
}
func (c *cookies) OutPut(format, browser, dir string) error {
switch format {
case "json":
err := c.outPutJson(browser, dir)
return err
case "csv":
err := c.outPutCsv(browser, dir)
return err
}
return nil
}
type historyData struct {
mainPath string
history []history
}
func NewHistoryData(main, sub string) Item {
return &historyData{mainPath: main}
}
func (h *historyData) ChromeParse(key []byte) error {
historyDB, err := sql.Open("sqlite3", ChromeHistoryFile)
if err != nil {
log.Error(err)
return err
@@ -233,58 +328,7 @@ func (h *History) ChromeParse(key []byte) error {
return nil
}
func (c *Cookies) ChromeParse(secretKey []byte) error {
c.cookies = make(map[string][]cookies)
cookieDB, err := sql.Open("sqlite3", ChromeCookies)
if err != nil {
log.Debug(err)
return err
}
defer func() {
if err := cookieDB.Close(); err != nil {
log.Debug(err)
}
}()
rows, err := cookieDB.Query(queryChromiumCookie)
defer func() {
if err := rows.Close(); err != nil {
log.Debug(err)
}
}()
for rows.Next() {
var (
key, host, path string
isSecure, isHTTPOnly, hasExpire, isPersistent int
createDate, expireDate int64
value, encryptValue []byte
)
err = rows.Scan(&key, &encryptValue, &host, &path, &createDate, &expireDate, &isSecure, &isHTTPOnly, &hasExpire, &isPersistent)
cookie := cookies{
KeyName: key,
Host: host,
Path: path,
encryptValue: encryptValue,
IsSecure: utils.IntToBool(isSecure),
IsHTTPOnly: utils.IntToBool(isHTTPOnly),
HasExpire: utils.IntToBool(hasExpire),
IsPersistent: utils.IntToBool(isPersistent),
CreateDate: utils.TimeEpochFormat(createDate),
ExpireDate: utils.TimeEpochFormat(expireDate),
}
// remove prefix 'v10'
if secretKey == nil {
value, err = decrypt.DPApi(encryptValue)
} else {
value, err = decrypt.ChromePass(secretKey, encryptValue)
}
cookie.Value = string(value)
c.cookies[host] = append(c.cookies[host], cookie)
}
return nil
}
func (h *History) FirefoxParse() error {
func (h *historyData) FirefoxParse() error {
var (
err error
keyDB *sql.DB
@@ -292,7 +336,7 @@ func (h *History) FirefoxParse() error {
tempMap map[int64]string
)
tempMap = make(map[int64]string)
keyDB, err = sql.Open("sqlite3", FirefoxData)
keyDB, err = sql.Open("sqlite3", FirefoxDataFile)
if err != nil {
log.Error(err)
return err
@@ -334,83 +378,55 @@ func (h *History) FirefoxParse() error {
return nil
}
func (b *Bookmarks) FirefoxParse() error {
var (
err error
keyDB *sql.DB
bookmarkRows *sql.Rows
tempMap map[int64]string
bookmarkUrl string
)
keyDB, err = sql.Open("sqlite3", FirefoxData)
if err != nil {
log.Error(err)
func (h *historyData) CopyItem() error {
return utils.CopyDB(h.mainPath, filepath.Base(h.mainPath))
}
func (h *historyData) Release() error {
return os.Remove(filepath.Base(h.mainPath))
}
func (h *historyData) OutPut(format, browser, dir string) error {
sort.Slice(h.history, func(i, j int) bool {
return h.history[i].VisitCount > h.history[j].VisitCount
})
switch format {
case "json":
err := h.outPutJson(browser, dir)
return err
case "csv":
err := h.outPutCsv(browser, dir)
return err
}
_, err = keyDB.Exec(closeJournalMode)
if err != nil {
log.Error(err)
}
bookmarkRows, err = keyDB.Query(queryFirefoxBookMarks)
defer func() {
if err := bookmarkRows.Close(); err != nil {
log.Error(err)
}
}()
for bookmarkRows.Next() {
var (
id, fk, bType, dateAdded int64
title string
)
err = bookmarkRows.Scan(&id, &fk, &bType, &dateAdded, &title)
if url, ok := tempMap[id]; ok {
bookmarkUrl = url
}
b.bookmarks = append(b.bookmarks, bookmark{
ID: id,
Name: title,
Type: utils.BookMarkType(bType),
URL: bookmarkUrl,
DateAdded: utils.TimeStampFormat(dateAdded / 1000000),
})
}
return nil
}
func (b *Bookmarks) Release(filename string) error {
return os.Remove(filename)
type passwords struct {
mainPath string
subPath string
logins []loginData
}
func (c *Cookies) Release(filename string) error {
return os.Remove(filename)
func NewFPasswords(main, sub string) Item {
return &passwords{mainPath: main, subPath: sub}
}
func (h *History) Release(filename string) error {
return os.Remove(filename)
func NewCPasswords(main, sub string) Item {
return &passwords{mainPath: main}
}
func (l *Logins) Release(filename string) error {
return os.Remove(filename)
}
func (c *Cookies) FirefoxParse() error {
cookie := cookies{}
c.cookies = make(map[string][]cookies)
cookieDB, err := sql.Open("sqlite3", FirefoxCookie)
if err != nil {
log.Debug(err)
return err
}
defer func() {
if err := cookieDB.Close(); err != nil {
log.Debug(err)
}
}()
rows, err := cookieDB.Query(queryFirefoxCookie)
func (p *passwords) ChromeParse(key []byte) error {
loginDB, err := sql.Open("sqlite3", ChromePasswordFile)
if err != nil {
log.Error(err)
return err
}
defer func() {
if err := loginDB.Close(); err != nil {
log.Debug(err)
}
}()
rows, err := loginDB.Query(queryChromiumLogin)
defer func() {
if err := rows.Close(); err != nil {
log.Debug(err)
@@ -418,28 +434,39 @@ func (c *Cookies) FirefoxParse() error {
}()
for rows.Next() {
var (
name, value, host, path string
isSecure, isHttpOnly int
creationTime, expiry int64
url, username string
pwd, password []byte
create int64
)
err = rows.Scan(&name, &value, &host, &path, &creationTime, &expiry, &isSecure, &isHttpOnly)
cookie = cookies{
KeyName: name,
Host: host,
Path: path,
IsSecure: utils.IntToBool(isSecure),
IsHTTPOnly: utils.IntToBool(isHttpOnly),
CreateDate: utils.TimeStampFormat(creationTime / 1000000),
ExpireDate: utils.TimeStampFormat(expiry),
err = rows.Scan(&url, &username, &pwd, &create)
if err != nil {
log.Error(err)
}
cookie.Value = value
c.cookies[host] = append(c.cookies[host], cookie)
login := loginData{
UserName: username,
encryptPass: pwd,
LoginUrl: url,
}
if key == nil {
password, err = decrypt.DPApi(pwd)
} else {
password, err = decrypt.ChromePass(key, pwd)
}
if err != nil {
log.Debugf("%s have empty password %s", login.LoginUrl, err.Error())
}
if create > time.Now().Unix() {
login.CreateDate = utils.TimeEpochFormat(create)
} else {
login.CreateDate = utils.TimeStampFormat(create)
}
login.Password = string(password)
p.logins = append(p.logins, login)
}
return nil
}
func (l *Logins) FirefoxParse() error {
func (p *passwords) FirefoxParse() error {
globalSalt, metaBytes, nssA11, nssA102, err := getDecryptKey()
if err != nil {
log.Error(err)
@@ -479,23 +506,23 @@ func (l *Logins) FirefoxParse() error {
return err
}
for _, v := range allLogins {
user, _ := decrypt.DecodeLogin(v.encryptUser)
pwd, _ := decrypt.DecodeLogin(v.encryptPass)
u, err := decrypt.Des3Decrypt(finallyKey, user.Iv, user.Encrypted)
userPBE, _ := decrypt.DecodeLogin(v.encryptUser)
pwdPBE, _ := decrypt.DecodeLogin(v.encryptPass)
user, err := decrypt.Des3Decrypt(finallyKey, userPBE.Iv, userPBE.Encrypted)
if err != nil {
log.Error(err)
return err
}
pwd, err := decrypt.Des3Decrypt(finallyKey, pwdPBE.Iv, pwdPBE.Encrypted)
if err != nil {
log.Error(err)
return err
}
log.Debug("decrypt firefox success")
p, err := decrypt.Des3Decrypt(finallyKey, pwd.Iv, pwd.Encrypted)
if err != nil {
log.Error(err)
return err
}
l.logins = append(l.logins, loginData{
p.logins = append(p.logins, loginData{
LoginUrl: v.LoginUrl,
UserName: string(decrypt.PKCS5UnPadding(u)),
Password: string(decrypt.PKCS5UnPadding(p)),
UserName: string(decrypt.PKCS5UnPadding(user)),
Password: string(decrypt.PKCS5UnPadding(pwd)),
CreateDate: v.CreateDate,
})
@@ -505,13 +532,48 @@ func (l *Logins) FirefoxParse() error {
return nil
}
func (p *passwords) CopyItem() error {
err := utils.CopyDB(p.mainPath, filepath.Base(p.mainPath))
if err != nil {
log.Error(err)
}
if p.subPath != "" {
err = utils.CopyDB(p.subPath, filepath.Base(p.subPath))
}
return err
}
func (p *passwords) Release() error {
err := os.Remove(filepath.Base(p.mainPath))
if err != nil {
log.Error(err)
}
if p.subPath != "" {
err = os.Remove(filepath.Base(p.subPath))
}
return err
}
func (p *passwords) OutPut(format, browser, dir string) error {
sort.Sort(p)
switch format {
case "json":
err := p.outPutJson(browser, dir)
return err
case "csv":
err := p.outPutCsv(browser, dir)
return err
}
return nil
}
func getDecryptKey() (item1, item2, a11, a102 []byte, err error) {
var (
keyDB *sql.DB
pwdRows *sql.Rows
nssRows *sql.Rows
)
keyDB, err = sql.Open("sqlite3", FirefoxKey4DB)
keyDB, err = sql.Open("sqlite3", FirefoxKey4File)
if err != nil {
log.Error(err)
return nil, nil, nil, nil, err
@@ -552,7 +614,7 @@ func getDecryptKey() (item1, item2, a11, a102 []byte, err error) {
}
func getLoginData() (l []loginData, err error) {
s, err := ioutil.ReadFile(FirefoxLoginData)
s, err := ioutil.ReadFile(FirefoxLoginFile)
if err != nil {
return nil, err
}
@@ -579,32 +641,72 @@ func getLoginData() (l []loginData, err error) {
return
}
func (b *BrowserData) Sorted() {
sort.Slice(b.bookmarks, func(i, j int) bool {
return b.bookmarks[i].ID < b.bookmarks[j].ID
})
sort.Slice(b.history, func(i, j int) bool {
return b.history[i].VisitCount > b.history[j].VisitCount
})
sort.Sort(b.Logins)
type (
loginData struct {
UserName string
encryptPass []byte
encryptUser []byte
Password string
LoginUrl string
CreateDate time.Time
}
bookmark struct {
ID int64
Name string
Type string
URL string
DateAdded time.Time
}
cookie struct {
Host string
Path string
KeyName string
encryptValue []byte
Value string
IsSecure bool
IsHTTPOnly bool
HasExpire bool
IsPersistent bool
CreateDate time.Time
ExpireDate time.Time
}
history struct {
Title string
Url string
VisitCount int
LastVisitTime time.Time
}
)
const (
bookmarkID = "id"
bookmarkAdded = "date_added"
bookmarkUrl = "url"
bookmarkName = "name"
bookmarkType = "type"
bookmarkChildren = "children"
)
const (
ChromePasswordFile = "Login Data"
ChromeHistoryFile = "History"
ChromeCookieFile = "Cookies"
ChromeBookmarkFile = "Bookmarks"
FirefoxCookieFile = "cookies.sqlite"
FirefoxKey4File = "key4.db"
FirefoxLoginFile = "logins.json"
FirefoxDataFile = "places.sqlite"
FirefoxKey3DB = "key3.db"
)
func (p passwords) Len() int {
return len(p.logins)
}
func (l Logins) Len() int {
return len(l.logins)
func (p passwords) Less(i, j int) bool {
return p.logins[i].CreateDate.After(p.logins[j].CreateDate)
}
func (l Logins) Less(i, j int) bool {
return l.logins[i].CreateDate.After(l.logins[j].CreateDate)
}
func (l Logins) Swap(i, j int) {
l.logins[i], l.logins[j] = l.logins[j], l.logins[i]
}
type Formatter interface {
ChromeParse(key []byte) error
FirefoxParse() error
OutPutJson(browser, dir string) error
OutPutCsv(browser, dir string) error
Release(filename string) error
func (p passwords) Swap(i, j int) {
p.logins[i], p.logins[j] = p.logins[j], p.logins[i]
}