CalvinBackup/HackBrowserData
1
0
Fork 0
mirror of https://github.com/moonD4rk/HackBrowserData.git synced 2026-06-04 19:48:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor(browser): split installation and profile abstractions (#603)

Browse Source 
* refactor(browser): split installation and profile abstractions

A Chromium installation shares one master key across its profiles, but
modeling each profile as its own Browser re-derived the key per profile.
Browser now represents one installation holding its profiles and derives
the key once; new types.Profile/ExtractResult/CountResult carry per-profile
results.

* style: gofumpt safari_test.go

* test(chromium): rename shadowed loop var to path
This commit is contained in:
Roger
2026-05-31 16:37:23 +08:00
committed by GitHub
parent d5dc81f1c0
commit b901f7dff0
28 changed files with 1359 additions and 1206 deletions
Download Patch File Download Diff File Expand all files Collapse all files
browser/firefox/firefox.go
+43 -165
View File
@@ -7,170 +7,74 @@ import (
"path/filepath"
"time"
"github.com/moond4rk/hackbrowserdata/filemanager"
"github.com/moond4rk/hackbrowserdata/log"
"github.com/moond4rk/hackbrowserdata/types"
"github.com/moond4rk/hackbrowserdata/utils/fileutil"
)
// Browser represents a single Firefox profile ready for extraction.
// Browser is one Firefox installation: the Profiles directory holding one or
// more profiles. Firefox keys are per-profile (each profile's key4.db), so the
// installation does not implement KeyManager.
type Browser struct {
cfg types.BrowserConfig
profileDir string // absolute path to profile directory
sources map[types.Category][]sourcePath // Category → candidate paths (priority order)
sourcePaths map[types.Category]resolvedPath // Category → discovered absolute path
cfg types.BrowserConfig
profiles []*profile
}
// NewBrowsers discovers Firefox profiles under cfg.UserDataDir and returns
// one Browser per profile. Firefox profile directories have random names
// (e.g. "97nszz88.default-release"); any subdirectory containing known
// data files is treated as a valid profile.
func NewBrowsers(cfg types.BrowserConfig) ([]*Browser, error) {
profileDirs := discoverProfiles(cfg.UserDataDir, firefoxSources)
if len(profileDirs) == 0 {
return nil, nil
}
var browsers []*Browser
for _, profileDir := range profileDirs {
// NewBrowser discovers the Firefox profiles under cfg.UserDataDir and returns
// the installation, or nil if no profile with resolvable sources exists.
// Firefox profile directories have random names (e.g. "97nszz88.default-release");
// any subdirectory containing known data files is treated as a valid profile.
func NewBrowser(cfg types.BrowserConfig) (*Browser, error) {
var profiles []*profile
for _, profileDir := range discoverProfiles(cfg.UserDataDir, firefoxSources) {
sourcePaths := resolveSourcePaths(firefoxSources, profileDir)
if len(sourcePaths) == 0 {
continue
}
browsers = append(browsers, &Browser{
cfg: cfg,
profiles = append(profiles, &profile{
profileDir: profileDir,
sources: firefoxSources,
browserName: cfg.Name,
sourcePaths: sourcePaths,
})
}
return browsers, nil
if len(profiles) == 0 {
return nil, nil
}
return &Browser{cfg: cfg, profiles: profiles}, nil
}
func (b *Browser) BrowserName() string { return b.cfg.Name }
func (b *Browser) ProfileDir() string { return b.profileDir }
func (b *Browser) UserDataDir() string { return b.cfg.UserDataDir }
func (b *Browser) ProfileName() string {
if b.profileDir == "" {
return ""
// Profiles returns the identity of every profile in this installation.
func (b *Browser) Profiles() []types.Profile {
out := make([]types.Profile, 0, len(b.profiles))
for _, p := range b.profiles {
out = append(out, types.Profile{Name: p.name(), Dir: p.profileDir})
}
return filepath.Base(b.profileDir)
return out
}
// Extract copies browser files to a temp directory, retrieves the master key,
// and extracts data for the requested categories.
func (b *Browser) Extract(categories []types.Category) (*types.BrowserData, error) {
session, err := filemanager.NewSession()
if err != nil {
return nil, err
// Extract extracts every profile, deriving each profile's key independently.
func (b *Browser) Extract(categories []types.Category) ([]types.ExtractResult, error) {
results := make([]types.ExtractResult, 0, len(b.profiles))
for _, p := range b.profiles {
results = append(results, types.ExtractResult{
Profile: types.Profile{Name: p.name(), Dir: p.profileDir},
Data: p.extract(categories),
})
}
defer session.Cleanup()
tempPaths := b.acquireFiles(session, categories)
masterKey, err := b.getMasterKey(session, tempPaths)
if err != nil {
log.Debugf("get master key for %s: %v", b.BrowserName()+"/"+b.ProfileName(), err)
}
data := &types.BrowserData{}
for _, cat := range categories {
path, ok := tempPaths[cat]
if !ok {
continue
}
b.extractCategory(data, cat, masterKey, path)
}
return data, nil
return results, nil
}
// CountEntries copies browser files to a temp directory and counts entries
// per category without decryption. Much faster than Extract for display-only
// use cases like "list --detail".
func (b *Browser) CountEntries(categories []types.Category) (map[types.Category]int, error) {
session, err := filemanager.NewSession()
if err != nil {
return nil, err
// CountEntries counts entries per category for every profile without decryption.
func (b *Browser) CountEntries(categories []types.Category) ([]types.CountResult, error) {
results := make([]types.CountResult, 0, len(b.profiles))
for _, p := range b.profiles {
results = append(results, types.CountResult{
Profile: types.Profile{Name: p.name(), Dir: p.profileDir},
Counts: p.count(categories),
})
}
defer session.Cleanup()
tempPaths := b.acquireFiles(session, categories)
counts := make(map[types.Category]int)
for _, cat := range categories {
path, ok := tempPaths[cat]
if !ok {
continue
}
counts[cat] = b.countCategory(cat, path)
}
return counts, nil
}
// countCategory calls the appropriate count function for a category.
func (b *Browser) countCategory(cat types.Category, path string) int {
var count int
var err error
switch cat {
case types.Password:
count, err = countPasswords(path)
case types.Cookie:
count, err = countCookies(path)
case types.History:
count, err = countHistories(path)
case types.Download:
count, err = countDownloads(path)
case types.Bookmark:
count, err = countBookmarks(path)
case types.Extension:
count, err = countExtensions(path)
case types.LocalStorage:
count, err = countLocalStorage(path)
case types.CreditCard, types.SessionStorage:
// Firefox does not support CreditCard or SessionStorage.
}
if err != nil {
log.Debugf("count %s for %s: %v", cat, b.BrowserName()+"/"+b.ProfileName(), err)
}
return count
}
// acquireFiles copies source files to the session temp directory.
func (b *Browser) acquireFiles(session *filemanager.Session, categories []types.Category) map[types.Category]string {
tempPaths := make(map[types.Category]string)
for _, cat := range categories {
rp, ok := b.sourcePaths[cat]
if !ok {
continue
}
dst := filepath.Join(session.TempDir(), cat.String())
if err := session.Acquire(rp.absPath, dst, rp.isDir); err != nil {
log.Debugf("acquire %s: %v", cat, err)
continue
}
tempPaths[cat] = dst
}
return tempPaths
}
// getMasterKey retrieves the Firefox master encryption key from key4.db.
// The key is derived via NSS ASN1 PBE decryption (platform-agnostic).
// If logins.json was already acquired by acquireFiles, the derived key
// is validated by attempting to decrypt an actual login entry.
func (b *Browser) getMasterKey(session *filemanager.Session, tempPaths map[types.Category]string) ([]byte, error) {
key4Src := filepath.Join(b.profileDir, "key4.db")
if !fileutil.FileExists(key4Src) {
return nil, nil
}
key4Dst := filepath.Join(session.TempDir(), "key4.db")
if err := session.Acquire(key4Src, key4Dst, false); err != nil {
return nil, fmt.Errorf("acquire key4.db: %w", err)
}
// logins.json is already acquired by acquireFiles as the Password source;
// reuse it for master key validation if available.
loginsPath := tempPaths[types.Password]
return retrieveMasterKey(key4Dst, loginsPath)
return results, nil
}
// retrieveMasterKey reads key4.db and derives the master key using NSS.
@@ -203,32 +107,6 @@ func retrieveMasterKey(key4Path, loginsPath string) ([]byte, error) {
return nil, fmt.Errorf("derived %d key(s) but none could decrypt logins", len(keys))
}
// extractCategory calls the appropriate extract function for a category.
func (b *Browser) extractCategory(data *types.BrowserData, cat types.Category, masterKey []byte, path string) {
var err error
switch cat {
case types.Password:
data.Passwords, err = extractPasswords(masterKey, path)
case types.Cookie:
data.Cookies, err = extractCookies(path)
case types.History:
data.Histories, err = extractHistories(path)
case types.Download:
data.Downloads, err = extractDownloads(path)
case types.Bookmark:
data.Bookmarks, err = extractBookmarks(path)
case types.Extension:
data.Extensions, err = extractExtensions(path)
case types.LocalStorage:
data.LocalStorage, err = extractLocalStorage(path)
case types.CreditCard, types.SessionStorage:
// Firefox does not support CreditCard or SessionStorage extraction.
}
if err != nil {
log.Debugf("extract %s for %s: %v", cat, b.BrowserName()+"/"+b.ProfileName(), err)
}
}
// resolvedPath holds the absolute path and type for a discovered source.
type resolvedPath struct {
absPath string
browser/firefox/firefox_test.go
+11 -127
View File
@@ -117,18 +117,19 @@ func TestNewBrowsers(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
cfg := types.BrowserConfig{Name: "Firefox", Kind: types.Firefox, UserDataDir: tt.dir}
browsers, err := NewBrowsers(cfg)
b, err := NewBrowser(cfg)
require.NoError(t, err)
if len(tt.wantProfiles) == 0 {
assert.Empty(t, browsers)
assert.Nil(t, b)
return
}
require.Len(t, browsers, len(tt.wantProfiles))
require.NotNil(t, b)
require.Len(t, b.profiles, len(tt.wantProfiles))
profileNames := make(map[string]bool)
for _, b := range browsers {
profileNames[filepath.Base(b.profileDir)] = true
for _, p := range b.profiles {
profileNames[filepath.Base(p.profileDir)] = true
}
for _, want := range tt.wantProfiles {
assert.True(t, profileNames[want], "should find profile %s", want)
@@ -187,134 +188,17 @@ func TestCountEntries(t *testing.T) {
mkDir(profileDir)
installFile(t, profileDir, setupMozHistoryDB(t), "places.sqlite")
browsers, err := NewBrowsers(types.BrowserConfig{
b, err := NewBrowser(types.BrowserConfig{
Name: "Firefox", Kind: types.Firefox, UserDataDir: dir,
})
require.NoError(t, err)
require.Len(t, browsers, 1)
require.NotNil(t, b)
// CountEntries works without master key.
counts, err := browsers[0].CountEntries([]types.Category{types.History})
results, err := b.CountEntries([]types.Category{types.History})
require.NoError(t, err)
assert.Equal(t, 3, counts[types.History])
}
func TestCountCategory(t *testing.T) {
t.Run("History", func(t *testing.T) {
path := setupMozHistoryDB(t)
b := &Browser{}
assert.Equal(t, 3, b.countCategory(types.History, path))
})
t.Run("Cookie", func(t *testing.T) {
path := setupMozCookieDB(t)
b := &Browser{}
assert.Equal(t, 2, b.countCategory(types.Cookie, path))
})
t.Run("Bookmark", func(t *testing.T) {
path := setupMozBookmarkDB(t)
b := &Browser{}
assert.Equal(t, 2, b.countCategory(types.Bookmark, path))
})
t.Run("Extension", func(t *testing.T) {
path := setupMozExtensionJSON(t)
b := &Browser{}
assert.Equal(t, 2, b.countCategory(types.Extension, path))
})
t.Run("UnsupportedCategory", func(t *testing.T) {
b := &Browser{}
assert.Equal(t, 0, b.countCategory(types.CreditCard, "unused"))
assert.Equal(t, 0, b.countCategory(types.SessionStorage, "unused"))
})
}
// ---------------------------------------------------------------------------
// extractCategory
// ---------------------------------------------------------------------------
// TestExtractCategory verifies that the switch dispatch works for each category.
func TestExtractCategory(t *testing.T) {
t.Run("History", func(t *testing.T) {
path := createTestDB(t, "places.sqlite",
[]string{mozPlacesSchema},
insertMozPlace(1, "https://example.com", "Example", 3, 1000000),
insertMozPlace(2, "https://go.dev", "Go", 1, 2000000),
)
b := &Browser{}
data := &types.BrowserData{}
b.extractCategory(data, types.History, nil, path)
require.Len(t, data.Histories, 2)
// Firefox sorts by visit count ascending
assert.Equal(t, 1, data.Histories[0].VisitCount)
assert.Equal(t, 3, data.Histories[1].VisitCount)
})
t.Run("Cookie", func(t *testing.T) {
path := createTestDB(t, "cookies.sqlite",
[]string{mozCookiesSchema},
insertMozCookie("session", "abc", ".example.com", "/", 1000000000000, 0, 0, 0),
)
b := &Browser{}
data := &types.BrowserData{}
b.extractCategory(data, types.Cookie, nil, path)
require.Len(t, data.Cookies, 1)
assert.Equal(t, "session", data.Cookies[0].Name)
assert.Equal(t, "abc", data.Cookies[0].Value) // Firefox cookies are not encrypted
})
t.Run("Bookmark", func(t *testing.T) {
path := createTestDB(t, "places.sqlite",
[]string{mozPlacesSchema, mozBookmarksSchema},
insertMozPlace(1, "https://github.com", "GitHub", 1, 1000000),
insertMozBookmark(1, 1, 1, "GitHub", 1000000),
)
b := &Browser{}
data := &types.BrowserData{}
b.extractCategory(data, types.Bookmark, nil, path)
require.Len(t, data.Bookmarks, 1)
assert.Equal(t, "GitHub", data.Bookmarks[0].Name)
})
t.Run("Extension", func(t *testing.T) {
path := createTestJSON(t, "extensions.json", `{
"addons": [
{
"id": "ublock@example.com",
"location": "app-profile",
"active": true,
"version": "1.0",
"defaultLocale": {"name": "uBlock Origin", "description": "Ad blocker"}
},
{
"id": "system@mozilla.com",
"location": "app-system-defaults",
"active": true
}
]
}`)
b := &Browser{}
data := &types.BrowserData{}
b.extractCategory(data, types.Extension, nil, path)
require.Len(t, data.Extensions, 1) // system extension skipped
assert.Equal(t, "uBlock Origin", data.Extensions[0].Name)
})
t.Run("UnsupportedCategory", func(t *testing.T) {
b := &Browser{}
data := &types.BrowserData{}
// CreditCard and SessionStorage are not supported by Firefox
b.extractCategory(data, types.CreditCard, nil, "unused")
b.extractCategory(data, types.SessionStorage, nil, "unused")
assert.Empty(t, data.CreditCards)
assert.Empty(t, data.SessionStorage)
})
require.Len(t, results, 1)
assert.Equal(t, 3, results[0].Counts[types.History])
}
// Anchor: 2024-01-15T10:30:00Z.
browser/firefox/profile.go
+169
View File
@@ -0,0 +1,169 @@
package firefox
import (
"fmt"
"path/filepath"
"github.com/moond4rk/hackbrowserdata/filemanager"
"github.com/moond4rk/hackbrowserdata/log"
"github.com/moond4rk/hackbrowserdata/types"
"github.com/moond4rk/hackbrowserdata/utils/fileutil"
)
// profile is one Firefox profile — the leaf extraction unit. Unlike Chromium,
// each Firefox profile owns its own master key (derived from its key4.db).
type profile struct {
profileDir string
browserName string
sourcePaths map[types.Category]resolvedPath
}
func (p *profile) name() string {
if p.profileDir == "" {
return ""
}
return filepath.Base(p.profileDir)
}
func (p *profile) label() string { return p.browserName + "/" + p.name() }
// extract copies the profile's source files to a temp directory, derives the
// per-profile master key, and extracts the requested categories.
func (p *profile) extract(categories []types.Category) *types.BrowserData {
session, err := filemanager.NewSession()
if err != nil {
log.Debugf("new session for %s: %v", p.label(), err)
return &types.BrowserData{}
}
defer session.Cleanup()
tempPaths := p.acquireFiles(session, categories)
masterKey, err := p.getMasterKey(session, tempPaths)
if err != nil {
log.Debugf("get master key for %s: %v", p.label(), err)
}
data := &types.BrowserData{}
for _, cat := range categories {
path, ok := tempPaths[cat]
if !ok {
continue
}
p.extractCategory(data, cat, masterKey, path)
}
return data
}
// count counts entries per category without decryption.
func (p *profile) count(categories []types.Category) map[types.Category]int {
session, err := filemanager.NewSession()
if err != nil {
log.Debugf("new session for %s: %v", p.label(), err)
return nil
}
defer session.Cleanup()
tempPaths := p.acquireFiles(session, categories)
counts := make(map[types.Category]int)
for _, cat := range categories {
path, ok := tempPaths[cat]
if !ok {
continue
}
counts[cat] = p.countCategory(cat, path)
}
return counts
}
// acquireFiles copies source files to the session temp directory.
func (p *profile) acquireFiles(session *filemanager.Session, categories []types.Category) map[types.Category]string {
tempPaths := make(map[types.Category]string)
for _, cat := range categories {
rp, ok := p.sourcePaths[cat]
if !ok {
continue
}
dst := filepath.Join(session.TempDir(), cat.String())
if err := session.Acquire(rp.absPath, dst, rp.isDir); err != nil {
log.Debugf("acquire %s: %v", cat, err)
continue
}
tempPaths[cat] = dst
}
return tempPaths
}
// getMasterKey retrieves the Firefox master encryption key from this profile's
// key4.db. The key is derived via NSS ASN1 PBE decryption (platform-agnostic).
// If logins.json was already acquired by acquireFiles, the derived key is
// validated by attempting to decrypt an actual login entry.
func (p *profile) getMasterKey(session *filemanager.Session, tempPaths map[types.Category]string) ([]byte, error) {
key4Src := filepath.Join(p.profileDir, "key4.db")
if !fileutil.FileExists(key4Src) {
return nil, nil
}
key4Dst := filepath.Join(session.TempDir(), "key4.db")
if err := session.Acquire(key4Src, key4Dst, false); err != nil {
return nil, fmt.Errorf("acquire key4.db: %w", err)
}
// logins.json is already acquired by acquireFiles as the Password source;
// reuse it for master key validation if available.
loginsPath := tempPaths[types.Password]
return retrieveMasterKey(key4Dst, loginsPath)
}
// extractCategory calls the appropriate extract function for a category.
func (p *profile) extractCategory(data *types.BrowserData, cat types.Category, masterKey []byte, path string) {
var err error
switch cat {
case types.Password:
data.Passwords, err = extractPasswords(masterKey, path)
case types.Cookie:
data.Cookies, err = extractCookies(path)
case types.History:
data.Histories, err = extractHistories(path)
case types.Download:
data.Downloads, err = extractDownloads(path)
case types.Bookmark:
data.Bookmarks, err = extractBookmarks(path)
case types.Extension:
data.Extensions, err = extractExtensions(path)
case types.LocalStorage:
data.LocalStorage, err = extractLocalStorage(path)
case types.CreditCard, types.SessionStorage:
// Firefox does not support CreditCard or SessionStorage extraction.
}
if err != nil {
log.Debugf("extract %s for %s: %v", cat, p.label(), err)
}
}
// countCategory calls the appropriate count function for a category.
func (p *profile) countCategory(cat types.Category, path string) int {
var count int
var err error
switch cat {
case types.Password:
count, err = countPasswords(path)
case types.Cookie:
count, err = countCookies(path)
case types.History:
count, err = countHistories(path)
case types.Download:
count, err = countDownloads(path)
case types.Bookmark:
count, err = countBookmarks(path)
case types.Extension:
count, err = countExtensions(path)
case types.LocalStorage:
count, err = countLocalStorage(path)
case types.CreditCard, types.SessionStorage:
// Firefox does not support CreditCard or SessionStorage.
}
if err != nil {
log.Debugf("count %s for %s: %v", cat, p.label(), err)
}
return count
}
browser/firefox/profile_test.go
+128
View File
@@ -0,0 +1,128 @@
package firefox
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/moond4rk/hackbrowserdata/types"
)
func TestCountCategory(t *testing.T) {
t.Run("History", func(t *testing.T) {
path := setupMozHistoryDB(t)
p := &profile{}
assert.Equal(t, 3, p.countCategory(types.History, path))
})
t.Run("Cookie", func(t *testing.T) {
path := setupMozCookieDB(t)
p := &profile{}
assert.Equal(t, 2, p.countCategory(types.Cookie, path))
})
t.Run("Bookmark", func(t *testing.T) {
path := setupMozBookmarkDB(t)
p := &profile{}
assert.Equal(t, 2, p.countCategory(types.Bookmark, path))
})
t.Run("Extension", func(t *testing.T) {
path := setupMozExtensionJSON(t)
p := &profile{}
assert.Equal(t, 2, p.countCategory(types.Extension, path))
})
t.Run("UnsupportedCategory", func(t *testing.T) {
p := &profile{}
assert.Equal(t, 0, p.countCategory(types.CreditCard, "unused"))
assert.Equal(t, 0, p.countCategory(types.SessionStorage, "unused"))
})
}
// ---------------------------------------------------------------------------
// extractCategory
// ---------------------------------------------------------------------------
// TestExtractCategory verifies that the switch dispatch works for each category.
func TestExtractCategory(t *testing.T) {
t.Run("History", func(t *testing.T) {
path := createTestDB(t, "places.sqlite",
[]string{mozPlacesSchema},
insertMozPlace(1, "https://example.com", "Example", 3, 1000000),
insertMozPlace(2, "https://go.dev", "Go", 1, 2000000),
)
p := &profile{}
data := &types.BrowserData{}
p.extractCategory(data, types.History, nil, path)
require.Len(t, data.Histories, 2)
// Firefox sorts by visit count ascending
assert.Equal(t, 1, data.Histories[0].VisitCount)
assert.Equal(t, 3, data.Histories[1].VisitCount)
})
t.Run("Cookie", func(t *testing.T) {
path := createTestDB(t, "cookies.sqlite",
[]string{mozCookiesSchema},
insertMozCookie("session", "abc", ".example.com", "/", 1000000000000, 0, 0, 0),
)
p := &profile{}
data := &types.BrowserData{}
p.extractCategory(data, types.Cookie, nil, path)
require.Len(t, data.Cookies, 1)
assert.Equal(t, "session", data.Cookies[0].Name)
assert.Equal(t, "abc", data.Cookies[0].Value) // Firefox cookies are not encrypted
})
t.Run("Bookmark", func(t *testing.T) {
path := createTestDB(t, "places.sqlite",
[]string{mozPlacesSchema, mozBookmarksSchema},
insertMozPlace(1, "https://github.com", "GitHub", 1, 1000000),
insertMozBookmark(1, 1, 1, "GitHub", 1000000),
)
p := &profile{}
data := &types.BrowserData{}
p.extractCategory(data, types.Bookmark, nil, path)
require.Len(t, data.Bookmarks, 1)
assert.Equal(t, "GitHub", data.Bookmarks[0].Name)
})
t.Run("Extension", func(t *testing.T) {
path := createTestJSON(t, "extensions.json", `{
"addons": [
{
"id": "ublock@example.com",
"location": "app-profile",
"active": true,
"version": "1.0",
"defaultLocale": {"name": "uBlock Origin", "description": "Ad blocker"}
},
{
"id": "system@mozilla.com",
"location": "app-system-defaults",
"active": true
}
]
}`)
p := &profile{}
data := &types.BrowserData{}
p.extractCategory(data, types.Extension, nil, path)
require.Len(t, data.Extensions, 1) // system extension skipped
assert.Equal(t, "uBlock Origin", data.Extensions[0].Name)
})
t.Run("UnsupportedCategory", func(t *testing.T) {
p := &profile{}
data := &types.BrowserData{}
// CreditCard and SessionStorage are not supported by Firefox
p.extractCategory(data, types.CreditCard, nil, "unused")
p.extractCategory(data, types.SessionStorage, nil, "unused")
assert.Empty(t, data.CreditCards)
assert.Empty(t, data.SessionStorage)
})
}