Roger
b3dd4ed6e4
* feat: add Chromium extract methods, source mapping, and tests Implement per-category data extraction for Chromium browsers as typed standalone functions, preparing for Phase 8 wiring into the new Chromium struct. New files: - source.go: dataSource struct, chromiumSources/yandexSources maps, yandexQueryOverrides for Yandex action_url variant - decrypt.go: decryptValue() wrapping platform-specific decryption - extract_password.go: SQLite + decrypt → []LoginEntry - extract_cookie.go: SQLite + decrypt → []CookieEntry - extract_creditcard.go: SQLite + decrypt → []CreditCardEntry - extract_history.go: SQLite → []HistoryEntry - extract_download.go: SQLite → []DownloadEntry - extract_bookmark.go: JSON recursive → []BookmarkEntry - extract_extension.go: JSON → []ExtensionEntry - extract_storage.go: LevelDB → []StorageEntry (local + session) - firefox/source.go: firefoxSources map Tests use real Chrome table schemas for SQLite fixtures, with INSERT helpers to keep test data readable and self-documenting. Ref #520 * fix: remove LevelDB invalid path test (Windows compatibility) leveldb.OpenFile creates the directory on Windows instead of returning an error, causing TestExtractLocalStorage_InvalidPath to fail in CI. This test was verifying LevelDB behavior, not our extraction logic. * refactor: remove unused query parameter from extract functions Only extractPasswords needs the query override (Yandex action_url). The other 7 SQLite extract functions always use their default query, so remove the unnecessary query parameter from their signatures. * refactor: use DetectVersion in decryptValue instead of blind fallback Replace try-then-fallback pattern with explicit version detection using crypto.DetectVersion. Routes v10 to DecryptWithChromium, DPAPI to DecryptWithDPAPI, and adds a TODO placeholder for v20 App-Bound Encryption. * chore: relax gocognit and gocritic linters for test files * revert: restore strict gocognit and gocritic linters for test files * fix: address review feedback on extract methods - Store DetectVersion result in local variable to avoid duplicate call - Scan credit card expiration_month/year as int then convert to string (matches INTEGER column type in real Chrome schema) - Add os.Stat check before leveldb.OpenFile to prevent creating empty directories for non-existent paths - Rename TestExtractExtensions_InvalidJSON to TestExtractExtensions_MissingSettingsPath (JSON is valid, path is missing) * fix: revert creditcard scan to string type for NULL safety modernc.org/sqlite handles INTEGER→string conversion automatically. Scanning into string is safer for nullable columns — NULL becomes "" instead of "0" which would be an invalid month/year.
HackBrowserData
HackBrowserData is a command-line tool for decrypting and exporting browser data (passwords, history, cookies, bookmarks, credit cards, download history, localStorage and extensions) from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux.
Disclaimer: This tool is only intended for security research. Users are responsible for all legal and related liabilities resulting from the use of this tool. The original author does not assume any legal responsibility.
Recent Updates
Firefox 144+ Support
HackBrowserData now supports decryption of saved passwords in Firefox 144 and later versions.
Starting from Firefox 144, Mozilla migrated password encryption from 3DES to AES-256-CBC to enhance security. HackBrowserData has been updated accordingly and remains fully compatible with the latest Firefox encryption scheme.
For more details:
Supported Browser
Windows
| Browser | Password | Cookie | Bookmark | History |
|---|---|---|---|---|
| Google Chrome | ✅ | ✅ | ✅ | ✅ |
| Google Chrome Beta | ✅ | ✅ | ✅ | ✅ |
| Chromium | ✅ | ✅ | ✅ | ✅ |
| Microsoft Edge | ✅ | ✅ | ✅ | ✅ |
| 360 Speed | ✅ | ✅ | ✅ | ✅ |
| ✅ | ✅ | ✅ | ✅ | |
| Brave | ✅ | ✅ | ✅ | ✅ |
| Opera | ✅ | ✅ | ✅ | ✅ |
| OperaGX | ✅ | ✅ | ✅ | ✅ |
| Vivaldi | ✅ | ✅ | ✅ | ✅ |
| Yandex | ✅ | ✅ | ✅ | ✅ |
| CocCoc | ✅ | ✅ | ✅ | ✅ |
| Firefox | ✅ | ✅ | ✅ | ✅ |
| Firefox Beta | ✅ | ✅ | ✅ | ✅ |
| Firefox Dev | ✅ | ✅ | ✅ | ✅ |
| Firefox ESR | ✅ | ✅ | ✅ | ✅ |
| Firefox Nightly | ✅ | ✅ | ✅ | ✅ |
| Internet Explorer | ❌ | ❌ | ❌ | ❌ |
MacOS
Based on Apple's security policy, some browsers require a current user password to decrypt.
| Browser | Password | Cookie | Bookmark | History |
|---|---|---|---|---|
| Google Chrome | ✅ | ✅ | ✅ | ✅ |
| Google Chrome Beta | ✅ | ✅ | ✅ | ✅ |
| Chromium | ✅ | ✅ | ✅ | ✅ |
| Microsoft Edge | ✅ | ✅ | ✅ | ✅ |
| Brave | ✅ | ✅ | ✅ | ✅ |
| Opera | ✅ | ✅ | ✅ | ✅ |
| OperaGX | ✅ | ✅ | ✅ | ✅ |
| Vivaldi | ✅ | ✅ | ✅ | ✅ |
| CocCoc | ✅ | ✅ | ✅ | ✅ |
| Yandex | ✅ | ✅ | ✅ | ✅ |
| Arc | ✅ | ✅ | ✅ | ✅ |
| Firefox | ✅ | ✅ | ✅ | ✅ |
| Firefox Beta | ✅ | ✅ | ✅ | ✅ |
| Firefox Dev | ✅ | ✅ | ✅ | ✅ |
| Firefox ESR | ✅ | ✅ | ✅ | ✅ |
| Firefox Nightly | ✅ | ✅ | ✅ | ✅ |
| Safari | ❌ | ❌ | ❌ | ❌ |
Linux
| Browser | Password | Cookie | Bookmark | History |
|---|---|---|---|---|
| Google Chrome | ✅ | ✅ | ✅ | ✅ |
| Google Chrome Beta | ✅ | ✅ | ✅ | ✅ |
| Chromium | ✅ | ✅ | ✅ | ✅ |
| Microsoft Edge Dev | ✅ | ✅ | ✅ | ✅ |
| Brave | ✅ | ✅ | ✅ | ✅ |
| Opera | ✅ | ✅ | ✅ | ✅ |
| Vivaldi | ✅ | ✅ | ✅ | ✅ |
| Firefox | ✅ | ✅ | ✅ | ✅ |
| Firefox Beta | ✅ | ✅ | ✅ | ✅ |
| Firefox Dev | ✅ | ✅ | ✅ | ✅ |
| Firefox ESR | ✅ | ✅ | ✅ | ✅ |
| Firefox Nightly | ✅ | ✅ | ✅ | ✅ |
Getting started
Install
Installation of HackBrowserData is dead-simple, just download the release for your system and run the binary.
In some situations, this security tool will be treated as a virus by Windows Defender or other antivirus software and can not be executed. The code is all open source, you can modify and compile by yourself.
Building from source
only support go 1.20+ with go generics.
$ git clone https://github.com/moonD4rk/HackBrowserData
$ cd HackBrowserData/cmd/hack-browser-data
$ go build
Cross compile
Here's an example of use macOS building for Windows and Linux
For Windows
GOOS=windows GOARCH=amd64 go build
For Linux
GOOS=linux GOARCH=amd64 go build
Run
You can double-click to run, or use command line.
PS C:\Users\moond4rk\Desktop> .\hack-browser-data.exe -h
NAME:
hack-browser-data - Export passwords|bookmarks|cookies|history|credit cards|download history|localStorage|extensions from browser
USAGE:
[hack-browser-data -b chrome -f json --dir results --zip]
Export all browsing data (passwords/cookies/history/bookmarks) from browser
Github Link: https://github.com/moonD4rk/HackBrowserData
VERSION:
0.4.6
GLOBAL OPTIONS:
--verbose, --vv verbose (default: false)
--compress, --zip compress result to zip (default: false)
--browser value, -b value available browsers: all|360|brave|chrome|chrome-beta|chromium|coccoc|dc|edge|firefox|opera|opera-gx|qq|sogou|vivaldi|yandex (default: "all")
--results-dir value, --dir value export dir (default: "results")
--format value, -f value output format: csv|json (default: "csv")
--profile-path value, -p value custom profile dir path, get with chrome://version
--full-export, --full is export full browsing data (default: true)
--help, -h show help
--version, -v print the version
For example, the following is an automatic scan of the browser on the current computer, outputting the decryption results in JSON format and compressing as zip.
PS C:\Users\moond4rk\Desktop> .\hack-browser-data.exe -b all -f json --dir results --zip
PS C:\Users\moond4rk\Desktop> ls -l .\results\
Directory: C:\Users\moond4rk\Desktop\results
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 7/15/2024 10:55 PM 44982 results.zip
Run with custom browser profile folder
If you want to export data from a custom browser profile folder, you can use the -p parameter to specify the path of the browser profile folder. PS: use double quotes to wrap the path.
PS C:\Users\moond4rk\Desktop> .\hack-browser-data.exe -b chrome -p "C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default"
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_creditcard.csv success
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_bookmark.csv success
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_cookie.csv success
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_history.csv success
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_download.csv success
[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_password.csv success
Contributing
We welcome and appreciate any contributions made by the community (GitHub issues/pull requests, email feedback, etc.).
Please see the Contribution Guide before contributing.
Contributors
Stargazers over time
404StarLink 2.0 - Galaxy
HackBrowserData is a part of 404Team StarLink-Galaxy, if you have any questions about HackBrowserData or want to find a partner to communicate with,please refer to the Starlink group.
JetBrains OS licenses
HackBrowserData had been being developed with GoLand IDE under the free JetBrains Open Source license(s) granted by JetBrains s.r.o., hence I would like to express my thanks here.
