Stop — do not run anything from this repo.
getCookie.py is a browser cookie stealer. Here's exactly what it does:
- Opens your Chrome, Edge, and Firefox cookie databases directly from disk (APPDATA, LOCALAPPDATA)
- Decrypts Chrome/Edge cookies using Windows' CryptUnprotectData + AES-GCM — the same technique used in real infostealer
malware
- Specifically targets DVDFab, StreamFab, and related domains — so it's grabbing your login session tokens for those services
- Base64-encodes the result and writes it to a file passed in as an argument — ready to be exfiltrated
The rest of the repo (subtitle parsers, metadata crawlers) is mostly clean tool code, but getCookie.py is a straight-up
credential harvester. It's decompiled from Python bytecode (note the # uncompyle6 header), meaning someone took compiled
malware, reversed it, and published it here.
Stop — do not run anything from this repo.
getCookie.py is a browser cookie stealer. Here's exactly what it does:
malware
The rest of the repo (subtitle parsers, metadata crawlers) is mostly clean tool code, but getCookie.py is a straight-up
credential harvester. It's decompiled from Python bytecode (note the # uncompyle6 header), meaning someone took compiled
malware, reversed it, and published it here.