Skip to content
/ browserintel Public

Suite of python3 tools including platform-dependent golang binaries to gather browser info from red team exercises

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

phx/browserintel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
tools
tools
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
browserintel.py
browserintel.py
 
 

Repository files navigation

Platform: ALL Dependencies: Python3 Version: Latest Follow @rubynorails on Twitter

browserintel

This entire suite of utilities is designed to be run from the browserintel.py script, thus it requires a working Python3 environment with native libraries.

Please note that for Chrome encrypted data to be decrypted, you will need to use the -A flag and must be running this locally on the host where the data resides (and know the login password in the case of MacOS).

This is not the case for Firefox data, which is unencrypted most of the time, but can be decrypted on a different machine if you know the password it was encrypted with (-p [MASTER PASSWORD]).

Usage

usage: browserintel.py [-h] [-u USERNAME] [-p MASTER_PASSWORD] [-b BROWSER_DIR] [-pp PROFILE_DIR] [-cp COOKIES_PATH] [-hp HISTORY_PATH] [-lp LOGINS_PATH] [-A] [-C] [-H] [-L]

Gather data from various browser sqlite databases

optional arguments:
  -h, --help            show this help message and exit

String options:
  -u USERNAME, --user USERNAME
                        set the username for output directory
  -p MASTER_PASSWORD, --masterpass MASTER_PASSWORD
                        master password to use if Mozilla browser data is encrypted
  -b BROWSER_DIR, --browserdir BROWSER_DIR
                        path to main browser directory to search
  -pp PROFILE_DIR, --profile-path PROFILE_DIR
                        path to specific profile directory to search
  -cp COOKIES_PATH, --cookies-path COOKIES_PATH
                        path to cookies database
  -hp HISTORY_PATH, --history-path HISTORY_PATH
                        path to history database
  -lp LOGINS_PATH, --logins-path LOGINS_PATH
                        path to logins database

Boolean options:
  -A, --all             Attempt to gather all data from all installed browsers (except for IE)
  -C, --cookies         attempt to gather cookies information
  -H, --history         attempt to gather history information
  -L, --logins          attempt to gather login information

Important note about AV Detection:

If deployed on a Windows host, the Go binaries may trigger AV in certain cases, so you have been warned.

Runnng on MacOS:

In order to run on MacOS, you will have to right-click on tools/hackbrowserdata/hbd-macos, and Click "Open".

This will actually run it and store results from your local machine probably in your home directory under results.

You can then just rm -rf ~/results, and run the bash script normally without the binary providing any additional difficulty.

To-Do:

  • [Potentially] add support for additional browsers
  • Add local support for more architectures

Troubleshooting:

For troubleshooting, please submit an issue.

About

Suite of python3 tools including platform-dependent golang binaries to gather browser info from red team exercises

Topics

golang browser sqlite cookies hacking python3 cybersecurity sqlite3 redteam

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages