DISCLAMER: The bugs or "features" used in this scripts have been notified to google and mozilla, and its on their hands to fix them or not
- Google responded that WONT fix this bug
- Chromium based browser have webtools, a feature where a user can launch a special version of the browser that can be controlled via cli tools
- The bug here its that webtools cannot be launcher with the user data, only a fresh made chrome instance, but by copying the user dir and the last folder its called the same as the original one (idk why) it will open
- So by using this tools with headless mode, where the windows its effectively invisible to the user the browser its under our hands
- After that just via python (so it can intereact with websocket) copy all the cookies to a file
- The script can run on a few seconds (webtools take between 2-4 sec to open and for copying the files took 3 sec aprox)
- A lot worse than chrome, firefox saves your data on a sqlite database without any protection, so you can just copy the cookies :)
- First, remeber to use it ONLY for non-illegal purposes, but on the scripts change the placeholders for the real URLs of a server, container or your pc. Bc the files need a place to go
- The script has 3 options that can be toggle in the file (vars ONLINE, FIREFOX and SIGILE) or via calling the script with the args -no, -f or -s
- ONLINE lets you save the files to a server and allows any connection of the script with internet, in case of false it will save the data as fake ssh credentials on $HOME/.config/ssh-backup-creds, default: true
- SIGILE lets you dissactivate creating a permament SSH connection by creating a no-password key and saving it on know credentilas, default: false
- FIREFOX lets you skip all the chrome and default browser discovery by targetting firefox only
Windows may have the same vulnerability on firefox, but on chromium doesnt work, instead it created a fake blue screen and it loads a cookie-getter extension via the ui (simulating keyboard)