A simple object-oriented C++ implementation to dump browser cookies and credentials from Chromium-based browsers such as Chrome and Edge. Supports the options to load the JSON object for further processing/exfiltration or dumps the JSON to disk. JSON data is represented in the following structure:
{
"cookies": {
"chrome": [
{
"hostkey": ".example.com",
"name": "userid",
"value": "fb43ed08-274e-4deb-8d23-427b6e273e1c"
}
],
"msedge": [
{
"hostkey": ".example.com",
"name": "sessionid",
"value": "fb43ed08-274e-4deb-8d23-427b6e273e1c"
}
]
},
"creds": {
"chrome": [
{
"pass": "iLoooooveDumptruck.exe",
"url": "http://example.com",
"user": "JrM2628"
}
],
"msedge": [
{
"pass": "$ecur3P455w0rd:p",
"url": "http://192.168.1.1",
"user": "admin"
}
]
}
}
TLDR: Using this will likely burn your red team engagement if deployed out-of-the-box.
This tool was made for use in educational environments. The detection rate on VirusTotal is 13/71 without any form of obfuscation, the binary is flagged for "suspicious behavior" on AnyRun, and it managed to generate a Threat Score of 100/100 on Hybrid Analysis. It is up to the user to provide AV evasion.
- Install vcpkg to manage sqlite3 and nlohmann-json dependencies
- Ensure vcpkg.json is in build directory
- Build in Visual Studio as you usually would