def grab(self, user, profile=None, rc=False): profiles = [profile] if profile is not None else self.getProfiles(user) cookies=[] for p in profiles: for c in selectAllFrom(self.cookieTrail%(user,p), "cookies"): if rc: cookies.append(Cookie(c['host_key'],c['host_key'],c['name'],c['value'], 'chrome', '%s:%s'%(user,p), c['last_access_utc'],c['creation_utc'])) else: cookies.append(c) return cookies
def grab(self, user, profile=None, rc=False): profiles = [profile] if profile is not None else self.getProfiles(user) cookies=[] for p in profiles: for c in selectAllFrom(self.cookieTrail%(user,p), "moz_cookies"): if rc: cookies.append(Cookie(c['basedomain'], c['host'], c['name'], c['value'], 'firefox', '%s:%s'%(user,p), c['lastaccessed'], c['creationtime'])) else: cookies.append(c) return cookies
def grabAndStore(self, database=None, allUsers=False, users=None): path = database if database else "../CookieJar.sqlite" if not users or type(users) is not list: users=getUsers() if allUsers else [getpass.getuser()] grabJar(path) cookies=selectAllFrom(path, "CookieJar") if self.args.v: print("Starting with Google Chrome Cookies") for u in users: if self.args.v: print(" |- Grabbing cookies of %s"%u) for p in self.getProfiles(u): if not os.path.isfile(self.cookieTrail%(u,p)): if args.v: print(" | | -> Profile %s does not have cookies"%p) continue if self.args.v: print(" | |- Grabbing cookies of profile %s"%p) added=addToJar(path, [Cookie(c['host_key'],c['host_key'],c['name'],c['value'], 'chrome', '%s:%s'%(u,p), webkit_to_epoch(c['last_access_utc']),webkit_to_epoch(c['creation_utc'])) for c in self.grab(u,p)]) if self.args.v: print(" | | -> Stored %s new cookies"%added)
def _query(): domain= request.args.get('domain', type=str).strip() name= request.args.get('name', type=str).strip() id= request.args.get('id', type=str).strip() value= request.args.get('value', type=str).strip() browser=request.args.get('browser', type=str).strip() user= request.args.get('user', type=str).strip() where = [] if domain: where.append('domain="%s"'%domain) if name: where.append('name="%s"'%name) if id: where.append('id="%s"'%id) if value: where.append('value="%s"'%value) if browser: where.append('browser="%s"'%browser) if user: where.append('user="******"'%user) results=selectAllFrom(info['db'], 'CookieJar', where) for x in results: x['timejarred'] =toDate(x['timejarred']) x['lastused'] =toDate(x['lastused']) x['creationtime']=toDate(x['creationtime']) return jsonify({"results":results})
def _inject(): items=request.args.get('inject', type=str).split(",") cookies=request.args.get('cookies', type=str).split(",") c=[selectAllFrom(info['db'], 'CookieJar', ['id=%s'%x]) for x in cookies] c=[Cookie(x[0]['domain'], x[0]['host'], x[0]['name'], x[0]['value'], x[0]['browser'], x[0]['user'], x[0]['lastused'], x[0]['creationtime']) for x in c] success=[] failed=[] for x in items: ex=x.replace("chk:","") ex.replace("|", " > ") try: xs=x.split('|') if len(xs)>0: xs[0]=xs[0].replace("chk:","") if len(xs)==3: grabbers[xs[1]].inject(c, xs[0], xs[2]) elif len(xs)==2: grabbers[xs[1]].inject(c, xs[0]) elif len(xs)==1: for g in grabbers: grabbers[g].inject(c, xs[0]) success.append(ex) except Exception as e: print(e) failed.append("%s: %s"%(ex,e)) if len(failed)>0: return jsonify({"inject":"failure", "success":success, "failed":failed}) else: return jsonify({"inject":"success", "success":success})
def inject(): c=selectAllFrom(info['db'], 'CookieJar') return render_template("inject.html", cookies=c ,info=info, grabable=grabable())
def query(): c=selectAllFrom(info['db'], 'CookieJar') return render_template("query.html", cookies=c ,info=info)
# Main if __name__=='__main__': description='''Queries the database for cookies matching criteria''' parser = argparse.ArgumentParser(description=description) parser.add_argument('-s', action='store_true', help='Display stats') parser.add_argument('-d', metavar='domain', help='Domain to query cookies from (e.g github.com)') parser.add_argument('-b', metavar='browser', help='Browser the cookie was grabbed from (e.g firefox)') parser.add_argument('-n', metavar='name', help='Cookie name') parser.add_argument('-v', metavar='value', help='Cookie value') parser.add_argument('-u', metavar='user', help='User:profile the cookies originate from (e.g NorthernSec:12345ua0.default)') parser.add_argument('-id', metavar='id', help='ID of stored cookie') parser.add_argument('db', metavar='database', nargs='?', help='Database') args = parser.parse_args() where=[] if args.d: where.append("domain='%s'"%args.d) if args.b: where.append("browser='%s'"%args.b) if args.n: where.append("name='%s'"%args.n) if args.v: where.append("value='%s'"%args.v) if args.u: where.append("user='******'"%args.u) if args.id: where.append("id='%s'"%args.id) db=args.db if args.db else conf.getCookieJar() print(db) cookies = selectAllFrom(db, 'CookieJar', where) print("id | domain | host | name | value | browser | user | lastUsed | creationTime | timeJarred | notes") for c in cookies: print("%s | %s | %s | %s | %s | %s | %s | %s | %s | %s | %s"%(c['id'],c['domain'],c['host'],c['name'],c['value'],c['browser'],c['user'],c['lastused'],c['creationtime'],c['timejarred'],c['notes'])) if args.s: print("Total of %s cookie(s)"%len(cookies))