Browser Protector against various stealers, written in C# & C/C++.
License: MIT License
self-taught developer and security engineer interested in reverse engineering, cyber security, etc.
if you liked my work you can donate!
BTC Address: bc1qt4959hf9t6k940u8l4x3khw8gfrrp5znwu29yw
Discord Username: advdebug
Protect against stealer advanced who have admin and kill process of your protect cookies
If the stealer name == browser.exe , then the service will accept it as a real browser
after installation (option1) on windows 10 x64 first i wasn't able to restart anymore. clicking restart was not doing anything and opening task manager was also funky. i just saw little popup windows with the title "checksum" and a checksum within. it was quite randomly happening but the system was definitely behaving quite weird. after a hard reset of the pc, windows wasn't able to boot anymore and i get a blue screen everytime. luckily the system repair was able to fix it and afterwards i was able to boot up the system again.
Hi, your file signed verification its failing and i cannot start Sandboxie cuz is injecting the dll to the Sandboxie Service (its signed), can u add custom blacklists?
Thanks! Great project btw
if (Config == "XMode: Mini")
{
if (Environment.Is64BitProcess)
{
DllPath = @"C:\MiniNoMoreCookies_x64.dll";
}
else
{
DllPath = @"C:\MiniNoMoreCookies.dll";
}
}
else if (Config == "XMode: Disabled")
{
if (Environment.Is64BitProcess)
{
DllPath = @"C:\NoMoreCookies_x64.dll";
}
else
{
DllPath = @"C:\NoMoreCookies.dll";
}
}
else if (Config == "XMode: Enabled")
{
if (Environment.Is64BitProcess)
{
DllPath = @"C:\XNoMoreCookies.dll";
}
else
{
DllPath = @"C:\XNoMoreCookies_x64.dll";
}
}std::wstring UserPath(L"C:\\Users\\");
std::wstring EdgePath;
std::wstring BravePath;
std::wstring ChromePath;
std::wstring FirefoxPath;
std::wstring YandexPath;
std::wstring OperaPath;
std::wstring WaterfoxPath;
std::wstring VivaldiPath;
BOOL Startup()
{
wchar_t Username[50];
DWORD UsernameLen = 50 - 1;
if (GetUserNameW(Username, &UsernameLen))
{
UserPath = L"\\??\\C:\\Users\\";
UserPath.append(Username);
UserPath.append(L"\\");
EdgePath = UserPath.c_str();
EdgePath.append(L"AppData\\Local\\Microsoft\\Edge\\User Data");
BravePath = UserPath.c_str();
BravePath.append(L"AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data");
ChromePath = UserPath.c_str();
ChromePath.append(L"AppData\\Local\\Google\\Chrome\\User Data");
FirefoxPath = UserPath.c_str();
FirefoxPath.append(L"AppData\\Roaming\\Mozilla\\Firefox\\Profiles");
YandexPath = UserPath.c_str();
YandexPath.append(L"AppData\\Local\\Yandex\\YandexBrowser\\User Data");
OperaPath = UserPath.c_str();
OperaPath.append(L"AppData\\Roaming\\Opera Software\\Opera Stable");
WaterfoxPath = UserPath.c_str();
WaterfoxPath.append(L"AppData\\Roaming\\Waterfox\\Profiles");
VivaldiPath = UserPath.c_str();
VivaldiPath.append(L"AppData\\Local\\Vivaldi\\User Data");
return true;
}
else
{
return false;
}
}This codes using hard coded disk label, C:\ can be getted from config. Users maybe not using C: disk label or it's can be secured etc if any of them, your app will not work.
const char* Browsers[] = { "msedge.exe", "firefox.exe", "vivaldi.exe", "chrome.exe", "brave.exe", "browser.exe", "opera.exe", "waterfox.exe" };const wchar_t* Browsers[] = { L"msedge.exe", L"firefox.exe", L"vivaldi.exe", L"chrome.exe", L"brave.exe", L"browser.exe", L"opera.exe", L"waterfox.exe" };const wchar_t* Browsers[] this list is duplicated (created with same name on two place)
const wchar_t* Publishers[] = { L"mozilla", L"microsoft", L"brave", L"waterfox", L"yandex", L"opera", L"vivaldi" };This lists can be getted from embedded source or a another header file like a consts.h.
BOOL IsBlacklistedApp(wchar_t* FileNamez)
{
if (Signed2)
{
BOOL IsBlacklistedPublisher = FALSE;
std::wstring Publisher(GetPublisherName(FileNamez));
if (Publisher.c_str() != NULL)
{
const wchar_t* PublisherName = Publisher.c_str();
const wchar_t* Publishers[] = { L"python", L"oracle" };
int Size3 = sizeof(Publishers) / sizeof(Publishers[0]);
wchar_t LowercasePublisher[100];
wcscpy_s(LowercasePublisher, 256, PublisherName);
for (int i = 0; LowercasePublisher[i] != L'\0'; i++)
LowercasePublisher[i] = towlower(LowercasePublisher[i]);
for (int i = 0; i < Size3; i++)
{
if (wcsstr(LowercasePublisher, Publishers[i]) != NULL)
{
IsBlacklistedPublisher = TRUE;
break;
}
}
}
return IsBlacklistedPublisher && Signed2;
}
return false;
}i don't understand that can you explain this to me?
switch (arg)
{
case "--ignore-updates":
Settings.CheckUpdates = false;
break;
case "--ignore-warnings":
Settings.ShowWarnings = false;
break;
//this setting is turned off by default for security reasons, you can enable it by editing the code
/*
case "--direct-uninstall":
if (!Settings.DirectInstall)
Settings.DirectUninstall = true;
break;
*/
case "--show-browsers":
Settings.ShowBrowsers = true;
break;
case "--no-output":
Settings.ShowOutput = false;
break;
}You can use library for that. C# has a lot of library for parsing args.
Environment.CurrentDirectory + "\\Components\\MiniNoMoreCookies_x64.dll";You can use Path.Combine on there
string MiniNoMoreCookiesx64 = Environment.CurrentDirectory + "\\Components\\MiniNoMoreCookies_x64.dll";
string MiniNoMoreCookiesx86 = Environment.CurrentDirectory + "\\Components\\MiniNoMoreCookies.dll";
string NoMoreCookiesx64 = Environment.CurrentDirectory + "\\Components\\NoMoreCookies_x64.dll";
string NoMoreCookiesx86 = Environment.CurrentDirectory + "\\Components\\NoMoreCookies.dll";
string XNoMoreCookiesx64 = Environment.CurrentDirectory + "\\Components\\XNoMoreCookies_x64.dll";
string XNoMoreCookiesx86 = Environment.CurrentDirectory + "\\Components\\XNoMoreCookies.dll";And you can use function to fix code repeating.
This variables is duplicated too is defined in 2 places (public static void Install(string Option, bool SecureBoot) and public static bool IsComponentsAvailable(string Option)). You can use class for getting this variables.
You can use ILogger (Microsoft.Extensions.Logging) interface for logging. You can use Serilog it's very easy logger with ILogger interface support.
static double Version = 2.3;You can get Version info from AssemblyInfo.
We hate scammers aswell so we've been working on a software to identify stubs online that match known stubs that we can dump to delete webhooks and other stuff.
Hello i want to compile src but idk how to found the dll like xnomorecookies or mininomorecookied and when I compile cookie installer folder with sln its do a error can you told how you compile it with picture ? Win+maj+s for screen easy
I've been using NoMoreCookies because I see that it works really well.
However, while it's installed, Mullvad won't start, which surprises me, since it's a VPN and not related to a browsers (apart from the fact that it runs in a chromium sandbox).
I get the following error message:
Can't access file: file:///C:\Program Files\Mullvad VPN\resources\app.asar\build\src\index.html
I see the possibility of other programs sharing the same fate, so I think that it's an issue worth looking into.
Your version 2,3 is outdated. update to the version 23 from NoMoreCookies Repo.
After I installed NoMoreCookies, apparently Tor and Mullvad browser has stopped working, they only just show a blank grey page, that's it.
So I decided to uninstall NoMoreCookies and it works perfectly.
Not sure why NoMoreCookies blocks Mullvad and Tor browser.
Hi, wonderful work, this is a revolutionary program! However, there is a bug where you can not reopen the installer after installation. I tried installing all the versions, and the bug happened to me after installing the mini version. I also tried with enabling secure boot and trying to rerun the installer in case the AppinitDLL being loaded was causing a problem, without success. Translation of the top text: "Attempt to read or write in protected memory. Often, this indicates that there is other damaged memory." Also, I don't know about its support on Windows 7, but this is Windows 10 (LTSC 2019 aka 1809) modified to look like Windows 7.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.