benjholla / cookiemonster Goto Github PK
View Code? Open in Web Editor NEWA utility for exfiltrating cookies from local browser cookie stores
License: MIT License
A utility for exfiltrating cookies from local browser cookie stores
License: MIT License
As per the readme, run mvn clean install -U
(using the Maven version 3.8.1 that is bundled with IntelliJ).
The build will run and a fat JAR will be created in the /CookieMonster/target
directory.
The build fails; the first failure is a Maven error
Descriptor with ID 'fat' not found
In addition, there is a compile problem because the pom.xml specifies 1.8 as the source and target version, but ChromeBrowser.java
uses the factory method List.of()
that was added only in Java 9.
It appears that the maven-assembly-plugin changed its target from fat
to jar-with-dependencies
.
The compile problem is remediable by changing the version.
I will soon open a PR to address this issue.
Hi,
I am trying to run the jar file in my windows machine and the chrom version is 115. I always get error
C:\Users\djsou\CookieMonster\CookieMonster>java -jar CookieMonster.jar --browsers=chrome --domains=facebook.com
Selected Browsers: Chrome
Selected Domains: facebook.com
============================================================
Searching cookies for domain: facebook.com
============================================================
Searching in browser: Chrome
============================================================
java.nio.file.FileSystemException: C:\Users\djsou\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies -> .cookies.db: The process cannot access the file because it is being used by another process
at java.base/sun.nio.fs.WindowsException.translateToIOException(WindowsException.java:92)
at java.base/sun.nio.fs.WindowsException.rethrowAsIOException(WindowsException.java:103)
at java.base/sun.nio.fs.WindowsFileCopy.copy(WindowsFileCopy.java:208)
at java.base/sun.nio.fs.WindowsFileSystemProvider.copy(WindowsFileSystemProvider.java:284)
at java.base/java.nio.file.Files.copy(Files.java:1299)
at cmonster.browsers.ChromeBrowser.processCookies(ChromeBrowser.java:142)
at cmonster.browsers.Browser.getCookiesForDomain(Browser.java:40)
at cmonster.CookieMonster.dumpCookies(CookieMonster.java:131)
at cmonster.CookieMonster.main(CookieMonster.java:107)
No cookies found.
============================================================
============================================================
Finished.
Looks like the cookies file not able to be copied before starting reading it.
Is there anything missing here ?
Use the latest Chrome version, 114.0.5735.134, on Windows.
Create a ChromeBrowser
object and call its method getCookies()
.
The set will be non-empty and contain the cookies from the web browser.
An exception is thrown:
java.lang.ArrayIndexOutOfBoundsException: arraycopy: length -3 is negative
at java.base/java.lang.System.arraycopy(Native Method)
at java.base/java.util.Arrays.copyOfRange(Arrays.java:3823)
at cmonster.browsers.ChromeBrowser.decrypt(ChromeBrowser.java:279)
at cmonster.browsers.ChromeBrowser.parseCookieFromResult(ChromeBrowser.java:240)
at cmonster.browsers.ChromeBrowser.processCookies(ChromeBrowser.java:153)
at cmonster.browsers.Browser.getCookies(Browser.java:29)
at cmonster.browsers.ChromeBrowser.main(ChromeBrowser.java:400)
The current implementation in ChromeBrowser.getCookieDbFiles()
looks for files in directories in the baseDir that end in Cookies
. It does not find them recursively - i.e., it does not find files in subdirectories of subdirectories. This is a problem because the appropriate cookies file on my hard drive resides under /Default/Network/
relative to the baseDir.
So, the only file found is Safe Browsing Cookies
. This appears to contain cookies that are not encrypted - the encrypted_value
in the (single) row in the ResultSet
is an empty byte array - and then the decryption (attempting to use the empty array as the ciphertext) fails.
Inside decrypt, exceptions cause us to skip the cookie for Mac and Linux, but ones for Windows are allowed to bubble up and fail the overall operation. I suspect that the Windows decrypt should have the same behavior as Mac and Linux.
I will soon open a PR to address this issue.
Cookies.java has no getValue() method. I know toString() method shows what the value is but i can't get the value.
Hi friend,
i try decrypt cookie by you are lib. but when decyrpt i receiver a messsage:
Data encrypt:v11��͏���m� ԅ����v�_���ü����o�,�5�m��*��}�j����
Cookie [name=REC_T_ID (encrypted)]
javax.crypto.AEADBadTagException: Tag mismatch
at java.base/com.sun.crypto.provider.GaloisCounterMode$GCMDecrypt.doFinal(GaloisCounterMode.java:1545)
at java.base/com.sun.crypto.provider.GaloisCounterMode.engineDoFinal(GaloisCounterMode.java:417)
at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2244)
at vn.votam.seoshopeeapp.cookie.ChromeCookie.decrypt(ChromeCookie.java:183)
at vn.votam.seoshopeeapp.cookie.ChromeCookie.parseCookieFromResult(ChromeCookie.java:139)
at vn.votam.seoshopeeapp.cookie.ChromeCookie.processCookies(ChromeCookie.java:100)
at vn.votam.seoshopeeapp.cookie.Browser.getCookiesForDomain(Browser.java:30)
at TestCookie.main(TestCookie.java:9)
my test is:
ChromeCookie chromeCookie = new ChromeCookie("E:\10. Du an\14. Nghien cuu\seoShopeeApp\etc\profile\test101\Local State", "E:\10. Du an\14. Nghien cuu\seoShopeeApp\etc\profile\test101\Default\Network\Cookies");
Set ssl = chromeCookie.getCookiesForDomain("shopee.vn");
for (Cookie c : ssl) {
System.out.println(c.getName());
}
Hi,
I am trying to run the jar file in my windows machine and the chrom version is 115. I always get error
C:\Users\djsou\CookieMonster\CookieMonster>java -jar CookieMonster.jar --browsers=chrome --domains=facebook.com
Selected Browsers: Chrome
Selected Domains: facebook.com
============================================================
Searching cookies for domain: facebook.com
============================================================
Searching in browser: Chrome
============================================================
java.nio.file.FileSystemException: C:\Users\djsou\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies -> .cookies.db: The process cannot access the file because it is being used by another process
at java.base/sun.nio.fs.WindowsException.translateToIOException(WindowsException.java:92)
at java.base/sun.nio.fs.WindowsException.rethrowAsIOException(WindowsException.java:103)
at java.base/sun.nio.fs.WindowsFileCopy.copy(WindowsFileCopy.java:208)
at java.base/sun.nio.fs.WindowsFileSystemProvider.copy(WindowsFileSystemProvider.java:284)
at java.base/java.nio.file.Files.copy(Files.java:1299)
at cmonster.browsers.ChromeBrowser.processCookies(ChromeBrowser.java:142)
at cmonster.browsers.Browser.getCookiesForDomain(Browser.java:40)
at cmonster.CookieMonster.dumpCookies(CookieMonster.java:131)
at cmonster.CookieMonster.main(CookieMonster.java:107)
No cookies found.
============================================================
============================================================
Finished.
Looks like the cookies file not able to be copied before starting reading it.
Is there anything missing here ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.