diff --git a/cmd/cmd.go b/cmd/cmd.go index 819094b..30ab883 100644 --- a/cmd/cmd.go +++ b/cmd/cmd.go @@ -6,6 +6,7 @@ import ( "hack-browser-data/utils" "os" "path/filepath" + "strings" "github.com/urfave/cli/v2" ) @@ -20,31 +21,44 @@ var ( func Execute() { app := &cli.App{ - Name: "hack-browser-data", - Usage: "export passwords/cookies/history/bookmarks from browser", + Name: "hack-browser-data", + Usage: "export passwords/cookies/history/bookmarks from browser", + UsageText: "[hack-browser-data -b chrome -f json -dir results -e all]\n Get all data(password/cookie/history/bookmark) from chrome", Version: "0.1.0", Flags: []cli.Flag{ &cli.BoolFlag{Name: "verbose", Aliases: []string{"vv"}, Destination: &verbose, Value: false, Usage: "verbose"}, - &cli.StringFlag{Name: "browser", Aliases: []string{"b"}, Destination: &browser, Value: "all", Usage: "browser name, all|chrome|safari"}, - &cli.StringFlag{Name: "results-dir", Aliases: []string{"d"}, Destination: &exportDir, Value: "results", Usage: "export dir"}, + &cli.StringFlag{Name: "browser", Aliases: []string{"b"}, Destination: &browser, Value: "chrome", Usage: "available browsers: " + strings.Join(utils.ListBrowser(), "|")}, + &cli.StringFlag{Name: "results-dir", Aliases: []string{"dir"}, Destination: &exportDir, Value: "results", Usage: "export dir"}, &cli.StringFlag{Name: "format", Aliases: []string{"f"}, Destination: &outputFormat, Value: "csv", Usage: "result format, csv|json"}, &cli.StringFlag{Name: "export-data", Aliases: []string{"e"}, Destination: &exportData, Value: "all", Usage: "all|password|cookie|history|bookmark"}, }, + HideHelpCommand: true, + HideVersion: true, Action: func(c *cli.Context) error { - log.InitLog() + if verbose { + log.InitLog("debug") + } else { + log.InitLog("error") + } + utils.MakeDir(exportDir) + browserDir, key, err := utils.PickBrowser(browser) + if err != nil { + log.Fatal(err, " Available browsers: "+strings.Join(utils.ListBrowser(), "|")) + } + err = utils.InitKey(key) + if err != nil { + log.Fatal(err, "Please Open an issue on GitHub") + } + var fileList []string switch exportData { case "all": - fileList = utils.GetDBPath(utils.LoginData, utils.History, utils.Bookmarks, utils.Cookies) + fileList = utils.GetDBPath(browserDir, utils.LoginData, utils.History, utils.Bookmarks, utils.Cookies) case "password", "cookie", "history", "bookmark": - fileList = utils.GetDBPath(exportData) + fileList = utils.GetDBPath(browserDir, exportData) default: - log.Fatal("choose one from all|password|cookie|history|bookmark") - } - err := utils.InitChromeKey() - if err != nil { - panic(err) + log.Fatal("Choose one from all|password|cookie|history|bookmark") } for _, v := range fileList { dst := filepath.Base(v) @@ -53,15 +67,15 @@ func Execute() { log.Println(err) continue } - core.ChromeDB(dst) + core.ParseResult(dst) } if outputFormat == "json" { - err := core.FullData.OutPutJson(exportDir, outputFormat) + err := core.FullData.OutPutJson(exportDir, browser, outputFormat) if err != nil { log.Error(err) } } else { - err := core.FullData.OutPutCsv(exportDir, outputFormat) + err := core.FullData.OutPutCsv(exportDir, browser, outputFormat) if err != nil { log.Error(err) } diff --git a/core/common.go b/core/common.go index ce7f792..00487f7 100644 --- a/core/common.go +++ b/core/common.go @@ -12,11 +12,6 @@ import ( "github.com/tidwall/gjson" ) -const ( - Chrome = "Chrome" - Safari = "Safari" -) - const ( bookmarkID = "id" bookmarkAdded = "date_added" @@ -27,7 +22,8 @@ const ( ) var ( - FullData = new(BrowserData) + FullDataSlice []*BrowserData + FullData = new(BrowserData) ) type ( @@ -77,16 +73,16 @@ type ( } ) -func ChromeDB(dbname string) { +func ParseResult(dbname string) { switch dbname { - case utils.LoginData: - parseLogin() case utils.Bookmarks: parseBookmarks() - case utils.Cookies: - parseCookie() case utils.History: parseHistory() + case utils.Cookies: + parseCookie() + case utils.LoginData: + parseLogin() } } @@ -145,9 +141,18 @@ func parseLogin() { UserName: username, encryptPass: pwd, LoginUrl: url, - CreateDate: utils.TimeEpochFormat(create), } - password, err = utils.DecryptChromePass(pwd) + if utils.VersionUnder80 { + password, err = utils.DecryptStringWithDPAPI(pwd) + } else { + password, err = utils.DecryptChromePass(pwd) + } + if create > time.Now().Unix() { + login.CreateDate = utils.TimeEpochFormat(create) + } else { + login.CreateDate = utils.TimeStampFormat(create) + } + login.Password = password if err != nil { log.Println(err) @@ -201,7 +206,12 @@ func parseCookie() { ExpireDate: utils.TimeEpochFormat(expireDate), } // remove prefix 'v10' - value, err = utils.DecryptChromePass(encryptValue) + if utils.VersionUnder80 { + value, err = utils.DecryptStringWithDPAPI(encryptValue) + } else { + value, err = utils.DecryptChromePass(encryptValue) + } + cookie.Value = value if _, ok := cookieMap[host]; ok { cookieMap[host] = append(cookieMap[host], cookie) diff --git a/core/output.go b/core/output.go index 3b4947f..9627cfa 100644 --- a/core/output.go +++ b/core/output.go @@ -2,30 +2,39 @@ package core import ( "bytes" + "encoding/csv" "encoding/json" + "fmt" "hack-browser-data/log" "hack-browser-data/utils" + "io" "os" "github.com/gocarina/gocsv" ) -func (b BrowserData) OutPutCsv(dir, format string) error { +func (b BrowserData) OutPutCsv(dir, browser, format string) error { switch { case len(b.BookmarkSlice) != 0: - filename := utils.FormatFileName(dir, utils.Bookmarks, format) + filename := utils.FormatFileName(dir, browser, utils.Bookmarks, format) file, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC|os.O_APPEND, 0644) defer file.Close() if err != nil { log.Errorf("create file %s fail", filename) } + gocsv.SetCSVWriter(func(out io.Writer) *gocsv.SafeCSVWriter { + writer := csv.NewWriter(out) + writer.Comma = ' ' + return gocsv.NewSafeCSVWriter(writer) + }) err = gocsv.MarshalFile(b.BookmarkSlice, file) if err != nil { log.Error(err) } + fmt.Printf("%s Get %d bookmarks, filename is %s \n", log.Prefix, len(b.BookmarkSlice), filename) fallthrough case len(b.LoginDataSlice) != 0: - filename := utils.FormatFileName(dir, utils.LoginData, format) + filename := utils.FormatFileName(dir, browser, utils.LoginData, format) file, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC|os.O_APPEND, 0644) defer file.Close() if err != nil { @@ -35,9 +44,10 @@ func (b BrowserData) OutPutCsv(dir, format string) error { if err != nil { log.Error(err) } + fmt.Printf("%s Get %d login data, filename is %s \n", log.Prefix, len(b.LoginDataSlice), filename) fallthrough case len(b.CookieMap) != 0: - filename := utils.FormatFileName(dir, utils.Cookies, format) + filename := utils.FormatFileName(dir, browser, utils.Cookies, format) file, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC|os.O_APPEND, 0644) defer file.Close() if err != nil { @@ -51,9 +61,10 @@ func (b BrowserData) OutPutCsv(dir, format string) error { if err != nil { log.Error(err) } + fmt.Printf("%s Get %d cookies, filename is %s \n", log.Prefix, len(b.CookieMap), filename) fallthrough case len(b.HistorySlice) != 0: - filename := utils.FormatFileName(dir, utils.History, format) + filename := utils.FormatFileName(dir, browser, utils.History, format) file, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC|os.O_APPEND, 0644) defer file.Close() if err != nil { @@ -63,14 +74,15 @@ func (b BrowserData) OutPutCsv(dir, format string) error { if err != nil { log.Error(err) } + fmt.Printf("%s Get %d login data, filename is %s \n", log.Prefix, len(b.HistorySlice), filename) } return nil } -func (b BrowserData) OutPutJson(dir, format string) error { +func (b BrowserData) OutPutJson(dir, browser, format string) error { switch { case len(b.BookmarkSlice) != 0: - filename := utils.FormatFileName(dir, utils.Bookmarks, format) + filename := utils.FormatFileName(dir, browser, utils.Bookmarks, format) file, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC|os.O_APPEND, 0644) defer file.Close() if err != nil { @@ -82,9 +94,10 @@ func (b BrowserData) OutPutJson(dir, format string) error { enc.SetIndent("", "\t") enc.Encode(b.BookmarkSlice) file.Write(w.Bytes()) + fmt.Printf("%s Get %d bookmarks, filename is %s \n", log.Prefix, len(b.BookmarkSlice), filename) fallthrough case len(b.CookieMap) != 0: - filename := utils.FormatFileName(dir, utils.Cookies, format) + filename := utils.FormatFileName(dir, browser, utils.Cookies, format) file, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC|os.O_APPEND, 0644) defer file.Close() if err != nil { @@ -99,9 +112,10 @@ func (b BrowserData) OutPutJson(dir, format string) error { log.Println(err) } file.Write(w.Bytes()) + fmt.Printf("%s Get %d cookies, filename is %s \n", log.Prefix, len(b.CookieMap), filename) fallthrough case len(b.HistorySlice) != 0: - filename := utils.FormatFileName(dir, utils.History, format) + filename := utils.FormatFileName(dir, browser, utils.History, format) file, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC|os.O_APPEND, 0644) defer file.Close() if err != nil { @@ -116,9 +130,10 @@ func (b BrowserData) OutPutJson(dir, format string) error { log.Println(err) } file.Write(w.Bytes()) + fmt.Printf("%s Get %d history, filename is %s \n", log.Prefix, len(b.HistorySlice), filename) fallthrough case len(b.LoginDataSlice) != 0: - filename := utils.FormatFileName(dir, utils.LoginData, format) + filename := utils.FormatFileName(dir, browser, utils.LoginData, format) file, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC|os.O_APPEND, 0644) defer file.Close() if err != nil { @@ -133,6 +148,7 @@ func (b BrowserData) OutPutJson(dir, format string) error { log.Println(err) } file.Write(w.Bytes()) + fmt.Printf("%s Get %d login data, filename is %s \n", log.Prefix, len(b.LoginDataSlice), filename) } return nil } diff --git a/log/log.go b/log/log.go index c4de3fb..190c44c 100644 --- a/log/log.go +++ b/log/log.go @@ -8,6 +8,10 @@ import ( "go.uber.org/zap/zapcore" ) +const ( + Prefix = "[x]: " +) + var ( formatLogger *zap.SugaredLogger levelMap = map[string]zapcore.Level{ @@ -20,8 +24,8 @@ var ( } ) -func InitLog() { - logger := newLogger("debug") +func InitLog(level string) { + logger := newLogger(level) formatLogger = logger.Sugar() } diff --git a/utils/utils.go b/utils/utils.go index 48359ee..6c69963 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -14,6 +14,9 @@ import ( var ( passwordIsEmpty = errors.New("decrypt fail, password is empty") + + errBrowserNotSupported = errors.New("browser not supported") + VersionUnder80 bool ) type DecryptError struct { @@ -29,6 +32,11 @@ func (e *DecryptError) Unwrap() error { return e.err } +type Browser struct { + Name string + DataDir string +} + const ( LoginData = "Login Data" History = "History" @@ -36,6 +44,29 @@ const ( Bookmarks = "Bookmarks" ) +func ListBrowser() []string { + var l []string + for k := range browserList { + l = append(l, k) + } + return l +} + +func GetDBPath(dir string, dbName ...string) (dbFile []string) { + for _, v := range dbName { + s, err := filepath.Glob(dir + v) + if err != nil && len(s) == 0 { + continue + } + if len(s) > 0 { + log.Debugf("Find %s File Success", v) + log.Debugf("%s file location is %s", v, s[0]) + dbFile = append(dbFile, s[0]) + } + } + return dbFile +} + func CopyDB(src, dst string) error { locals, _ := filepath.Glob("*") for _, v := range locals { @@ -65,6 +96,11 @@ func IntToBool(a int) bool { return true } +func TimeStampFormat(stamp int64) time.Time { + s1 := time.Unix(stamp, 0) + return s1 +} + func TimeEpochFormat(epoch int64) time.Time { maxTime := int64(99633311740000000) if epoch > maxTime { @@ -101,9 +137,9 @@ func WriteFile(filename string, data []byte) error { return err } -func FormatFileName(dir, filename, format string) string { +func FormatFileName(dir, browser, filename, format string) string { r := strings.TrimSpace(strings.ToLower(filename)) - p := path.Join(dir, fmt.Sprintf("%s.%s", r, format)) + p := path.Join(dir, fmt.Sprintf("%s_%s.%s", r, browser, format)) return p } diff --git a/utils/utils_darwin.go b/utils/utils_darwin.go index 94a0243..f291851 100644 --- a/utils/utils_darwin.go +++ b/utils/utils_darwin.go @@ -8,28 +8,61 @@ import ( "errors" "hack-browser-data/log" "os/exec" - "path/filepath" + "strings" "golang.org/x/crypto/pbkdf2" ) const ( - macChromeDir = "/Users/*/Library/Application Support/Google/Chrome/*/" + chromeDir = "/Users/*/Library/Application Support/Google/Chrome/*/" + edgeDir = "/Users/*/Library/Application Support/Microsoft Edge/*/" + mac360Secure = "/Users/*/Library/Application Support/360Chrome/*/" +) + +const ( + Chrome = "Chrome" + Edge = "Microsoft Edge" + SecureBrowser = "Chromium" ) var ( - iv = []byte{32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32} - command = []string{"security", "find-generic-password", "-wa", "Chrome"} - chromeSalt = []byte("saltysalt") - chromeKey []byte + iv = []byte{32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32} + command = []string{"security", "find-generic-password", "-wa"} + chromeSalt = []byte("saltysalt") + chromeKey []byte + browserList = map[string]struct { + Dir string + Command string + }{ + "chrome": { + chromeDir, + Chrome, + }, + "edge": { + edgeDir, + Edge, + }, + } ) -func InitChromeKey() error { +func DecryptStringWithDPAPI(data []byte) (string, error) { + return string(data), nil +} + +func PickBrowser(name string) (browserDir, command string, err error) { + name = strings.ToLower(name) + if choice, ok := browserList[name]; ok { + return choice.Dir, choice.Command, err + } + return "", "", errBrowserNotSupported +} + +func InitKey(key string) error { var ( cmd *exec.Cmd stdout, stderr bytes.Buffer ) - cmd = exec.Command(command[0], command[1], command[2], command[3]) + cmd = exec.Command(command[0], command[1], command[2], key) cmd.Stdout = &stdout cmd.Stderr = &stderr err := cmd.Run() @@ -47,20 +80,20 @@ func InitChromeKey() error { return err } -func GetDBPath(dbName ...string) (dbFile []string) { - for _, v := range dbName { - s, err := filepath.Glob(macChromeDir + v) - if err != nil && len(s) == 0 { - continue - } - if len(s) > 0 { - log.Debugf("Find %s File Success", v) - log.Debugf("%s file location is %s", v, s[0]) - dbFile = append(dbFile, s[0]) - } - } - return dbFile -} +//func GetDBPath(dir string, dbName ...string) (dbFile []string) { +// for _, v := range dbName { +// s, err := filepath.Glob(dir + v) +// if err != nil && len(s) == 0 { +// continue +// } +// if len(s) > 0 { +// log.Debugf("Find %s File Success", v) +// log.Debugf("%s file location is %s", v, s[0]) +// dbFile = append(dbFile, s[0]) +// } +// } +// return dbFile +//} func decryptChromeKey(chromePass []byte) { chromeKey = pbkdf2.Key(chromePass, chromeSalt, 1003, 16, sha1.New) diff --git a/utils/utils_windows.go b/utils/utils_windows.go index 128a9e4..f0bd489 100644 --- a/utils/utils_windows.go +++ b/utils/utils_windows.go @@ -4,9 +4,9 @@ import ( "crypto/aes" "crypto/cipher" "encoding/base64" - "hack-browser-data/log" + "errors" "os" - "path/filepath" + "strings" "syscall" "unsafe" @@ -14,50 +14,96 @@ import ( ) const ( - winChromeKeyDir = "/AppData/Local/Google/Chrome/User Data/Local State" - winChromeDir = "/AppData/Local/Google/Chrome/User Data/*/" + chromeDir = "/AppData/Local/Google/Chrome/User Data/*/" + chromeKeyFile = "/AppData/Local/Google/Chrome/User Data/Local State" + secure360Dir = "/AppData/Local/360chrome/Chrome/User Data/*/" + secure360KeyFile = "" + edgeDir = "/AppData/Local/Microsoft/Edge/User Data/*/" + edgeKeyFile = "/AppData/Local/Microsoft/Edge/User Data/Local State" ) var ( chromeKey []byte -) -func InitChromeKey() error { - chromeKeyPath := os.Getenv("USERPROFILE") + winChromeKeyDir - keyFile, err := ReadFile(chromeKeyPath) - if err != nil { - log.Error(err) - return err + browserList = map[string]struct { + Dir string + Key string + }{ + "chrome": { + chromeDir, + chromeKeyFile, + }, + "edge": { + edgeDir, + edgeKeyFile, + }, + "360secure": { + secure360Dir, + secure360KeyFile, + }, } - s := gjson.Get(keyFile, "os_crypt.encrypted_key").String() - masterKey, err := base64.StdEncoding.DecodeString(s) - if err != nil { - return err +) + + +func PickBrowser(name string) (browserDir, key string, err error) { + name = strings.ToLower(name) + if choice, ok := browserList[name]; ok { + if choice.Key != "" { + return os.Getenv("USERPROFILE") + choice.Dir, os.Getenv("USERPROFILE") + choice.Key, nil + } else { + return os.Getenv("USERPROFILE") + choice.Dir, "", nil + } } - chromeKey, err = DecryptStringWithDPAPI(masterKey[5:]) - return err + return "", "", errBrowserNotSupported } -func GetDBPath(dbName ...string) (dbFile []string) { - var dbPath []string - chromeDBPath := os.Getenv("USERPROFILE") + winChromeDir - for _, v := range dbName { - dbPath = append(dbPath, chromeDBPath+v) +var ( + errBase64DecodeFailed = errors.New("decode base64 failed") +) + +func InitKey(key string) error { + if key == "" { + VersionUnder80 = true + return nil } - for _, v := range dbPath { - s, err := filepath.Glob(v) - if err != nil && len(s) == 0 { - continue - } - if len(s) > 0 { - log.Debugf("Find %s File Success", v) - log.Debugf("%s file location is %s", v, s[0]) - dbFile = append(dbFile, s[0]) + keyFile, err := ReadFile(key) + if err != nil { + return err + } + encryptedKey := gjson.Get(keyFile, "os_crypt.encrypted_key") + if encryptedKey.Exists() { + pureKey, err := base64.StdEncoding.DecodeString(encryptedKey.String()) + if err != nil { + return errBase64DecodeFailed } + chromeKey, err = decryptStringWithDPAPI(pureKey[5:]) + return nil + } else { + VersionUnder80 = true + return nil } - return dbFile } +//func GetDBPath(dir string, dbName ...string) (dbFile []string) { +// var dbPath []string +// chromeDBPath := os.Getenv("USERPROFILE") + dir +// for _, v := range dbName { +// dbPath = append(dbPath, chromeDBPath+v) +// } +// for _, v := range dbPath { +// s, err := filepath.Glob(v) +// if err != nil && len(s) == 0 { +// continue +// } +// if len(s) > 0 { +// log.Debugf("Find %s File Success", v) +// log.Debugf("%s file location is %s", v, s[0]) +// dbFile = append(dbFile, s[0]) +// } +// } +// return dbFile +//} + func DecryptChromePass(encryptPass []byte) (string, error) { if len(encryptPass) > 15 { // remove prefix 'v10' @@ -103,7 +149,7 @@ func (b *DataBlob) ToByteArray() []byte { } // chrome < 80 https://chromium.googlesource.com/chromium/src/+/76f496a7235c3432983421402951d73905c8be96/components/os_crypt/os_crypt_win.cc#82 -func DecryptStringWithDPAPI(data []byte) ([]byte, error) { +func decryptStringWithDPAPI(data []byte) ([]byte, error) { dllCrypt := syscall.NewLazyDLL("Crypt32.dll") dllKernel := syscall.NewLazyDLL("Kernel32.dll") procDecryptData := dllCrypt.NewProc("CryptUnprotectData") @@ -116,3 +162,17 @@ func DecryptStringWithDPAPI(data []byte) ([]byte, error) { defer procLocalFree.Call(uintptr(unsafe.Pointer(outBlob.pbData))) return outBlob.ToByteArray(), nil } + +func DecryptStringWithDPAPI(data []byte) (string, error) { + dllCrypt := syscall.NewLazyDLL("Crypt32.dll") + dllKernel := syscall.NewLazyDLL("Kernel32.dll") + procDecryptData := dllCrypt.NewProc("CryptUnprotectData") + procLocalFree := dllKernel.NewProc("LocalFree") + var outBlob DataBlob + r, _, err := procDecryptData.Call(uintptr(unsafe.Pointer(NewBlob(data))), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(&outBlob))) + if r == 0 { + return "", err + } + defer procLocalFree.Call(uintptr(unsafe.Pointer(outBlob.pbData))) + return string(outBlob.ToByteArray()), nil +}