From 425f816d59dcbdc79961256aeaf1178addbd2fb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E1=B4=8D=E1=B4=8F=E1=B4=8F=C9=B4D4=CA=80=E1=B4=8B?= Date: Mon, 6 Jul 2020 16:13:25 +0800 Subject: [PATCH] add firefox parser and output --- README.md | 2 +- cmd/cmd.go | 3 +- core/common.go | 82 +++++++++++++++++++++++++++++++++---------- utils/utils.go | 1 + utils/utils_darwin.go | 6 ++++ 5 files changed, 73 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 4010a14..38a93e9 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ hack-browser-data is an open-source tool that could help you export data from br | Edge [MacOS]
(require password) | ✅ | ✅ | ✅ | ✅ | | 360 Speed Browser [Windows] | ✅ | ✅ | ✅ | ✅ | | QQ Browser [Windows] | ✅ | ✅ | ✅ | ✅ | -| FireFox [MacOS] | ✅ | ❌ | ❌ | ❌ | +| FireFox [MacOS] | ✅ | ✅ | ❌ | ❌ | | FireFox [Windows] | ❌ | ❌ | ❌ | ❌ | | Safari [MacOS] | ❌ | ❌ | ❌ | ❌ | | Internet Explorer [Windows] | ❌ | ❌ | ❌ | ❌ | diff --git a/cmd/cmd.go b/cmd/cmd.go index e12d9ad..8c5e57c 100644 --- a/cmd/cmd.go +++ b/cmd/cmd.go @@ -70,7 +70,7 @@ func Execute() { core.ParseResult(dst) } } else { - fileList := utils.GetDBPath(browserDir, "key4.db", "logins.json") + fileList := utils.GetDBPath(browserDir, "key4.db", "logins.json", utils.FirefoxCookie) for _, v := range fileList { dst := filepath.Base(v) err := utils.CopyDB(v, dst) @@ -78,6 +78,7 @@ func Execute() { log.Println(err) continue } + core.ParseResult(dst) core.DecodeKey4() } } diff --git a/core/common.go b/core/common.go index 8965d2c..d6953d6 100644 --- a/core/common.go +++ b/core/common.go @@ -48,6 +48,7 @@ type ( loginData struct { UserName string encryptPass []byte + encryptUser []byte Password string LoginUrl string CreateDate time.Time @@ -90,6 +91,8 @@ func ParseResult(dbname string) { parseCookie() case utils.LoginData: parseLogin() + case utils.FirefoxCookie: + parseFirefoxCookie() } } @@ -449,15 +452,67 @@ func DecodeKey4() { blockMode2 := cipher.NewCBCDecrypter(block, s2.Iv) sq2 := make([]byte, len(s2.Encrypted)) blockMode2.CryptBlocks(sq2, s2.Encrypted) + u := utils.PKCS7UnPadding(sq) + s := utils.PKCS7UnPadding(sq2) FullData.LoginDataSlice = append(FullData.LoginDataSlice, loginData{ - LoginUrl: v.loginUrl, - UserName: string(sq), - Password: string(sq2), + LoginUrl: v.LoginUrl, + UserName: string(u), + Password: string(s), + CreateDate: v.CreateDate, }) - log.Errorf("%s:%s:%s", v.loginUrl, string(sq), string(sq2)) } } +var queryFirefoxCookie = `SELECT name, value, host, path, creationTime, expiry, isSecure, isHttpOnly FROM moz_cookies` + +func parseFirefoxCookie() { + cookie := cookies{} + cookieMap := make(map[string][]cookies) + cookieDB, err := sql.Open("sqlite3", utils.FirefoxCookie) + defer os.Remove(utils.FirefoxCookie) + defer func() { + if err := cookieDB.Close(); err != nil { + log.Println(err) + } + }() + if err != nil { + log.Println(err) + } + err = cookieDB.Ping() + rows, err := cookieDB.Query(queryFirefoxCookie) + defer func() { + if err := rows.Close(); err != nil { + log.Println(err) + } + }() + for rows.Next() { + var ( + name, value, host, path string + isSecure, isHttpOnly int + creationTime, expiry int64 + ) + err = rows.Scan(&name, &value, &host, &path, &creationTime, &expiry, &isSecure, &isHttpOnly) + cookie = cookies{ + KeyName: name, + Host: host, + Path: path, + IsSecure: utils.IntToBool(isSecure), + IsHTTPOnly: utils.IntToBool(isHttpOnly), + CreateDate: utils.TimeStampFormat(creationTime / 1000000), + ExpireDate: utils.TimeStampFormat(expiry), + } + + cookie.Value = value + if _, ok := cookieMap[host]; ok { + cookieMap[host] = append(cookieMap[host], cookie) + } else { + cookieMap[host] = []cookies{cookie} + } + } + FullData.CookieMap = cookieMap + +} + func checkPassword(globalSalt, entrySalt, encryptText []byte) []byte { //byte[] GLMP; // GlobalSalt + MasterPassword //byte[] HP; // SHA1(GLMP) @@ -482,13 +537,10 @@ func checkPassword(globalSalt, entrySalt, encryptText []byte) []byte { tk.Write(pes) pes = append(pes, entrySalt...) log.Warn(hex.EncodeToString(pes)) - //k1 = hmac.new(chp, pes + entrySalt, sha1).digest() - //tk = hmac.new(chp, pes, sha1).digest() k1 := hmac.New(sha1.New, chp[:]) k1.Write(pes) log.Warn(hex.EncodeToString(k1.Sum(nil))) log.Warn(hex.EncodeToString(tk.Sum(nil))) - //k2 = hmac.new(chp, tk + entrySalt, sha1).digest() tkPlus := append(tk.Sum(nil), entrySalt...) k2 := hmac.New(sha1.New, chp[:]) k2.Write(tkPlus) @@ -519,14 +571,7 @@ func paddingZero(s []byte, l int) []byte { } } -type Logins struct { - encryptUser []byte - encryptPass []byte - loginUrl string - createTime int64 -} - -func GetLoginData(loginsJson string) (l []Logins) { +func GetLoginData(loginsJson string) (l []loginData) { s, err := ioutil.ReadFile(loginsJson) if err != nil { log.Warn(err) @@ -536,12 +581,11 @@ func GetLoginData(loginsJson string) (l []Logins) { if h.Exists() { for _, v := range h.Array() { var ( - m Logins + m loginData u []byte p []byte ) - - m.loginUrl = v.Get("formSubmitURL").String() + m.LoginUrl = v.Get("formSubmitURL").String() u, err = base64.StdEncoding.DecodeString(v.Get("encryptedUsername").String()) m.encryptUser = u if err != nil { @@ -549,7 +593,7 @@ func GetLoginData(loginsJson string) (l []Logins) { } p, err = base64.StdEncoding.DecodeString(v.Get("encryptedPassword").String()) m.encryptPass = p - m.createTime = v.Get("timeCreated").Int() + m.CreateDate = utils.TimeStampFormat(v.Get("timeCreated").Int() / 1000) l = append(l, m) } } diff --git a/utils/utils.go b/utils/utils.go index 70730af..677aeec 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -42,6 +42,7 @@ const ( History = "History" Cookies = "Cookies" Bookmarks = "Bookmarks" + FirefoxCookie = "cookies.sqlite" ) func ListBrowser() []string { diff --git a/utils/utils_darwin.go b/utils/utils_darwin.go index a8a4c73..7db7a5b 100644 --- a/utils/utils_darwin.go +++ b/utils/utils_darwin.go @@ -115,3 +115,9 @@ func PKCS5UnPadding(src []byte) []byte { unpadding := int(src[length-1]) return src[:(length - unpadding)] } + +func PKCS7UnPadding(origData []byte)[]byte{ + length := len(origData) + unpadding := int(origData[length-1]) + return origData[:length-unpadding] +}