/go-stealer

Cookie & Logins stealer for Firefox + Chrome, demonstration only

Primary LanguageGo

Golang Credential Stealer

Demonstration of gaining access into cookies & login credentials. Currently only supports firefox & chrome, planning to support edge but i have no interest in any other browser since the main purpose of this repo is just as demonstration.

Special thanks to @lclevy for their implementation of credential decrypting, all algorithms I use for decrypting firefox login credentials are just replica of Firepwd. I just rewrite it completely in go.

Please note that any illegal action related to this program is highly discouraged, it is user's resposibility for anything done with this distribution and has nothing to do with me.

Currently only windows is supported, and older version of firefox / chrome might be incompatible (this is intentional since most people don't use older browser anyway).

Building

Install go compiler, > 1.18 if possible, but any version above 1.0 seems fine.

> go version
go version go1.18 windows/amd64

Clone this repository.

git clone https://github.com/idfp/go-stealer

Install required dependencies, then build it or just run as it is.

go build .

Usage

go-stealer.exe [Options]
or
go run . [Options]

There's no need to pass profile directory, the program will find it by its own.

Options

--browser               Targeted browser, by default the value is "firefox".
-b                      Shorthand for --browser.

--check-credentials     Check login credentials, by default this is turned off.
-c                      Shorthand for --check-credentials.

--dump-all              Dump all cookies instead of just a specific host, --output is required for this.
-a                      Shorthand for --dump-all

--output                JSON File to save all logged credentials.
-o                      You guessed it.

--web                   Specific host to look for when doing cookies logging.
-w                      Yes

Example Usage

This is how the result will looks like, of course the private data is censored.

> go-stealer.exe -a -c -o result.json
Opening SQL File
accounts.google.com @ SMSV : [REDACTED]
.developers.google.com @ _ga : [REDACTED]
accounts.google.com @ ACCOUNT_CHOOSER : [REDACTED]
.google.com @ ANID : [REDACTED]
.fonts.google.com @ _ga : [REDACTED]

...

Site: https://id.heroku.com 
Username: ri******@gmail.com
Password: ******

Site: https://discord.com 
Username: ri******@gmail.com
Password: ******

Saving all result to result.json

Mitigation

To prevent yourself from being a victim of this attack, here's some tips for you:

  1. Prevent initial access to your device, this includes but not limited to: executing random exe file, opening suspicious office documents, or visiting random websites.
  2. Activate 2FA whenever it's possible.
  3. Use firefox master password, this will prevent credential stealing in firefox. Tt is bruteforcable so make the password carefully, well they still will be able to steal your cookies and chrome credentials anyway. master password
  4. Do not save any login credential on your browser, just either remember it or use local password manager.