/BrowserSnatch

This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer

Primary LanguageCMIT LicenseMIT

BrowserSnatch


A Versatile Browser Data Extraction Tool

BrowserSnatch is a powerful and versatile tool designed to "snatch" sensitive data from a variety of web browsers. This tool targets both Chromium-based browsers (such as Edge, Chrome, Opera, etc.) and Gecko-based browsers (such as Firefox, Thunderbird, etc.) overall including more than 40 browsers, making it a comprehensive solution for browser data extraction.


💌 Support Me

Button

🚀 Capabilities

  • Snatch Saved Passwords: Effortlessly retrieve stored passwords from all major Chromium and Gecko-based browsers

  • Snatch Cookies: Extract cookies from user profiles across multiple browsers

  • Snatch Bookmarks: Snatch all saved bookmarks from every browser

  • Snatch History: Now supports snatching of history across all browsers

  • Upcoming Features: Future versions will also support:

      - Obfuscated strings
      - Obfuscated API calls
    

Note: This version does not include any defense evasion technique.


✨ Whats NEW?

  • Chrome App-Bound Encryption Bypass: Latest App-Bound Encryption bypassed for chrome
  • Easy to Use: No complicated setup or configuration required
  • Zero External Dependencies: Completely written in C and C++, with little to no need for additional libraries
  • Cross-Browser Support: Handles both Chromium and Gecko-based browsers with ease
  • History & Bookmarks: Now supports snatching of history and bookmarks across all browsers
  • Greed Mode: Greed mode included which snatches everything in a single stealer db
  • Future-Proof: Continuous updates with more capabilities and advanced evasion techniques

⚠️ Disclaimer

BrowserSnatch is a tool designed for legal, ethical penetration testing and educational purposes only. The author is NOT responsible for any misuse or illegal activities performed using this tool. Always ensure you have proper authorization before testing any system or network.


📜 Code of Conduct

By using BrowserSnatch, you agree to:

  • Use this tool in compliance with all local, state, and federal laws
  • Obtain proper authorization before testing any system or network
  • Respect privacy and confidentiality when handling data

🛠️ Build

  • Clone the repository
  • Open in Visual Studio
  • ISO C++17 Standard (/std:c++17) or higher
  • Import the resource in project (resource file in Chrome_key_retriever_shellcode/extract_key.bin) //Resource error might come because of static resource paths. Replace my username with your own username in resource .rc file!!!
  • Compile

NOTE: Decrypted cookies using app-bound encryption key are saved as BLOB in stealer DB. The first 32 bytes of BLOB are uncertain, but next are decrypted cookies and can be seen if BLOB is converted to simple ascii or viewed in DB browser for sqlite (https://sqlitebrowser.org).


🛠️ Usage

To run BrowserSnatch, simply execute the binary from the command line. The tool will operate in default mode if no parameter is provided.

Default Mode

  • No Parameter Provided: Executes with default settings and attempts to snatch all saved passwords and cookies

CommandLine Mode

  • Parameter: -h: Displays a help menu detailing all available options.

    Password Snatching

    • Parameter: -pass: Snatch passwords from every browser.
    • Parameter: -pass -c: Snatch passwords from Chromium-based browsers only.
    • Parameter: -pass -g: Snatch passwords from Gecko-based browsers only.

    Cookie Snatching

    • Parameter: -cookies: Snatch cookies from every browser.
    • Parameter: -cookies -c: Snatch cookies from Chromium-based browsers only.
    • Parameter: -cookies -g: Snatch cookies from Gecko-based browsers only.
    • Parameter: -cookies -chrome_app_bound: Snatch cookies from latest chrome app bound encryption only.

    Bookmarks Snatching

    • Parameter: -bookmarks: Snatch bookmarks from every browser.
    • Parameter: -bookmarks -c: Snatch bookmarks from Chromium-based browsers only.
    • Parameter: -bookmarks -g: Snatch bookmarks from Gecko-based browsers only.

    History Snatching

    • Parameter: -history: Snatch history from every browser.
    • Parameter: -history -c: Snatch history from Chromium-based browsers only.
    • Parameter: -history -g: Snatch history from Gecko-based browsers only.

    Greed Mode

    • Parameter: -greed: Snatch everything from every browser and save in a single stealer database.

Help Menu

Console Mode

  • Parameter: -console-mode: Displays a user-friendly console.

Help Menu

📝 Example

  • Run the following command to start BrowserSnatch in default mode:
./BrowserSnatch
  • To see the user-friendly console interface, use:
./BrowserSnatch -console-mode
  • To see help menu, use:
./BrowserSnatch -h
  • To Snatch all browser passwords, use:
./BrowserSnatch -pass
  • To Snatch chromium browser passwords, use:
./BrowserSnatch -pass -c
  • To Snatch gecko browser passwords, use:
./BrowserSnatch -pass -g
  • To Snatch all browser cookies, use:
./BrowserSnatch -cookies
  • To Snatch chromium browser cookies, use:
./BrowserSnatch -cookies -c
  • To Snatch gecko browser cookies, use:
./BrowserSnatch -cookies -g
  • To Snatch chrome app-bound encrypted browser cookies, use:
./BrowserSnatch -cookies -chrome_app_bound
  • To Snatch all browser bookmarks, use:
./BrowserSnatch -bookmarks
  • To Snatch chromium browser bookmarks, use:
./BrowserSnatch -bookmarks -c
  • To Snatch gecko browser bookmarks, use:
./BrowserSnatch -bookmarks -g
  • To Snatch all browser history, use:
./BrowserSnatch -history
  • To Snatch chromium browser history, use:
./BrowserSnatch -history -c
  • To Snatch gecko browser history, use:
./BrowserSnatch -history -g
  • To Snatch Everything from Every Browser, use Greed mode:
./BrowserSnatch -greed

DEMO

Following GIF demonstrates the working of BrowserSnatch and how its stealer log can be accessed.

Demo


Supported Browser Snatch:

Browser Name Passwords Cookies Bookmarks History
1 Chrome
2 Microsoft Edge
3 Chromium
4 Brave - Browser
5 Epic Privacy Browser
6 Amigo
7 Vivaldi
8 Orbitum
9 SeaMonkey
10 Kometa
11 Comodo Dragon
12 Torch
13 Icecat
14 Postbox
15 Flock Browser
16 K - Melon
17 Sputnik
18 CocCoc Browser
19 Uran
20 Yandex
21 Firefox
22 Waterfox
23 Cyberfox
24 Thunderbird
25 IceDragon
26 BlackHawk
27 Pale Moon
28 Opera
29 Iridium
30 CentBrowser
31 Chedot
32 liebao
33 7Star
34 ChromePlus
35 Citrio
36 360Chrome - Chrome
37 Elements Browser
38 Sleipnir5
39 ChromiumViewer
40 QIP Surf
41 Coowon

🔄 Future Updates

  • String obfuscation: Currently under development
  • API call obfuscation: Dynamic api resolution
  • Defense Evasion Techniques: Advance defense evasion techniques

Stay tuned for future releases!


📧 Contact

For any inquiries or contributions, feel free to reach out to the author or contribute directly via GitHub Issues.


🙏 Acknowledgments

  • Took help from the Project by SaulBerrenson called BrowserStealer.
  • Took help with chrome key & password decryption from 0x00sec.
  • Took help for Retrieving App-Bound encryption key from snovvcrash.