Facebook Session cookies

[oXis]

Hi,

 

Based on the powershell script written to extract creds from Google Chrome, I made a script to read the SQLite database where the cookies are stored and extract Facebook session cookies. It uses no library, like in the ChromeCreds payload, I use regex to search for the cookies. I haven't written any payload, and I also want to do the same with Firefox.

http://pastebin.com/25Z8peMb

 

Enjoy

[oXis]

Ok, I wrote the payload (mainly using illwill code base) and also support for Firefox cookies.

https://github.com/oXis/WindowsCookies

What do you you think?

[illwill]

Violation of CoC

[oXis]

I had the same problem. Your solution seems fine

I rewrote the password grabber for firefox because the powershell script is detected by kaspersky. Instead of grabbing the password and decrypt it using powershell, I copy key3, cert8, and logins in the loot folder and use a python script to decrypt the password within the BB.

[illwill]

Violation of CoC

[oXis]

Payload updated!

Now without any connexion to the Internet. A python script will pop a HTTP server, powershell will use this http server to download the payload and then upload the results to it.

Check it out here -> https://github.com/oXis/bashbunny-payloads/tree/master/payloads/library/WindowsCookies

 

But, I've come across some bugs in Windows 7, powershell regex groups are not working....

[coplamhacker]

i have downloaded your script. how to run them ? run powershell file or python file ?

 

[oXis]

`get_facebook_cookies.ps1` is a Powershell script that creates two functions ( Get-FacebookCreds-Firefox  and Get-FacebookCreds-Chrome). If you import this script inside one of yours, or if you import this script inside a Powershell shell you can then use those functions.

[coplamhacker]

ok ty. newbie to hacker world

 

[oXis]

. C:\YOURPATH\get_facebook_cookies.ps1

To import the code. Windows might warn you that the code is not signed or something like that.