You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: documentation/modules/post/multi/gather/chrome_cookies.md
+2-9Lines changed: 2 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,7 @@ The module writes a random 10-15 character file containing HTML to a directory y
10
10
11
11
## Vulnerable Application
12
12
13
-
This technique works on Chrome 59 or later on all operating systems. Note that this module does not yet support Windows, only Linux and macOS.
13
+
This technique works on Chrome 59 or later on all operating systems. This module has been tested on Windows, Linux, and OSX. Windows shell sessions are currently not supported.
14
14
15
15
Chrome does not need to be running on the target machine for this module to work.
16
16
@@ -24,7 +24,6 @@ Chrome does not need to be running on the target machine for this module to work
24
24
25
25
## Options
26
26
27
-
28
27
**CHROME_BINARY_PATH**
29
28
30
29
The path to the user's Chrome binary. On Linux this defaults to searching for `google-chrome` in `$PATH`. On macOS, this defaults to `/Applications/Google Chrome.app/Contents/MacOS/Google Chrome'`. If the module doesn't find any cookies, it may be that a different Chrome binary to the one the user normally uses is being run. In that case, you can change the Chrome binary executed with this option.
@@ -33,7 +32,7 @@ Chrome does not need to be running on the target machine for this module to work
33
32
34
33
Directory used to write temporary files.
35
34
36
-
Only one file is written, with a random 10-15 character alphanumeric filename. This file is html to be read by Chrome, and is deleted after use.
35
+
Two files are written, with random 10-15 character alphanumeric filenames. One file contains an html file for Chrome and the other is where the cookies are saved. Both files are deleted during cleanup.
37
36
38
37
**REMOTE_DEBUGGING_PORT**
39
38
@@ -69,18 +68,12 @@ msf post(multi/gather/chrome_cookies) > run
69
68
[*] Post module execution completed
70
69
```
71
70
72
-
73
71
## Future features
74
72
75
-
### Windows support
76
-
This technique works on Windows as well, this module just doesn't implement the Windows-specific functionality.
77
-
78
73
### Profiles
79
74
This module only extracts cookies from the default Chrome profile. The target may have multiple, and you may which to extract cookies from all of them. This would require enumerating and extracting the profiles by name. Example code to extract cookies from a non-default Chrome profile can be found at https://github.com/defaultnamehere/cookie_crimes.
80
75
81
76
## See also
82
77
See https://github.com/defaultnamehere/cookie_crimes for more information and manual instructions for Windows.
83
78
84
79
See https://mango.pdf.zone/stealing-chrome-cookies-without-a-password for the blog post in which this technique was first published.
0 commit comments