SharpChromium : .NET 4.0 CLR Project To Retrieve Chromium Data, Such As Cookies, History & Saved Logins

SharpChromium is a .NET 4.0+ CLR project to retrieve data from Google Chrome, Microsoft Edge, and Microsoft Edge Beta. Currently, it can extract:

  • Cookies (in JSON format)
  • History (with associated cookies for each history item)
  • Saved Logins

Note: All cookies returned are in JSON format. If you have the extension Cookie Editor installed, you can simply copy and paste into the “Import” section of this browser addon to ride the extracted session.

Advantages

This rewrite has several advantages to previous implementations, which include:

  • No Type compilation or reflection required
  • Cookies are displayed in JSON format, for easy importing into Cookie Editor.
  • No downloading SQLite assemblies from remote resources.
  • Supports major Chromium browsers (but extendable to others)

Usage

Usage:
.\SharpChromium.exe arg0 [arg1 arg2 …]

Arguments:
all – Retrieve all Chromium Cookies, History and Logins.
full – The same as ‘all’
logins – Retrieve all saved credentials that have non-empty passwords.
history – Retrieve user’s history with a count of each time the URL was
visited, along with cookies matching those items.
cookies [domain1.com domain2.com] – Retrieve the user’s cookies in JSON format.
If domains are passed, then return only
cookies matching those domains. Otherwise,
all cookies are saved into a temp file of
the format “”%TEMP%\$browser-cookies.json””

Examples

Retrieve cookies associated with Google Docs and Github

.\SharpChromium.exe cookies docs.google.com github.com

Retrieve history items and their associated cookies.

.\SharpChromium.exe history

Retrieve saved logins (Note: Only displays those with non-empty passwords):

.\SharpChromium.exe logins

Notes on the SQLite Parser

The SQLite database parser is slightly bugged. This is due to the fact that the parser correctly detects data blobs as type System.Byte[], but it does not correctly detect columns of type System.Byte[].

As a result, the byte arrays get cast to the string literal “System.Byte[]”, which is wrong. I haven’t gotten to the root of this cause, but as a quick and dirty workaround I have encoded all blob values as Base64 strings.

Thus if you wish to retrieve a value from a column whose regular data values would be a byte array, you’ll need to Base64 decode them first.

Download
R K

Share
Published by
R K
Tags: .NET 4.0ChromiumCLRCookiesHistoryLoginsSharpChromium
4 years ago

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago