From 09300f7a8c89057153a57f7720395f65fddefc0a Mon Sep 17 00:00:00 2001 From: Euan Date: Wed, 22 Mar 2023 12:58:39 -0500 Subject: [PATCH] Adding support for Chromium browser Added appropriate paths to search for cookies/states/etc. --- README.md | 2 +- SharpChrome/Commands/Logins.cs | 2 +- SharpChrome/Domain/Info.cs | 2 +- SharpChrome/lib/Chrome.cs | 19 +++++++++++++++++-- 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 8be22a4..920edaa 100755 --- a/README.md +++ b/README.md @@ -166,7 +166,7 @@ SharpDPAPI is licensed under the BSD 3-Clause license. /target:FILE - triage a specific 'Cookies', 'Login Data', or 'Local State' file location /target:C:\Users\X\ - triage a specific user folder for any specified command /server:SERVER - triage a remote server, assuming admin access (note: must use with /pvk:KEY) - /browser:X - triage 'chrome' (the default) or (chromium-based) 'edge' + /browser:X - triage 'chrome' (the default) or (chromium-based) 'chromium', 'edge', 'brave' Output: /format:X - either 'csv' (default) or 'table' display diff --git a/SharpChrome/Commands/Logins.cs b/SharpChrome/Commands/Logins.cs index 6248344..75a3e32 100755 --- a/SharpChrome/Commands/Logins.cs +++ b/SharpChrome/Commands/Logins.cs @@ -18,7 +18,7 @@ public void Execute(Dictionary arguments) bool unprotect = false; // whether to force CryptUnprotectData() bool quiet = false; // don't display headers/logos/etc. (for csv/json output) string stateKey = ""; // decrypted AES statekey to use for cookie decryption - string browser = "chrome"; // alternate Chromiun browser to specify, currently supported: "chrome", "edge", "brave" + string browser = "chrome"; // alternate Chromiun browser to specify, currently supported: "chrome", "chromium", "edge", "brave" string target = ""; // target file/user folder to triage diff --git a/SharpChrome/Domain/Info.cs b/SharpChrome/Domain/Info.cs index 6d322a0..ca30fad 100755 --- a/SharpChrome/Domain/Info.cs +++ b/SharpChrome/Domain/Info.cs @@ -36,7 +36,7 @@ public static void ShowUsage() /target:FILE - triage a specific 'Cookies', 'Login Data', or 'Local State' file location /target:C:\Users\X\ - triage a specific user folder for any specified command /server:SERVER - triage a remote server, assuming admin access (note: must use with /pvk:KEY) - /browser:X - triage 'chrome' (the default) or (chromium-based) 'edge'/'brave' + /browser:X - triage 'chrome' (the default) or (chromium-based) 'chromium'/'edge'/'brave' Output: /format:X - either 'csv' (default) or 'table' display diff --git a/SharpChrome/lib/Chrome.cs b/SharpChrome/lib/Chrome.cs index f8f0347..aed2be6 100755 --- a/SharpChrome/lib/Chrome.cs +++ b/SharpChrome/lib/Chrome.cs @@ -117,6 +117,11 @@ public static void TriageChromeLogins(Dictionary MasterKeys, str loginDataPath = String.Format("{0}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", userDirectory); aesStateKeyPath = String.Format("{0}\\AppData\\Local\\Google\\Chrome\\User Data\\Local State", userDirectory); } + else if (browser.ToLower() == "chromium") + { + loginDataPath = String.Format("{0}\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", userDirectory); + aesStateKeyPath = String.Format("{0}\\AppData\\Local\\Chromium\\User Data\\Local State", userDirectory); + } else if (browser.ToLower() == "edge") { loginDataPath = String.Format("{0}\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", userDirectory); @@ -129,7 +134,7 @@ public static void TriageChromeLogins(Dictionary MasterKeys, str } else { - Console.WriteLine("[X] ERROR: only 'chrome', 'edge', and 'brave' are currently supported for browsers."); + Console.WriteLine("[X] ERROR: only 'chrome', 'chromium', 'edge', and 'brave' are currently supported for browsers."); return; } @@ -248,6 +253,15 @@ public static void TriageChromeCookies(Dictionary MasterKeys, st } aesStateKeyPath = String.Format("{0}\\AppData\\Local\\Google\\Chrome\\User Data\\Local State", userDirectory); } + else if (browser.ToLower() == "chromium") + { + cookiePath = String.Format("{0}\\AppData\\Local\\Chromium\\User Data\\Default\\Cookies", userDirectory); + if (!File.Exists(cookiePath)) + { + cookiePath = String.Format("{0}\\AppData\\Local\\Chromium\\User Data\\Default\\Network\\Cookies", userDirectory); + } + aesStateKeyPath = String.Format("{0}\\AppData\\Local\\Chromium\\User Data\\Local State", userDirectory); + } else if (browser.ToLower() == "edge") { cookiePath = String.Format("{0}\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Cookies", userDirectory); @@ -268,7 +282,7 @@ public static void TriageChromeCookies(Dictionary MasterKeys, st } else { - Console.WriteLine("[X] ERROR: only 'chrome', 'edge', and 'brave' are currently supported for browsers."); + Console.WriteLine("[X] ERROR: only 'chrome', 'chromium', 'edge', and 'brave' are currently supported for browsers."); return; } @@ -362,6 +376,7 @@ public static void TriageStateKeys(Dictionary MasterKeys, string string[] aesKeyPaths = new string[] { $"{userDirectory}\\AppData\\Local\\Google\\Chrome\\User Data\\Local State", + $"{userDirectory}\\AppData\\Local\\Chromium\\User Data\\Local State", $"{userDirectory}\\AppData\\Local\\Microsoft\\Edge\\User Data\\Local State", $"{userDirectory}\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Local State" };