AutoCookie - Automatically loading stolen cookies from ChromePass
View Demo · Report Bug · Request Feature
Table of Contents
About The project
AutoCookie requires the data acquired using ChromePass or data in the same format.
It's a python-based console application that starts a browser with the following features:
- Automatically detects victims who have cookies on the website you're in.
- Automatically loads cookies for the chosen victim on that browser session.
Getting started
Dependencies and Requirements
This is a very simple application, which uses only:
- Python - Tested on python 3.6+
- Firefox - It requires Firefox to run. Instead of adding support for many browsers, having to deal with the problems of each one, it runs with Firefox, the most stable browser by far to run with selenium.
Installation
Autocookie can be used in any operating system but it requires the stolen cookies obtained from ChromePass or the same format.
Clone the repository:
git clone https://github.com/darkarp/autocookie
Install the dependencies:
cd autocookie
pip install -r requirements.txt
If any errors occur make sure you're running on the proper environment (if applcable) and that you have python 3.6+ If the errors persist, try:
python -m pip install --upgrade pip
python -m pip install -r requirements.txt
Usage
AutoCookie is very straightforward. Start by running:
> python autocookie.py
A browser window will show up. Here, you can navigate to any website you want.
On the terminal window you will be notified whether any victims were found to have cookies for that particular website.
All you have to do is either select the victim you'd like to load, or skip loading for that website.
If victims were found for a website and you change the url on the browser, you must skip the prompt on the terminal before it can recognize that the url has changed.
Notes
This is a very early release with just the basic functionality.
Refactorization
,non-interactive usage
, etc. will be added in the future.
The ChromePass data format
This format is a base directory called data
. Inside are folders named after the victim's ip_address
. Inside there are files named cookie0.json
, cookie1.json
.
An example:
The login
files are useless for the AutoCookie
, we're only interested in the cookie
files.
Inside the cookie
json files, the structure is as follows:
{
"domain_name_1": [{
"name": "COOKIE_NAME",
"value": "COOKIE_VALUE",
"domain": "domain_name"
}, {
"name": "COOKIE_NAME",
"value": "COOKIE_VALUE",
"domain": "domain_name"
}],
"domain_name_2": [{
"name": "COOKIE_NAME",
"value": "COOKIE_VALUE",
"domain": "domain_name"
}, {
"name": "COOKIE_NAME",
"value": "COOKIE_VALUE",
"domain": "domain_name"
}, {
"name": "COOKIE_NAME",
"value": "COOKIE_VALUE",
"domain": "domain_name"
}],
}
The
login
json files are not needed but the whole directory structure must be present.
Errors, Bugs and feature requests
If you find an error or a bug, please report it as an issue. If you wish to suggest a feature or an improvement please report it in the issue pages.
Please follow the templates shown when creating the issue.
Learn More
For access to a community full of aspiring computer security experts, ranging from the complete beginner to the seasoned veteran, join our Discord Server: WhiteHat Hacking
If you wish to contact me, you can do so via: [email protected]
Disclaimer
I am not responsible for what you do with the information and code provided. This is intended for professional or educational purposes only.