AutoCookie - Automatically loading stolen cookies from ChromePass

View Demo · Report Bug · Request Feature

Table of Contents

• About the Project
• Getting started
  • Prerequisites
  • Installation
• Usage
• Errors, Bugs and Feature Requests
• Learn More
• License

About The project

AutoCookie requires the data acquired using ChromePass or data in the same format.

It's a python-based console application that starts a browser with the following features:

• Automatically detects victims who have cookies on the website you're in.
• Automatically loads cookies for the chosen victim on that browser session.

Getting started

Dependencies and Requirements

This is a very simple application, which uses only:

• Python - Tested on python 3.6+
• Firefox - It requires Firefox to run. Instead of adding support for many browsers, having to deal with the problems of each one, it runs with Firefox, the most stable browser by far to run with selenium.

Installation

Autocookie can be used in any operating system but it requires the stolen cookies obtained from ChromePass or the same format.

Clone the repository:

git clone https://github.com/darkarp/autocookie

Install the dependencies:

cd autocookie
pip install -r requirements.txt

If any errors occur make sure you're running on the proper environment (if applcable) and that you have python 3.6+ If the errors persist, try:

python -m pip install --upgrade pip
python -m pip install -r requirements.txt

Usage

AutoCookie is very straightforward. Start by running:

> python autocookie.py

A browser window will show up. Here, you can navigate to any website you want.

On the terminal window you will be notified whether any victims were found to have cookies for that particular website.

All you have to do is either select the victim you'd like to load, or skip loading for that website.

If victims were found for a website and you change the url on the browser, you must skip the prompt on the terminal before it can recognize that the url has changed.

Notes

This is a very early release with just the basic functionality.
Refactorization, non-interactive usage, etc. will be added in the future.

The ChromePass data format

This format is a base directory called data. Inside are folders named after the victim's ip_address. Inside there are files named cookie0.json, cookie1.json.
An example:

The login files are useless for the AutoCookie, we're only interested in the cookie files.
Inside the cookie json files, the structure is as follows:

{
  "domain_name_1": [{
        "name": "COOKIE_NAME",
        "value": "COOKIE_VALUE",
        "domain": "domain_name"
    }, {
        "name": "COOKIE_NAME",
        "value": "COOKIE_VALUE",
        "domain": "domain_name"
    }],
    "domain_name_2": [{
        "name": "COOKIE_NAME",
        "value": "COOKIE_VALUE",
        "domain": "domain_name"
    }, {
        "name": "COOKIE_NAME",
        "value": "COOKIE_VALUE",
        "domain": "domain_name"
    }, {
        "name": "COOKIE_NAME",
        "value": "COOKIE_VALUE",
        "domain": "domain_name"
    }],
}

The login json files are not needed but the whole directory structure must be present.

Errors, Bugs and feature requests

If you find an error or a bug, please report it as an issue. If you wish to suggest a feature or an improvement please report it in the issue pages.

Please follow the templates shown when creating the issue.

Learn More

For access to a community full of aspiring computer security experts, ranging from the complete beginner to the seasoned veteran, join our Discord Server: WhiteHat Hacking

If you wish to contact me, you can do so via: [email protected]

Disclaimer

I am not responsible for what you do with the information and code provided. This is intended for professional or educational purposes only.

License

MIT