TAuth icon indicating copy to clipboard operation
TAuth copied to clipboard
Published 2 weeks ago verified publisher icon SystemVll

Cookie stealing is not working anymore because Google changed their way of encrypting Cookies.

Open Onyz107 opened this issue 1 year ago • 1 comments

This is a bug that I found in all the stealers available on the market right now, after some debugging I found out that all the stealers extract the master key and then try to decrypt the cookies using the master key, but that seems to be patched.

when you try to decrypt the cookies using the Master Key now it now gives you a MAC error (which means that the key for decryption is incorrect).

Seems like chrome and chromium based browsers changed the way they encrypt their cookies.

For firefox though, firefox does not encrypt their cookies at all so they are stored in the database in plaintext ready to be extracted.

Password stealing still working though but Google are planning to add these new changes for password databases and payment databases as well.

check this and this for more information

Onyz107 avatar Oct 26 '24 15:10 Onyz107