metasploit-framework icon indicating copy to clipboard operation
metasploit-framework copied to clipboard
verified publisher icon rapid7

Gathering browser passwords doesn't work under Windows 11

Open Xenorf opened this issue 1 month ago • 1 comments

Steps to reproduce

How'd you do it?

  1. Establish a meterpreter session.
  2. Use the newest gather module with: run post/windows/gather/enum_browsers.

The exploit doesn't fail and produces an output with the list of logins but without the passwords.

Were you following a specific guide/tutorial or reading documentation?

Not particularly.

Expected behavior

Produces a JSON with the list of logins and password remembered by the browsers.

Current behavior

Produces a JSON with the list of logins remembered by the browser but with null as the password value. I tested it for Edge and Chrome credentials.

Versions

Framework: 6.4.102-dev-0fd8f0984e10a135c000d1fb8797d76d62fb24f7 Console: 6.4.102-dev-0fd8f0984e10a135c000d1fb8797d76d62fb24f7

Victim OS: Windows 11 Pro 10.0.26100 Build 26100

Xenorf avatar Dec 08 '25 13:12 Xenorf

Should still work with Mozilla browsers and some Chromium-based one but not anymore with Chrome/Edge/Brave. They use ABE now. See: https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption

xaitax avatar Dec 16 '25 12:12 xaitax

Thank you for your input. Nice work!

Xenorf avatar Dec 19 '25 09:12 Xenorf