BrowserSnatch icon indicating copy to clipboard operation
BrowserSnatch copied to clipboard
Published 1 month ago verified publisher icon shaddy43

Not Working for latest version of chrome

Open malanalysis02 opened this issue 8 months ago • 8 comments

Version 135.0.7049.85 (Official Build) (64-bit)

malanalysis02 avatar Apr 15 '25 05:04 malanalysis02

Version 135.0.7049.85 (Official Build) (64-bit)

Skill Issue

mulwareX avatar Apr 17 '25 06:04 mulwareX

Might be that closed issue with not proper handling of multiple accounts, you need to compile it from source code to make it work tho it seems without logged in chrome acc it can extract only logins

nurs404 avatar Apr 17 '25 13:04 nurs404

@malanalysis02, BrowserSnatch latest code is already tested on this version for Google Chrome.

For extracting cookies use admin cmd with parameter: BrowserSnatch -app-bound-decryption

For extracting passwords use the parameter: BrowserSnatch -pass -c

The last release is a few commits behind the latest code, which handles few issues like snatching data from multiple profiles.

shaddy43 avatar Apr 17 '25 17:04 shaddy43

@malanalysis02, BrowserSnatch latest code is already tested on this version for Google Chrome.

For extracting cookies use admin cmd with parameter: BrowserSnatch -app-bound-decryption

For extracting passwords use the parameter: BrowserSnatch -pass -c

The last release is a few commits behind the latest code, which handles few issues like snatching data from multiple profiles.

If you fresh install new version of chrome and save password , it cannot extract those password , but if the chrome is updated instead of fresh install its still working

mulwareX avatar Apr 18 '25 06:04 mulwareX

@shaddy43 Reopen this issue, on a fresh install of chrome it cannot grab cookies or passwords using latest commit compiled from source

ziIIas avatar Apr 27 '25 01:04 ziIIas

For a fresh install of Chrome, the app bound decryption key is different from before. BrowserSnatch is retrieving already extracted key from previous copy. A quick fix is to delete the NTUSER.DAT file in public folder. I will update the code to only retrieve the last key or delete NTUSER.dat after each usage depending on my requirements.

For the logins, I will look into it.

shaddy43 avatar Apr 27 '25 07:04 shaddy43

Update: The reason why snatching logins from Latest Chrome is failing is because those passwords are also now being encrypted with the app-bound-encryption key. To snatch these logins, i will have to redesign the code while keeping backward compatibility with previous versions of chrome and other chromium browsers.

shaddy43 avatar May 04 '25 06:05 shaddy43

I can try to work on and get a working PR today to solve this while keeping backwards compatibility, as I'd like this fixed ASAP :)

ziIIas avatar May 05 '25 21:05 ziIIas

-app-bound-decryption not working

zjh4rdyl41 avatar Jul 12 '25 12:07 zjh4rdyl41

Google chrome passwords extraction resolved. Latest key extraction bug resolved.

shaddy43 avatar Nov 12 '25 23:11 shaddy43