BrowserSnatch icon indicating copy to clipboard operation
BrowserSnatch copied to clipboard
Published 1 month ago verified publisher icon shaddy43

Can’t extract Edge cookies!

Open nurs404 opened this issue 9 months ago • 5 comments

Whatever I use V2.2 or compile newest version, using with -cookies or -app-bound-decryption nothing works

When using BrowserSnatch.exe -app-bound-decryption

C:\Users{user}\Desktop>main.exe -app-bound-decryption Target App-Bound-Encrypted Cookies… BrowserSnatch executed with {app_bound_decryption mode}: failed DB PATH: C:\Users{user}\AppData\Local\Temp\JI0plA

And there is no file that it says it produced!

nurs404 avatar Apr 13 '25 08:04 nurs404

The problem with extraction of Edge's App bound encryption key is very weird. If any other browser is installed along with edge then it results in crashing whenever I request for App Bound key even though I use Edge's CLSID.

You can see the issue in following thread: https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption/issues/10#issuecomment-2684724872

Also I noticed a very strange behavior from Edge. When I used Brave-Browser's CLSID to extract Edge's App bound key it worked. It is a very unusual and I don't have an answer for it.

shaddy43 avatar Apr 14 '25 12:04 shaddy43

If you have any other browser installed, you can try to extract Edge's keys by using that browser's CLSIDs. For instance, if you have Brave-Browser installed, then go to AppBoundDecryptor.h https://github.com/shaddy43/BrowserSnatch/blob/master/BrowserSnatch/includes/AppBoundDecryptor.h

and replace the CLSID CLSID_Elevator_Edge, IID IID_IElevator_Edge with Brave-Browsers CLSIDs as I had already included that in the code and commented it out. Just replace it, recompile and retry. It works for me and I have no idea why!

shaddy43 avatar Apr 14 '25 12:04 shaddy43

CLSIDs for edge can be extracted using OLE VIEW TOOL as shown in the provided thread:

https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption/issues/10#issuecomment-2684724872

However, for some reason it sometimes doesn't work.

shaddy43 avatar May 05 '25 18:05 shaddy43

A complete write-up is published for understanding the reason behind this issue:

https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption/blob/main/The_Curious_Case_of_the_Cantankerous_COM_Decrypting_Microsoft_Edge_ABE.md

shaddy43 avatar May 13 '25 07:05 shaddy43

Solved https://github.com/shaddy43/BrowserSnatch/commit/58868684cf7db395c4493e06c2e0820d0565d965

shaddy43 avatar Nov 22 '25 08:11 shaddy43