Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add password extraction to browser plugins #541

Merged
merged 25 commits into from
Apr 17, 2024
Merged

Add password extraction to browser plugins #541

merged 25 commits into from
Apr 17, 2024

Conversation

JSCU-CNI
Copy link
Contributor

@JSCU-CNI JSCU-CNI commented Feb 16, 2024
edited
Loading

This PR adds support for extracting saved passwords and decrypting cookie values from Chromium-based browsers and Firefox on both Windows and Linux targets.

This PR also adds support for decrypting DPAPI user secrets as the current DPAPI implementation only accounts for system secrets.

@Schamper Schamper self-requested a review February 16, 2024 13:54
Schamper
Schamper requested changes Feb 29, 2024
View reviewed changes
Schamper
Schamper requested changes Mar 4, 2024
View reviewed changes
@Schamper Schamper mentioned this pull request Mar 14, 2024
Merged
Schamper
Schamper requested changes Mar 18, 2024
View reviewed changes
Schamper
Schamper requested changes Mar 19, 2024
View reviewed changes
@JSCU-CNI
Copy link
Contributor Author

Implemented your feedback in d694c9b.

Schamper
Schamper requested changes Mar 20, 2024
View reviewed changes
@JSCU-CNI JSCU-CNI requested a review from Schamper April 8, 2024 10:40
@Schamper
Copy link
Member

Schamper commented Apr 9, 2024

I've committed some small changes with 4834771. Mostly type hint, but also the option to decrypt an DPAPI secret of a specific user. Lmk if this still works as expected.

@codecov-commenter
Copy link

codecov-commenter commented Apr 9, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 71.59091% with 125 lines in your changes are missing coverage. Please review.

Project coverage is 75.02%. Comparing base (fe66118) to head (b88a6e3).

Files Patch % Lines
dissect/target/plugins/apps/browser/firefox.py 69.89% 59 Missing ⚠️
dissect/target/plugins/apps/browser/chromium.py 73.91% 30 Missing ⚠️
dissect/target/plugins/os/windows/dpapi/dpapi.py 75.00% 11 Missing ⚠️
dissect/target/plugins/os/windows/dpapi/crypto.py 44.44% 5 Missing ⚠️
dissect/target/plugins/apps/ssh/putty.py 50.00% 4 Missing ⚠️
...issect/target/plugins/os/unix/linux/fortios/_os.py 33.33% 4 Missing ⚠️
...sect/target/plugins/os/windows/dpapi/master_key.py 73.33% 4 Missing ⚠️
dissect/target/plugins/os/windows/catroot.py 62.50% 3 Missing ⚠️
dissect/target/plugins/os/windows/sam.py 57.14% 3 Missing ⚠️
dissect/target/loaders/itunes.py 33.33% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #541      +/-   ##
==========================================
+ Coverage   74.99%   75.02%   +0.02%     
==========================================
  Files         288      288              
  Lines       24192    24588     +396     
==========================================
+ Hits        18143    18447     +304     
- Misses       6049     6141      +92
Flag Coverage Δ
unittests 75.02% <71.59%> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Schamper
Copy link
Member

Can you rebase on main? Unfortunately due to a bug in GitHub I can't fix LFS issues on PR branches. Protip, man git-lfs-migrate.

@JSCU-CNI
Copy link
Contributor Author

Could you open a PR on our fork to fix this perhaps @Schamper?

Schamper and others added 3 commits April 10, 2024 22:04
@Schamper
Small change suggestions
509dbbc
@Schamper @JSCU-CNI
Update dissect/target/plugins/os/windows/dpapi/dpapi.py
b782e52 
Co-authored-by: Computer Network Investigation <121175071+JSCU-CNI@users.noreply.github.com>
@Schamper @JSCU-CNI
Update dissect/target/plugins/os/windows/dpapi/dpapi.py
42fe5b5 
Co-authored-by: Computer Network Investigation <121175071+JSCU-CNI@users.noreply.github.com>
@Schamper Schamper force-pushed the feature/add-browser-password-funcs branch from 6443a11 to 42fe5b5 Compare April 10, 2024 20:12
@Schamper
Copy link
Member

Could you open a PR on our fork to fix this perhaps @Schamper?

Fixed it I think.

@JSCU-CNI
Copy link
Contributor Author

Fixed it I think.

Thanks!

Schamper
Schamper requested changes Apr 11, 2024
View reviewed changes
@JSCU-CNI JSCU-CNI requested a review from Schamper April 15, 2024 09:15
@Schamper Schamper merged commit bf82f59 into fox-it:main Apr 17, 2024
16 checks passed
@JSCU-CNI JSCU-CNI deleted the feature/add-browser-password-funcs branch April 18, 2024 08:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Schamper Schamper Schamper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@JSCU-CNI @Schamper @codecov-commenter