Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookie stealing is not working anymore because Google changed their way of encrypting Cookies. #95

Open
Onyz107 opened this issue Oct 26, 2024 · 0 comments
Open

Cookie stealing is not working anymore because Google changed their way of encrypting Cookies. #95

Onyz107 opened this issue Oct 26, 2024 · 0 comments

Comments

@Onyz107
Copy link

Onyz107 commented Oct 26, 2024

This is a bug that I found in all the stealers available on the market right now, after some debugging I found out that all the stealers extract the master key and then try to decrypt the cookies using the master key, but that seems to be patched.

when you try to decrypt the cookies using the Master Key now it now gives you a MAC error (which means that the key for decryption is incorrect).

Seems like chrome and chromium based browsers changed the way they encrypt their cookies.

For firefox though, firefox does not encrypt their cookies at all so they are stored in the database in plaintext ready to be extracted.

Password stealing still working though but Google are planning to add these new changes for password databases and payment databases as well.

check this and this for more information
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Onyz107