Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cookies are not decryptable using the Master Key anymore. #70

Open
Onyz107 opened this issue Oct 26, 2024 · 1 comment
Open

Cookies are not decryptable using the Master Key anymore. #70

Onyz107 opened this issue Oct 26, 2024 · 1 comment

Comments

@Onyz107
Copy link

Onyz107 commented Oct 26, 2024

This is a bug that I found in all the stealers available on the market right now, after some debugging I found out that all the stealers extract the master key and then try to decrypt the cookies using the master key, but that seems to be patched.

For some reason when you try to decrypt the cookies using the Master Key now it now gives you a MAC error (which means that the key for decryption is incorrect).

Seems like chrome and chromium based browsers changed the way they encrypt their cookies.

For firefox though, firefox does not encrypt their cookies at all so they are stored in the database in plaintext ready to be extracted.

Password and history stealing still working though.

EDIT: check this and this for more information

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants
@Onyz107 and others