View Demo
·
Report Bug
·
Request Feature
AutoCookie requires the data acquired using ChromePass or data in the same format.
It's a python-based console application that starts a browser with the following features:
- Automatically detects victims who have cookies on the website you're in.
- Automatically loads cookies for the chosen victim on that browser session.
This is a very simple application, which uses only:
- Python - Tested on python 3.6+
- Firefox - It requires Firefox to run. Instead of adding support for many browsers, having to deal with the problems of each one, it runs with Firefox, the most stable browser by far to run with selenium.
Autocookie can be used in any operating system but it requires the stolen cookies obtained from ChromePass or the same format.
Clone the repository:
git clone https://github.com/darkarp/autocookieInstall the dependencies:
cd autocookie
pip install -r requirements.txtIf any errors occur make sure you're running on the proper environment (if applcable) and that you have python 3.6+ If the errors persist, try:
python -m pip install --upgrade pip
python -m pip install -r requirements.txtAutoCookie is very straightforward. Start by running:
> python autocookie.pyA browser window will show up. Here, you can navigate to any website you want.
On the terminal window you will be notified whether any victims were found to have cookies for that particular website.
All you have to do is either select the victim you'd like to load, or skip loading for that website.
If victims were found for a website and you change the url on the browser, you must skip the prompt on the terminal before it can recognize that the url has changed.
This is a very early release with just the basic functionality.
Refactorization,non-interactive usage, etc. will be added in the future.
This format is a base directory called data. Inside are folders named after the victim's ip_address. Inside there are files named cookie0.json, cookie1.json.
An example:
The login files are useless for the AutoCookie, we're only interested in the cookie files.
Inside the cookie json files, the structure is as follows:
{
"domain_name_1": [{
"name": "COOKIE_NAME",
"value": "COOKIE_VALUE",
"domain": "domain_name"
}, {
"name": "COOKIE_NAME",
"value": "COOKIE_VALUE",
"domain": "domain_name"
}],
"domain_name_2": [{
"name": "COOKIE_NAME",
"value": "COOKIE_VALUE",
"domain": "domain_name"
}, {
"name": "COOKIE_NAME",
"value": "COOKIE_VALUE",
"domain": "domain_name"
}, {
"name": "COOKIE_NAME",
"value": "COOKIE_VALUE",
"domain": "domain_name"
}],
}The
loginjson files are not needed but the whole directory structure must be present.
If you find an error or a bug, please report it as an issue. If you wish to suggest a feature or an improvement please report it in the issue pages.
Please follow the templates shown when creating the issue.
For access to a community full of aspiring computer security experts, ranging from the complete beginner to the seasoned veteran, join our Discord Server: WhiteHat Hacking
If you wish to contact me, you can do so via: mario@whitehathacking.tech
I am not responsible for what you do with the information and code provided. This is intended for professional or educational purposes only.
