Skip to content
/ spybrowse Public

Code developed to steal certain browser config files (history, preferences, etc)

Notifications You must be signed in to change notification settings

1d8/spybrowse

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 

Repository files navigation

BrowseSpy

Be sure to change the ftp variables throughout the code, these variables contain the username, password, & IP address of the FTP server which receives the files.

This code will do the following:

  1. Copy itself into the %TMP% directory & name itself ursakta.exe
  2. Add a registry entry to execute itself each time the user logs in
  3. Verify which browser the user is using (Chrome, Firefox or Brave)
  4. Search for files within the Chrome, Firefox, or Brave browser directories
  5. Create a directory on our FTP server then send the files in the browser's directory to the FTP server

Cross Compiling with MingW on Linux

Install command with Apt:

  • sudo apt-get install mingw-w64

64-bit:

  • x86_64-w64-mingw32-gcc *input file* -o *output file* -lwininet -lversion

32-bit:

  • i686-w64-mingw32-gcc *input file* -o *output file* -lwininet -lversion

From Victim's Perspective:

Registry entry:

File activity:

FTP connection:

Detection Rate:

This detection rate is after stripping the executable with strip --strip-all *filename.c*

About

Code developed to steal certain browser config files (history, preferences, etc)

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages