BrowseSpy - Code developed to steal certain browser config files (history, preferences, etc)

August 18, 2020
(366 views)

Be sure to change the FTP variables throughout the code, these variables contain the username, password, & IP address of the FTP server which receives the files.

This code will do the following:

  1. Copy itself into the %TMP% directory & name itself ursakta.exe
  2. Add a registry entry to execute itself each time the user logs in
  3. Verify which browser the user is using (Chrome, Firefox or Brave)
  4. Search for files within the Chrome, Firefox, or Brave browser directories
  5. Create a directory on our FTP server then send the files in the browser's directory to the FTP server

Cross Compiling with MingW on Linux

Install command with Apt:

  • sudo apt-get install mingw-w64

64-bit:

  • x86_64-w64-mingw32-gcc *input file* -o *output file* -lwininet -lversion

32-bit:

  • i686-w64-mingw32-gcc *input file* -o *output file* -lwininet -lversion

From the Victim's Perspective:

Registry entry:

File activity:

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.