This topic contains 1 reply, has 2 voices, and was last updated by ferrybig 1 month ago.
- April 11, 2021 at 1:03 am #382082
Hi, I recently knew that lot of youtubers got (and are getting) hacked by a malware in a .scr format that clones your chrome session id, then the hacker replace his chrome session id with the id he took and he can access the entire chrome session and google account of the victim without typing any password.
How is that possible? How can i get the chrome id session from a Java code?
- April 11, 2021 at 1:03 am #382083
An `.scr` file is a screensaver executable for the Windows operation system. This is just like any other ordinary executable, it only has a different extension so Windows knows it should show some extra options in the right click menu.
What can an executable do? An executable file can do many harmful things, it can basically do the same things as other applications do.
This harmful executable copies probably copies the file `C:UsersYour User NameAppDataLocalGoogleChromeUser DataDefaultCookies` This file contains all the cookies chrome has in a common .sqlite format, and can be read with any common sqlite library.
Just reading the cookie file isn’t enough on Windows, you get an encrypted value back. You need to call methods of the [Windows Data Protection API (DPAPI)](https://stackoverflow.com/q/22532870/1542723) in order to get the values. The malware does this to get the session id of Youtube
- April 11, 2021 at 1:03 am #382084
There you go
You must be logged in to reply to this topic.