SoranoStealer Alternatives

Similar projects and alternatives to SoranoStealer

dbsc

2 243 7.9 HTML SoranoStealer VS dbsc
Adamantium-Thief

1 726 0.0 C# SoranoStealer VS Adamantium-Thief

:key: Decrypt chromium based browsers passwords, cookies, credit cards, history, bookmarks, autofill. Version > 80 is supported.
InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
session-lock

1 13 3.7 JavaScript SoranoStealer VS session-lock

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better SoranoStealer alternative or higher similarity.

Suggest an alternative to SoranoStealer

SoranoStealer reviews and mentions

Posts with mentions or reviews of SoranoStealer. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-04-17.

Show HN: Device-Bound Session Tokens in JavaScript
3 projects | news.ycombinator.com | 17 Apr 2024

httponly cookies are meant to prevent attacks like XSS by preventing access to them from client-side JS. However, they can still be stolen by malware on the device (there's a whole class of them called "cookie stealers"). Generally, they search through the infected machine's filesystem and pull out any cookies they find, or at least cookies that the attacker would be interested in. No client-side JS is required for this, so the httponly attribute doesn't help. There have also some browser extension-based cookie stealers that may work along similar principles. Take a look at this old open source stealer to get a sense of how they work: https://github.com/Alexuiop1337/SoranoStealer/tree/master/So...
Session-Lock and Chrome's DBSC are designed to combat these cookie stealers specifically. The premise is that even if an attacker exfiltrates the token itself, it would not be able to be used because the server would reject it if it is not signed by the correct private key when the network request is made. This private key can (or should) only exist on the legitimate device, not the attacker's machine. There may or may not be ways to extract the private key as well, but in any event, it would be a much more complicated attack.
Russian Phishing campaign targets YouTube creators with cookie theft malware
2 projects | /r/u_ChaoticNeutralNephew | 21 Oct 2021

We have observed that actors use various types of malware based on personal preference, most of which are easily available on Github. Some commodity malware used included RedLine, Vidar, Predator The Thief, Nexus stealer, Azorult, Raccoon, Grand Stealer, Vikro Stealer, Masad (Google’s naming), and Kantal (Google’s naming) which shares code similarity with Vidar. Open source malware like Sorano and AdamantiumThief were also observed. Related hashes are listed in the Technical Details section, at the end of this report.