Releases: moonD4rk/HackBrowserData
v1.0.0 — Architecture Rewrite, Safari, and Chrome ABE
After 2+ years and 80+ commits since v0.4.6, HackBrowserData reaches 1.0. This release is a near-complete rewrite plus three major capability additions: Chrome App-Bound Encryption on Windows, Safari support and Firefox 144+.
Highlights
A new architecture
The browser, crypto, filemanager, and output layers were rebuilt from scratch. The CLI moved to Cobra with proper subcommands (extract, list, ...), the logging system was redesigned for CLI use, and a shared keychain retriever now prompts only once across all browsers and profiles.
Chrome App-Bound Encryption (Windows)
Chrome 127+ introduced ABE (cookie v20), which broke every browser-data tool in late 2024. v1.0.0 ships a first-party C payload reflectively injected into chrome.exe to retrieve the ABE master key — no third-party loaders, no vendored code. Edge, Brave, Vivaldi, Opera, CocCoc, Yandex, 360, QQ, Sogou are all covered through the same path.
Safari, end-to-end (macOS)
First-class Safari support: history, cookies (BinaryCookies), passwords (via Keychain), bookmarks & downloads (plist), localStorage, installed extensions, and multi-profile.
Firefox 144+
Firefox switched its profile master-key cipher to AES-256-CBC in 144; v1.0.0 adds full support, including the new padding/key-derivation paths.
Other notable additions
- Yandex password & credit-card decryption
- MSIX/UWP browsers on Windows (Arc, DuckDuckGo)
list --detailno longer triggers decryption (much faster on big profiles)- Chrome 130+ cookie
host_keyprefix handled correctly - Linux v11 cipher prefix supported for Chromium decryption
Compatibility & build
- Go 1.20 minimum (Windows 7 still supported)
- Windows ABE payload is now built and shipped automatically by goreleaser
Thanks
- @slimwang — Chrome App-Bound Encryption (#573) and Firefox 144+ decryption (#498)
- @Aquilao — Firefox 144+ follow-up (#499)
Full Changelog: v0.4.6...v1.0.0
Contributors
Assets 11
hack-browser-data-v0.4.6
What's Changed
- dev: refactor items and update repo deploy by @moonD4rk in #278
- feat: refactor logger to standard library by @moonD4rk in #280
- dev: Remove CGO go-sqlite3 with pure go driver by @moonD4rk in #292
- dev: Optimize encryption and decryption module by @moonD4rk in #305
- refactor: refactor the logic for obtaining browser data. by @moonD4rk in #321
- fix: skip chromium snapshot dir to find right password database by @moonD4rk in #353
- fix: Improve error handling if walk browser profile dir by @moonD4rk in #354
- chore: Optimize GitHub actions and dependencies updates by @moonD4rk in #362
Full Changelog: v0.4.5...v0.4.6
Contributors
Assets 11
hack-browser-data-v0.4.5
What's Changed
🚀 Features
- feat: add sogou and dc browser by @BeichenDream in #180
- feat: format project layout by @moonD4rk in #199
- feat: add full-export browsing data option by @moonD4rk in #200
- feat: support Arc browser for macOS by @moonD4rk in #220
- feat: improve extension parsing by @stevenlele in #235
🐛 Bug Fixes
- fix: log error & remove deprecated linter by @carr0t2 in #171
- fix: handle error if run binary failed by @moonD4rk in #177
- fix: issue of data missing caused by title being null by @zhe6652 in #191
- fix: the bug that the command line Usage prompt is incomplete by @slark-yuxj in #196
- fix: wrong log caller skip level by @moonD4rk in #198
- fix: Bug fixes in firefox file walk by @a-urth in #229
- fix: warn if failed to decrypt master key by @stevenlele in #234
- fix: Improve error handling in browsing data and file copying functions by @moonD4rk in #261
♻️ Chore & Refactor
- refactor: optimize JSON indent output format by @stevenlele in #236
- refactor: add provider software folder and check linters by @moonD4rk in #172
- chore: upgrade go mod, remove json iterator dep by @moonD4rk in #178
- chore: upgrade package dependencies by @moonD4rk in #197
- chore: update logo filetype by @moonD4rk in #227
- chore: use better bytes comparison method by @testwill in #257
New Contributors
- @carr0t2 made their first contribution in #171
- @BeichenDream made their first contribution in #180
- @zhe6652 made their first contribution in #191
- @slark-yuxj made their first contribution in #196
- @a-urth made their first contribution in #229
- @stevenlele made their first contribution in #235
- @testwill made their first contribution in #257
Full Changelog: v0.4.4...v0.4.5
Contributors
Assets 9
hack-browser-data-v0.4.4
Contributors
Assets 9
hack-browser-data-v0.4.3
Contributors
Assets 9
hack-browser-data-v0.4.2
Contributors
Assets 9
hack-browser-data-v0.4.1
Contributors
Assets 9
hack-browser-data-v0.4.0
Changes
- feat: support Go 1.18 generics, refactor project layout
- feat: add support for all published firefox
- feat: add color output for command line logs
- feat: add support chromium when some Linux distributions does not use D-Bus to get master key
- fix: getting wrong Chromium cookie file path error
- fix: check AES block size when decrypting Chromium password under Windows
- fix: export credit card failed for windows
hack-browser-data-v0.3.7
What's Changed
Feature
- feat: add Yandex browser for macOS and Windows by @moonD4rk 0f2a541
- feat: add CocCoc browser for macOS and Windows by @moonD4rk a9f36d6
Fixbug
- Optimize the Chinese version of README by @lc6464 in #88
- Add ciphertext length check in AES decryption by @SignorMercurio in #92
- chore(deps): bump github.com/tidwall/gjson from 1.6.0 to 1.9.3 by @dependabot in #101
- fix: upgrade go-sqlite3 verion, remove compile warning by @moonD4rk in #103
New Contributors
- @lc6464 made their first contribution in #88
- @SignorMercurio made their first contribution in #92
Full Changelog: v0.3.6...v0.3.7
