From what I understand Mimikatz can find and decrypt authentication cookies if I have access to the cookie DB from a browser. These are (as you all know) available in most stealer log folders. Can I basically import said cookie file into Mimikatz and will it spit out whatever authentication cookies are within the DB? I’ve seen the cookies allow me into yahoo no authentication but it’s few and far between. Any comments would be appreciated. Appreciate it.

What? I'm not very familiar with Mimikatz, but I'm pretty sure it doesn't have anything to do with browser cookies. What are you trying to achieve? Do you want to keep only the cookies needed for auth and discard the tracking ones?

What? Any good stealer should already decrypt and send you cookies and passwords. That is the entire point of a stealer.

If you only have an encrypted blob of shit off someone's PC you can't decrypt that without access to the system.

This this: https://apr4h.github.io/2019-12-20-Harvesting-Browser-Credentials/

Im not familiar with this

thanks

this is interesting thanks for sharing this information

Actually No. Cookies are technically the combination of authentication for valid session. It's not a password authentication that you would want to crack it. And, even if you crack some kind of cookies, and decrypt it, the browser and the web app wont be able to consume it in it's changed format which is now clear text. So cookies are not passwords that you want to crack.

PS. You better stealer.

Also, if you already have cookies, that are valid and not expired, then you do not even need to crack it or no need to get pwd, just load them in browser and visit the website, boom, you are already in. This is what cookies are made for. For creating and authenticating a valid session.