XRayC2 – Weaponizing AWS X-Ray for Covert Command and Control (C2)

DumpBrowserSecrets is a post-exploitation credential-harvesting tool that extracts saved credentials, session cookies, OAuth refresh tokens, credit card data, autofill entries, browsing history, and bookmarks from Chromium- and Firefox-based browsers on Windows. It bypasses Chrome's App-Bound Encryption by spawning a headless Chromium process and injecting a DLL that uses the IElevator COM interface to decrypt the app_bound_encrypted_key, includes DPAPI and NSS handling for other browsers, and contains operational evasion features; output is structured JSON intended for red-team assumed-breach use but could be repurposed by adversaries.