Autoswagger – Automated discovery and testing of OpenAPI & Swagger endpoints

DumpBrowserSecrets is a post-exploitation Windows tool that harvests saved passwords, session cookies, OAuth refresh tokens, credit card data, autofill entries, and browsing history from major Chromium-based and Firefox browsers. It bypasses Chrome's App-Bound Encryption (Chrome 127+) by spawning a headless Chromium process and injecting a DLL (via Early Bird APC) to call the IElevator COM interface, retrieves DPAPI or NSS keys where applicable, and outputs structured JSON. The report details implementation and evasion techniques, demonstrates a realistic red-team attack scenario (rapid credential extraction and session replay), and provides detection and mitigation suggestions for enterprise defenders.