HoneyBee – Misconfigured App Generator for Red Team Validation

DumpBrowserSecrets is a post-exploitation browser credential-harvesting tool that extracts saved passwords, session cookies, OAuth refresh tokens, credit card data, autofill and history from major Chromium- and Gecko-based browsers; it bypasses Chrome's App‑Bound Encryption by spawning a headless Chromium process and injecting a DLL to call the IElevator COM interface, includes DPAPI and NSS handling for other browsers, and implements multiple evasion techniques, making it effective for account takeover and lateral movement on compromised Windows hosts.