Server part:
Written in Node.js and uses a cluster system.
Server part runs only on Windows.
When processing logs it checks IP, if IP is related to CIS(USSR) - Deletes log.
Server cluster is divided into many processes with api, and with 1 process for log processing.
All logs are stored in 7z archives, and the database stores only the necessary metadata.
There is no admin))0 everything was done manually, there was only Telegram bot to create an account for a user (which then zazabila a little), license changes for a user, and just a button “My Profile” which displayed the ID Telegram)00.Database:
PostgreSQL using Sequelize ORM.Authentication and security:
User sessions are implemented via JWT tokens.
User passwords are hashed using bcrypt.Decoding of browser data on the server:
To decrypt Firefox data - a separate application was used, the sources of which I don't have, I lost them (only the binary file is available: FirefoxDecryptLogins.exe).
To decrypt Chrome data (except for the latest update, where the key is obtained via Google service), the sqlite3 library is used to read SQLite files.
Decryption (tries to decrypt by those passwords that were in the browser) and reading metamask of wallets through leveldb library (reading ldb files). The wallet addresses are retrieved by default, well, maybe something changed there, so for Metamask I can't say for sure, you may have to rewrite the code if they changed the algritm.Framework:
Express server framework.Data caching:
Temporary storage of session logs, kldowns and other information is done via Redis.Client side (stub):
Written in C++
Language-specific CIS block (stub).
Does not load additional DLLs during execution.
Builds via msvc.
Universal filegrabber that works by configuration and regexp.
Can take screenshot, collect files, browser files, system information.
Loader - takes a link from the config, downloads the file, drops it into %temp% and runs it.
As far as I'm concerned, it's still a shitty code.Server for building builds:
Normal local server for generating builds for users, which is also written in express, can only communicate with the main server cluster.Frontend:
Written in Vuejs.
Originally it was a web panel, but I decided to put this web panel in nwjs to bypass browser policy with https and other tricks and problems in different browsers.
I don't know if I should describe everything here, it's easier for me to record a video and show what I have than to describe everything, so I'll attach it below.Nginx configs:
2 nginx configs, for the main server and for proxies that communicate with the main server.Telegram bot:
Creating users.
Updating their subscriptions.
Leave a Reply