[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81884":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":14,"stars7d":14,"stars30d":15,"stars90d":14,"forks30d":14,"starsTrendScore":14,"compositeScore":16,"rankGlobal":9,"rankLanguage":9,"license":17,"archived":18,"fork":18,"defaultBranch":19,"hasWiki":20,"hasPages":18,"topics":21,"createdAt":9,"pushedAt":9,"updatedAt":22,"readmeContent":23,"aiSummary":24,"trendingCount":14,"starSnapshotCount":14,"syncStatus":25,"lastSyncTime":26,"discoverSource":27},81884,"Edge-Dumper","AlexLinov\u002FEdge-Dumper","AlexLinov","BOF for extracting Edge credentials from the main browser process.",null,"C",48,7,47,0,1,42.81,"MIT License",false,"main",true,[],"2026-06-12 04:01:35","# EdgeDump\n\nBeacon Object File (BOF) for extracting Microsoft Edge saved credential artifacts from the main `msedge.exe` process during authorized testing.\n\n## Overview\n\nEdgeDump scans the primary Microsoft Edge process memory for saved credential patterns that may be present in plaintext while Edge is running.\n\nIt does not read browser files directly, access SQLite databases, or use DPAPI. The project is intended for lab validation, red-team assessments, and defensive exposure testing.\n\n## Build\n\n### BOF\n\n```bash\nmake\n```\n\nor:\n\n```bash\nx86_64-w64-mingw32-gcc -c -DBOF -Wall -O2 edgedump.c -o edgedump.x64.o\n```\n\n### Standalone EXE\n\n```bash\nmake exe\n```\n\nor:\n\n```bash\nx86_64-w64-mingw32-gcc -Wall -O2 edgedump.c -o edgedump.exe -lkernel32\n```\n\n## Usage\n\n```\nexecute bof edgedump.x64.o\n```\n\nExample output:\n\n\u003Cimg width=\"803\" height=\"237\" alt=\"image\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F7947a3b3-d938-4322-9707-dbe23ff56987\" \u002F>\n\n## Requirements\n\n- Edge does **not** need to be an active process credentials are loaded into memory at startup and persist for the session, even for sites the user never visits.\n- Same-user context is sufficient to read the current user's Edge process.\n- Elevated (admin) context can read Edge processes across all logged-on and disconnected user sessions on the same host, particularly impactful on terminal servers, RDS, and VDI environments.\n- Windows target with BOF-compatible execution support.\n\n## How It Works\n\nAt a high level, EdgeDump:\n\n1. Finds the main `msedge.exe` process.\n2. Opens the process with memory-read permissions.\n3. Scans readable memory regions for Edge credential patterns.\n4. Deduplicates matching results.\n5. Prints discovered URL, username, and password entries.\n\n## Files\n\n```\nedgedump.c    - source code\nbeacon.h      - BOF API header\nMakefile      - BOF and EXE build targets\n```\nBOF API Header courtesy of [Adaptix Extension-Kit](https:\u002F\u002Fgithub.com\u002FAdaptix-Framework\u002FExtension-Kit)\n\n## Limitations\n\n- Results depend on what is present in process memory at runtime.\n- This project targets Microsoft Edge only.\n- Output may vary by Edge version, Windows version, and process state.\n- Maximum result limits may apply depending on the build configuration.\n\n## References\n\nThanks to the original author and research that inspired this project:\n\n- Original discovery \u002F C# PoC: [L1v1ng0ffTh3L4N - EdgeSavedPasswordsDumper](https:\u002F\u002Fgithub.com\u002FL1v1ng0ffTh3L4N\u002FEdgeSavedPasswordsDumper)\n\n## Disclaimer\n\nThis project is intended for authorized security testing, lab research, and defensive validation only. Do not use it against systems or users without explicit permission.\n","Edge-Dumper 是一个用于从Microsoft Edge主浏览器进程中提取保存的凭证信息的Beacon Object File (BOF)工具。其核心功能包括扫描运行中的msedge.exe进程内存，寻找并提取可能以明文形式存在的凭证模式，并去重后输出发现的URL、用户名和密码条目。该项目不直接读取浏览器文件或访问SQLite数据库，而是通过内存读取权限来完成任务。适用于授权的安全测试、红队评估以及防御性暴露测试场景中，尤其是在需要在终端服务器、RDS或VDI环境中跨用户会话读取Edge进程时特别有用。该工具支持BOF与独立EXE两种编译方式，便于不同环境下的使用。",2,"2026-06-11 04:07:03","CREATED_QUERY"]