Decrypt Chrome Cookies File (Python 3) - Windows

decryptchromecookies.py

#Based off https://gist.github.com/DakuTree/98c8362fb424351b803e & pieces of https://gist.github.com/jordan-wright/5770442
from os import getenv
from shutil import copyfile
import sqlite3
import win32crypt #https://sourceforge.net/projects/pywin32/

# Copy Cookies to current folder
copyfile(getenv("APPDATA") + "/../Local/Google/Chrome/User Data/Default/Cookies", './Cookies')

# Connect to the Database
conn = sqlite3.connect('./Cookies')
cursor = conn.cursor()

# Get the results
cursor.execute('SELECT host_key, name, value, encrypted_value FROM cookies')
for host_key, name, value, encrypted_value in cursor.fetchall():
	# Decrypt the encrypted_value
	decrypted_value = win32crypt.CryptUnprotectData(encrypted_value, None, None, None, 0)[1].decode('utf-8') or value or 0

	# Update the cookies with the decrypted value
	# This also makes all session cookies persistent
	cursor.execute('\
		UPDATE cookies SET value = ?, has_expires = 1, expires_utc = 99999999999999999, is_persistent = 1, secure = 0\
		WHERE host_key = ?\
		AND name = ?',
		(decrypted_value, host_key, name));

conn.commit()
conn.close()

How can I use it?

I'm getting an error when calling the CryptUnprotectData method.

error: (13, 'CryptProtectData', 'The data is invalid.')

I can see that the encrypted values are printing out fine but the process fails at the decryption step.

# Decrypt the encrypted_value
	decrypted_value = win32crypt.CryptUnprotectData(encrypted_value, None, None, None, 0)[1].decode('utf-8') or value or 0

Any pointers?

I'm getting an error when calling the CryptUnprotectData method.

error: (13, 'CryptProtectData', 'The data is invalid.')

I can see that the encrypted values are printing out fine but the process fails at the decryption step.

# Decrypt the encrypted_value
	decrypted_value = win32crypt.CryptUnprotectData(encrypted_value, None, None, None, 0)[1].decode('utf-8') or value or 0

Any pointers?

It`s because the password encryption system in Chromium has changed

Thanks @mrAsh4r: Is there any alternative library?

@GSapiah, yep. You can check LaZagne (https://github.com/AlessandroZ/LaZagne)

@GSapiah, yep. You can check LaZagne (https://github.com/AlessandroZ/LaZagne)

Isn't that just for passwords or does it work also for cookies? If so, how?

I updated the code to work with new chrome encryption system
https://gist.github.com/GramThanos/ff2c42bb961b68e7cc197d6685e06f10

I updated the code to work with new chrome encryption system https://gist.github.com/GramThanos/ff2c42bb961b68e7cc197d6685e06f10

the link is down

I updated the code to work with new chrome encryption system https://gist.github.com/GramThanos/ff2c42bb961b68e7cc197d6685e06f10

the link is down

I took the gist down. I suggest @DakuTree to do the same.

More info:
From time to time shady GitHub accounts would comment on the code and/or ask questions questions about it. I was contacted by Ran Locar and he informed me that someone used my code as part of a malware, thus I decided to take it down.

@GramThanos, fully understand if you have no interest in honoring this request, but the updated script could be used in forensic analysis (which is actually what I'm looking for a solution to) as much as malware analysis. Any chance you'd be willing to put it back up? Almost all security tools used for forensics double as potential malware utilities. Again, up to you.

@nuvious I am sorry but I will stand by my decision. For forensics, there are specialised tools that export cookies.