Chromium cookie extraction and decryption

chromium-cookie.py

#!/usr/bin/env python3
"""Chromium cookie extraction and decryption

Extract and decrypt cookies from Chromium web browser (linux systems only).

Resources;

* https://stackoverflow.com/a/23727360/2798933
* https://stackoverflow.com/a/23727331/2798933
* https://n8henrie.com/2014/05/decrypt-chrome-cookies-with-python/

"""

# Standard library imports
import sqlite3
import argparse
import os.path

# External imports
import Crypto.Cipher.AES
import Crypto.Protocol.KDF


class Cookie(sqlite3.Row):
	"""Cookie class
	
	Class representing a cookie

	Convenience class representing a row of ``cookie`` table in DB
	
	"""
	
	# == Public interface ==================================================== #

	def __init__(self, *args, **kwargs):
		super().__init__()
		for key in self.keys():
			setattr(self, key, self[key])

	@property
	def decrypted_value(self):
		"""Decrypted cookie value
		
		Currently only works on linux systems.
		
		See https://bit.ly/3iKAzkJ for implementation details.
		
		"""
		if not self.encrypted_value:
			return None
		prefix = b"v10"
		n_prefix = len(prefix)
		ciphertext = self.encrypted_value
		if ciphertext[:n_prefix] != prefix:
			raise ValueError(
				"Incorrect ciphertext prefix:"
				f" {ciphertext[:n_prefix]} != {prefix}"
			)
		plaintext = self._cipher.decrypt(
			ciphertext[n_prefix:]		# Strip ciphertext prefix
		)
		n_padding = plaintext[-1]		# Padding count appened to plaintext
		return plaintext[:-n_padding].decode("utf8")

	# == Private interface =================================================== #

	_cipher = Crypto.Cipher.AES.new(
		key=Crypto.Protocol.KDF.PBKDF2(
			password=b"peanuts",
			salt=b"saltysalt",
			dkLen=16,
			count=1
		),
		mode=Crypto.Cipher.AES.MODE_CBC,
		iv=(b' ' * 16)
	)


class _CLI:
	"""Command line interface
	
	Encapsulates module CLI
	
	"""

	# == Public interface ==================================================== #

	args = None

	def __init__(self):
		self._init_args()
		self._init_sql()

	def extract(self):
		"""Extract cookie from cookie jar"""
		try:
			con = sqlite3.connect(self.args.cookie_jar)
			con.row_factory = Cookie
			cookie = con.execute(self._query, self._params).fetchone()
			self.args.output.write(
				cookie.decrypted_value if self.args.decrypt
				else cookie.value
			)
		finally:
			con.close()
			self.args.output.close()

	# == Private interface =================================================== #

	_query = None
	_params = None

	def _init_args(self):
		"""Initialise arguments
		
		Initialise argparse.ArgumentParses instance and parse arguments
		
		"""
		parser = argparse.ArgumentParser(
			description=(
				"Extract a cookie from Chromium cookie jar"
			),
			epilog=(
				"N.b Only linux systems are currently supported."
			)
		)
		parser.add_argument(
			"name",
			help="cookie name",
			type=str
		)
		parser.add_argument(
			"--cookie-jar", "-c",
			help="cookie jar. Default location if omitted",
			default=self._cookie_jar,
			type=str
		)
		parser.add_argument(
			"--domain", "-D",
			help=(
				"cookie domain"
			),
			type=str
		)
		parser.add_argument(
			"--decrypt", "-d",
			help="decrypt cookie value",
			action="store_true"
		)
		parser.add_argument(
			"--output", "-o",
			help=(
				"output file name."
				" stdout if '-' or omitted"
			),
			default="-",
			type=argparse.FileType("wt")
		)
		self.args = parser.parse_args()

	def _init_sql(self):
		self._query = "select * from cookies where name=?"
		self._params = [self.args.name]
		if self.args.domain:
			self._query += " and host_key=?"
			self._params.append(self.args.domain)

	@property
	def _cookie_jar(self):
		basename = "chromium/Default/Cookies"
		paths = (
			os.path.expanduser(
				os.path.join("~/.config", basename)
			),
			os.path.expanduser(
				os.path.join("~/snap/chromium/common/", basename)
			)
		)
		for path in paths:
			if os.path.exists(path):
				return path


if __name__=="__main__":
	_CLI().extract()