Instantly share code, notes, and snippets.
Last active
December 3, 2024 13:40
-
Star
(0)
0
You must be signed in to star a gist -
Fork
(0)
0
You must be signed in to fork a gist
-
Save marceloalcocer/752a55cf86629afe9734607dba8247e6 to your computer and use it in GitHub Desktop.
Chromium cookie extraction and decryption
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
"""Chromium cookie extraction and decryption | |
Extract and decrypt cookies from Chromium web browser (linux systems only). | |
Resources; | |
* https://stackoverflow.com/a/23727360/2798933 | |
* https://stackoverflow.com/a/23727331/2798933 | |
* https://n8henrie.com/2014/05/decrypt-chrome-cookies-with-python/ | |
""" | |
# Standard library imports | |
import sqlite3 | |
import argparse | |
import os.path | |
# External imports | |
import Crypto.Cipher.AES | |
import Crypto.Protocol.KDF | |
class Cookie(sqlite3.Row): | |
"""Cookie class | |
Class representing a cookie | |
Convenience class representing a row of ``cookie`` table in DB | |
""" | |
# == Public interface ==================================================== # | |
def __init__(self, *args, **kwargs): | |
super().__init__() | |
for key in self.keys(): | |
setattr(self, key, self[key]) | |
@property | |
def decrypted_value(self): | |
"""Decrypted cookie value | |
Currently only works on linux systems. | |
See https://bit.ly/3iKAzkJ for implementation details. | |
""" | |
if not self.encrypted_value: | |
return None | |
prefix = b"v10" | |
n_prefix = len(prefix) | |
ciphertext = self.encrypted_value | |
if ciphertext[:n_prefix] != prefix: | |
raise ValueError( | |
"Incorrect ciphertext prefix:" | |
f" {ciphertext[:n_prefix]} != {prefix}" | |
) | |
plaintext = self._cipher.decrypt( | |
ciphertext[n_prefix:] # Strip ciphertext prefix | |
) | |
n_padding = plaintext[-1] # Padding count appened to plaintext | |
if not all( | |
padding == n_padding | |
for padding in | |
plaintext[-n_padding:] | |
): | |
raise ValueError( | |
"Incorrect ciphertext padding:" | |
f" {plaintext[-n_padding:]} != {n_padding}" | |
) | |
value_slice = slice( | |
32, # Unknown prepended content (chromium > 130) | |
-plaintext[-1] # Padding | |
) | |
return plaintext[value_slice].decode("utf8") | |
# == Private interface =================================================== # | |
_cipher = Crypto.Cipher.AES.new( | |
key=Crypto.Protocol.KDF.PBKDF2( | |
password=b"peanuts", | |
salt=b"saltysalt", | |
dkLen=16, | |
count=1 | |
), | |
mode=Crypto.Cipher.AES.MODE_CBC, | |
iv=(b' ' * 16) | |
) | |
class _CLI: | |
"""Command line interface | |
Encapsulates module CLI | |
""" | |
# == Public interface ==================================================== # | |
args = None | |
def __init__(self): | |
self._init_args() | |
self._init_sql() | |
def extract(self): | |
"""Extract cookie from cookie jar""" | |
try: | |
con = sqlite3.connect(self.args.cookie_jar) | |
con.row_factory = Cookie | |
cookie = con.execute(self._query, self._params).fetchone() | |
self.args.output.write( | |
cookie.decrypted_value if self.args.decrypt | |
else cookie.value | |
) | |
finally: | |
con.close() | |
self.args.output.close() | |
# == Private interface =================================================== # | |
_query = None | |
_params = None | |
def _init_args(self): | |
"""Initialise arguments | |
Initialise argparse.ArgumentParses instance and parse arguments | |
""" | |
parser = argparse.ArgumentParser( | |
description=( | |
"Extract a cookie from Chromium cookie jar" | |
), | |
epilog=( | |
"N.b Only linux systems are currently supported." | |
) | |
) | |
parser.add_argument( | |
"name", | |
help="cookie name", | |
type=str | |
) | |
parser.add_argument( | |
"--cookie-jar", "-c", | |
help="cookie jar. Default location if omitted", | |
default=self._cookie_jar, | |
type=str | |
) | |
parser.add_argument( | |
"--domain", "-D", | |
help=( | |
"cookie domain" | |
), | |
type=str | |
) | |
parser.add_argument( | |
"--decrypt", "-d", | |
help="decrypt cookie value", | |
action="store_true" | |
) | |
parser.add_argument( | |
"--output", "-o", | |
help=( | |
"output file name." | |
" stdout if '-' or omitted" | |
), | |
default="-", | |
type=argparse.FileType("wt") | |
) | |
self.args = parser.parse_args() | |
def _init_sql(self): | |
self._query = "select * from cookies where name=?" | |
self._params = [self.args.name] | |
if self.args.domain: | |
self._query += " and host_key=?" | |
self._params.append(self.args.domain) | |
@property | |
def _cookie_jar(self): | |
basename = "chromium/Profile 1/Cookies" | |
paths = ( | |
os.path.expanduser( | |
os.path.join("~/.config", basename) | |
), | |
os.path.expanduser( | |
os.path.join("~/snap/chromium/common/", basename) | |
) | |
) | |
for path in paths: | |
if os.path.exists(path): | |
return path | |
if __name__=="__main__": | |
_CLI().extract() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment