Decrypt Chrome Cookies File (Python 3) - Windows

decryptchromecookies.py

#Based off https://gist.github.com/DakuTree/98c8362fb424351b803e & pieces of https://gist.github.com/jordan-wright/5770442
from os import getenv
from shutil import copyfile
import sqlite3
import win32crypt #https://sourceforge.net/projects/pywin32/

# Copy Cookies to current folder
copyfile(getenv("APPDATA") + "/../Local/Google/Chrome/User Data/Default/Cookies", './Cookies')

# Connect to the Database
conn = sqlite3.connect('./Cookies')
cursor = conn.cursor()

# Get the results
cursor.execute('SELECT host_key, name, value, encrypted_value FROM cookies')
for host_key, name, value, encrypted_value in cursor.fetchall():
	# Decrypt the encrypted_value
	decrypted_value = win32crypt.CryptUnprotectData(encrypted_value, None, None, None, 0)[1].decode('utf-8') or value or 0

	# Update the cookies with the decrypted value
	# This also makes all session cookies persistent
	cursor.execute('\
		UPDATE cookies SET value = ?, has_expires = 1, expires_utc = 99999999999999999, is_persistent = 1, secure = 0\
		WHERE host_key = ?\
		AND name = ?',
		(decrypted_value, host_key, name));

conn.commit()
conn.close()

Thanks, it worked for me with one change: in my chrome cookie db 'secure' is 'is_secure'

There is a version for Mac OS and/or Linux?

This is the error Im getting

C:\Users\stefa\Downloads>%python3% cookie_decrypt.py
Traceback (most recent call last):
  File "cookie_decrypt.py", line 18, in <module>
    decrypted_value = win32crypt.CryptUnprotectData(encrypted_value, None, None, None, 0)[1].decode('utf-8') or value or 0
pywintypes.error: (-2146893813, 'CryptProtectData', 'Key not valid for use in specified state.')

What can I don? Im running it on windows 10. From what I could debug - it stopped at first row.

Why are you using
getenv("APPDATA") + "/../Local/Google/Chrome/User Data/Default/Cookies"
instead
getenv("LOCALAPPDATA") + "/Google/Chrome/User Data/Default/Cookies" ?

It is just copying the cookie file from '/../Local/Google/Chrome/User Data/Default/Cookies' to current folder and not doing any actual decryption

How can I use it?

I'm getting an error when calling the CryptUnprotectData method.

error: (13, 'CryptProtectData', 'The data is invalid.')

I can see that the encrypted values are printing out fine but the process fails at the decryption step.

# Decrypt the encrypted_value
	decrypted_value = win32crypt.CryptUnprotectData(encrypted_value, None, None, None, 0)[1].decode('utf-8') or value or 0

Any pointers?

I'm getting an error when calling the CryptUnprotectData method.

error: (13, 'CryptProtectData', 'The data is invalid.')

I can see that the encrypted values are printing out fine but the process fails at the decryption step.

# Decrypt the encrypted_value
	decrypted_value = win32crypt.CryptUnprotectData(encrypted_value, None, None, None, 0)[1].decode('utf-8') or value or 0

Any pointers?

It`s because the password encryption system in Chromium has changed

Thanks @mrAsh4r: Is there any alternative library?

@GSapiah, yep. You can check LaZagne (https://github.com/AlessandroZ/LaZagne)

@GSapiah, yep. You can check LaZagne (https://github.com/AlessandroZ/LaZagne)

Isn't that just for passwords or does it work also for cookies? If so, how?

I updated the code to work with new chrome encryption system
https://gist.github.com/GramThanos/ff2c42bb961b68e7cc197d6685e06f10

I updated the code to work with new chrome encryption system https://gist.github.com/GramThanos/ff2c42bb961b68e7cc197d6685e06f10

the link is down

I updated the code to work with new chrome encryption system https://gist.github.com/GramThanos/ff2c42bb961b68e7cc197d6685e06f10

the link is down

I took the gist down. I suggest @DakuTree to do the same.

More info:
From time to time shady GitHub accounts would comment on the code and/or ask questions questions about it. I was contacted by Ran Locar and he informed me that someone used my code as part of a malware, thus I decided to take it down.