Decrypt Chrome Cookies File (Python 3) - Windows

decryptchromecookies.py

# Based on:
# 	https://gist.github.com/DakuTree/98c8362fb424351b803e
# 	https://gist.github.com/jordan-wright/5770442
# 	https://gist.github.com/DakuTree/428e5b737306937628f2944fbfdc4ffc
# 	https://stackoverflow.com/questions/60416350/chrome-80-how-to-decode-cookies
# 	https://stackoverflow.com/questions/43987779/python-module-crypto-cipher-aes-has-no-attribute-mode-ccm-even-though-pycry

import os
import json
import base64
import sqlite3
from shutil import copyfile

# python.exe -m pip install pypiwin32
import win32crypt
# python.exe -m pip install pycryptodomex
from Cryptodome.Cipher import AES

# Copy Cookies and Local State to current folder
copyfile(os.getenv("APPDATA") + "/../Local/Google/Chrome/User Data/Default/Cookies", './Cookies')

# Load encryption key
encrypted_key = None
with open(os.getenv("APPDATA") + "/../Local/Google/Chrome/User Data/Local State", 'r') as file:
	encrypted_key = json.loads(file.read())['os_crypt']['encrypted_key']
encrypted_key = base64.b64decode(encrypted_key)
encrypted_key = encrypted_key[5:]
decrypted_key = win32crypt.CryptUnprotectData(encrypted_key, None, None, None, 0)[1]


# Connect to the Database
conn = sqlite3.connect('./Cookies')
cursor = conn.cursor()

# Get the results
cursor.execute('SELECT host_key, name, value, encrypted_value FROM cookies')
for host_key, name, value, encrypted_value in cursor.fetchall():
	# Decrypt the encrypted_value
	try:
		# Try to decrypt as AES (2020 method)
		cipher = AES.new(decrypted_key, AES.MODE_GCM, nonce=encrypted_value[3:3+12])
		decrypted_value = cipher.decrypt_and_verify(encrypted_value[3+12:-16], encrypted_value[-16:])
	except:
		# If failed try with the old method
		decrypted_value = win32crypt.CryptUnprotectData(encrypted_value, None, None, None, 0)[1].decode('utf-8') or value or 0

	# Update the cookies with the decrypted value
	# This also makes all session cookies persistent
	cursor.execute('\
		UPDATE cookies SET value = ?, has_expires = 1, expires_utc = 99999999999999999, is_persistent = 1, is_secure = 0\
		WHERE host_key = ?\
		AND name = ?',
		(decrypted_value, host_key, name));

conn.commit()
conn.close()

Code updated to support new encryption method.
A more advance version/tool can be found here

Hey there! I know it might look like a silly question, but to decrypt Chrome's cookies, it needs to do it from the User's machine right? What if, lets say, there's a malware that steals cookies, can it also decrypt it too with this kind of method?

@jaxe233 interesting question, especially when it comes from a user that just registered an account and added as a profile picture a South Korean singer.

How would I edit this to work with other things like the History? Especially the last cursor.execute(), I don't really know SQL so I don't understand.

Hey There @gram Thanos. I only see the cookies file being copied to directory where the python script is located. Is there an output directory I should be looking for?

@gitHubMaster555 this functionality was there before my fork. The cookies file is copied to the current working directory (CWD) which may not be the folder where your script is located (it depends on how you call the script).

Hey There @GramThanos . I found some error and this script cannot running on my pc.
First I run it script it print this error:
Traceback (most recent call last): File "C:\Users\ANT\AppData\Local\123456\de.py", line 25, in <module> encrypted_key = json.loads(file.read())['os_crypt']['encrypted_key'] UnicodeDecodeError: 'gbk' codec can't decode byte 0xaa in position 23571: illegal multibyte sequence
When I transcoding "Local State" UTF-8 to gbk.
Traceback (most recent call last): File "C:\Users\ANT\AppData\Local\123456\de.py", line 28, in <module> decrypted_key = win32crypt.CryptUnprotectData(encrypted_key, None, None, None, 0)[1] pywintypes.error: (-2146893813, 'CryptProtectData', 'Key not valid for use in specified state.')
How to fix it ?

@AnateXP check the file's os.getenv("APPDATA") + "/../Local/Google/Chrome/User Data/Local State" contents. Something is not right there. This has to do with your chrome I guess.

Can you help me about this error? "sqlite3.OperationalError: Could not decode to UTF-8 column 'encrypted_value' with text 'v10�V�♦☺ h�#��P��*�-4�n�§���g��'"

Can you help me about this error? "sqlite3.OperationalError: Could not decode to UTF-8 column 'encrypted_value' with text 'v10�V�♦☺ h�#��P��*�-4�n�§���g��'"

There are many results on Google with discussions on this error.

Can you help me about this error? "sqlite3.OperationalError: Could not decode to UTF-8 column 'encrypted_value' with text 'v10�V�♦☺ h�#��P��*�-4�n�§���g��'"

There are many results on Google with discussions on this error.

I am also got this error, sqlite3.OperationalError: Could not decode to UTF-8 column 'encrypted_value' with text 'v10��~��|�d:.3�,:X��&���lr2���Kk���e�%U��l'
OS: Windows 10 x64 20H2
Python: 3.9.2
Google and try add conn.text_factory = bytes or conn.text_factory = str can not resolve it.

pypiwin32 is an outdated package
https://gist.github.com/GitHub30/427b0474008234d449acefb216a4a833
ethereum/web3.py#1721
https://stackoverflow.com/questions/55918311/what-is-the-difference-between-pywin32-and-pypiwin32

Can you help me about this error? "sqlite3.OperationalError: Could not decode to UTF-8 column 'encrypted_value' with text 'v10�V�♦☺ h�#��P��*�-4�n�§���g��'"

There are many results on Google with discussions on this error.

I am also got this error, sqlite3.OperationalError: Could not decode to UTF-8 column 'encrypted_value' with text 'v10��~��|�d:.3�,:X��&���lr2���Kk���e�%U��l'
OS: Windows 10 x64 20H2
Python: 3.9.2
Google and try add conn.text_factory = bytes or conn.text_factory = str can not resolve it.

conn.text_factory = bytes helped me to resolved the issue. Thanks a lot!

Thank you for this good work. I had a need to change the encrypted cookie value. Please tell me how to encrypt the new value?

I tried to do something, but it didn't work out.

code

def get_encryption_value(key, data):
    iv = b'v10' + Random.get_random_bytes(12)
    cipher = AES.new(key, AES.MODE_GCM, iv)
    data = bytes(data, "utf-8")
    encryption_value = iv + cipher.encrypt(data)
    print(encryption_value)

I haven't tried anything similar.

我没有尝试过类似的东西。

password = win32crypt.CryptUnprotectData(result[2])[1].decode()
error: (13, 'CryptProtectData', '数据无效。')
我更新了代码以使用新的 chrome 加密系统

I'm getting FileNotFoundError on the copyfile line, looks like Chrome moved their cookies file into a Network subfolder. Fixed by replacing line 20 with this
fpath = os.path.join(os.getenv("USERPROFILE"), "AppData/Local/Google/Chrome/User Data/Default/Network/Cookies")
copyfile(fpath, './Cookies')

Please note that these kind of things change once in a while.