andreycizov/decrypt_chrome_cookies_linux.py

## decrypt_chrome_cookies_linux.py
import hashlib
import os
import sqlite3
import yaml
from Crypto.Cipher import AES

def extract_cookie(domain_name) -> bytes:
    with sqlite3.connect(os.path.expanduser('~/.config/google-chrome/Default/Cookies')) as conn:
        cursor = conn.cursor()

        cursor.execute(
            """
            select encrypted_value from cookies where host_key = ? and name = "cookiename";
            """,
            (domain_name,),
        )

        rtn, = cursor.fetchone()
        return rtn


def extract_chrome_encryption_decrypt(body: bytes):
    if body[:3] != b'v10':
        raise AssertionError(body[:3])

    body = body[3:]

    key = hashlib.pbkdf2_hmac(
        'sha1',
        b'peanuts',
        b'saltysalt',
        1,  # 1003 on Mac
        dklen=16,
    )

    IV = b"                "

    cipher = AES.new(key, AES.MODE_CBC, IV)

    rtn = cipher.decrypt(body)

    padding_size = rtn[-1]

    rtn = rtn[:-padding_size]

    return rtn.decode('utf-8')

def main():
    cookie_uk = extract_chrome_encryption_decrypt(extract_cookie("www.google.com"))
	import hashlib
	import os
	import sqlite3
	import yaml
	from Crypto.Cipher import AES

	def extract_cookie(domain_name) -> bytes:
	with sqlite3.connect(os.path.expanduser('~/.config/google-chrome/Default/Cookies')) as conn:
	cursor = conn.cursor()

	cursor.execute(
	"""
	select encrypted_value from cookies where host_key = ? and name = "cookiename";
	""",
	(domain_name,),
	)

	rtn, = cursor.fetchone()
	return rtn


	def extract_chrome_encryption_decrypt(body: bytes):
	if body[:3] != b'v10':
	raise AssertionError(body[:3])

	body = body[3:]

	key = hashlib.pbkdf2_hmac(
	'sha1',
	b'peanuts',
	b'saltysalt',
	1, # 1003 on Mac
	dklen=16,
	)

	IV = b" "

	cipher = AES.new(key, AES.MODE_CBC, IV)

	rtn = cipher.decrypt(body)

	padding_size = rtn[-1]

	rtn = rtn[:-padding_size]

	return rtn.decode('utf-8')

	def main():
	cookie_uk = extract_chrome_encryption_decrypt(extract_cookie("www.google.com"))