Python and sqlite3 implement decryption of chrome cookie instance code, sqlite3chrome
The main problem studied in this article is that google fails to execute code to decrypt chrome cookies because the sqlite3 version is too low. Although I switched to the python3.5 environment, however, sqlite3 only has version 3.6.
After google for a long time, I finally found the method:
1. Enter the page http://www6.atomicorp.com/channels/atomic/centos/6/x86_64/RPMS/
2. Download atomic-sqlite-sqlite-3.8.5-2.el6.art.x86_64.rpm
3. rpm-Uvh atomic-sqlite-sqlite-3.8.5-2.el6.art.x86_64.rpm
4. Execute the command sqlite3-version. Everything is OK.
By the way, the cookie parsing code is attached.
#coding=utf-8 import os import sqlite3 #import keyring from Crypto.Cipher import AES from Crypto.Protocol.KDF import PBKDF2 #for mac #my_pass = keyring.get_password('Chrome Safe Storage', 'Chrome') #my_pass = my_pass.encode('utf8') #iterations = 1003 #cookie_file = os.path.expanduser('~/Library/Application Support/Google/Chrome/Default/Cookies') #for linux my_pass = 'peanuts'.encode('utf8') iterations = 1 cookie_file = 'Cookies' salt = b'saltysalt' length = 16 iv = b' ' * length def expand_str(token): token_len = len(token) expand_len = (token_len // length + 1) * length - token_len return token.encode('ascii') + b'\x0c' * expand_len def aes_encrypt(token): key = PBKDF2(my_pass, salt, length, iterations) cipher = AES.new(key, AES.MODE_CBC, IV=iv) enc_token = cipher.encrypt(token) return b'v10' + enc_token def aes_decrypt(token): key = PBKDF2(my_pass, salt, length, iterations) cipher = AES.new(key, AES.MODE_CBC, IV=iv) dec_token = cipher.decrypt(token) return dec_token def query_cookies(): with sqlite3.connect(cookie_file) as conn: sql = "select host_key, name, encrypted_value from cookies where name = 'jzysYonghu'" #sql = "select * from cookies" result = conn.execute(sql).fetchall() return result def write_cookies(enc_token): with sqlite3.connect(cookie_file) as conn: b = sqlite3.Binary(enc_token) sql = """update cookies set encrypted_value = ? where name = 'remember_token'""" conn.execute(sql, (b, )) def change_user(token): write_cookies(ase_encrypt(expand_str(token))) if __name__ == '__main__': data = query_cookies()[0][2] print(data) print(len(data)) print(aes_decrypt(data[3:]))
After encryption, a v10 is added before the string, so you must remove it before decryption.
Summary
The above is all about how python and sqlite3 implement the decryption of chrome cookie instance code. I hope it will be helpful to you. If you are interested, you can continue to refer to other related topics on this site. If you have any shortcomings, please leave a message. Thank you for your support!