In this article, we will discuss how to extract all passwords stored in the Chrome browser.
Note: This article is for users who use Chrome on Windows. If you are a Mac or Linux user, you may need to make some changes to the given path, while the rest of the Python program will remain the same.
Now, Let’s install some important libraries which we need to write a python program through which we can extract Chrome Passwords.
pip install pycryptodome pip install pypiwin32
Before we extract the password directly from Chrome, we need to define some useful functions that will help our main functions.
- First Function
def chrome_date_and_time(chrome_data): # Chrome_data format is # year-month-date hr:mins:seconds.milliseconds # This will return datetime.datetime Object return datetime(1601, 1, 1) + timedelta(microseconds=chrome_data)
The chrome_date_and_time() function is responsible for converting Chrome’s date format into a human-readable date and time format.
Chrome Date and time format look like this:
- Second Function
def fetching_encryption_key(): # Local_computer_directory_path will # look like this below # C: => Users => <Your_Name> => AppData => # Local => Google => Chrome => User Data => # Local State local_computer_directory_path = os.path.join( os.environ["USERPROFILE"], "AppData", "Local", "Google", "Chrome", "User Data", "Local State") with open(local_computer_directory_path, "r", encoding="utf-8") as f: local_state_data = f.read() local_state_data = json.loads(local_state_data) # decoding the encryption key using base64 encryption_key = base64.b64decode( local_state_data["os_crypt"]["encrypted_key"]) # remove Windows Data Protection API (DPAPI) str encryption_key = encryption_key[5:] # return decrypted key return win32crypt.CryptUnprotectData( encryption_key, None, None, None, 0)
The fetching_encryption_key() function obtains and decodes the AES key used to encrypt the password. It is saved as a JSON file in “C:\Users\<Your_PC_Name>\AppData\Local\Google\Chrome\User Data\Local State”. This function will be useful for the encrypted key.
- Third Function
def password_decryption(password, encryption_key): try: iv = password[3:15] password = password[15:] # generate cipher cipher = AES.new(encryption_key, AES.MODE_GCM, iv) # decrypt password return cipher.decrypt(password)[:-16].decode() except: try: return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)) except: return "No Passwords"
password_decryption() takes the encrypted password and AES key as parameters and returns the decrypted version or Human Readable format of the password.
Below is the implementation.
For the above code, we followed these below steps;
- First, we use the previously defined function fetching_encryption_key() to obtain the encryption key
- Then copy the SQLite database in “C:\Users\<Your_PC_Name>\AppData\Local\Google\Chrome\User Data\default\Login Data” where the saved Password data is stored of the current directory and establish a connection with it. This is because the original database file locked when Chrome started.
- With the help of the cursor object, we will execute the SELECT SQL query from the ‘logins’ table order by date_last_used.
- Traverse all the login rows in a more readable format to obtain the passwords for each password and format date_created and date_last_used.
- Finally, With the help of print statements, we will print all the saved credentials which are extracted from Chrome.
- Delete the copy of the database from the current directory.
Attention geek! Strengthen your foundations with the Python Programming Foundation Course and learn the basics.
To begin with, your interview preparations Enhance your Data Structures concepts with the Python DS Course. And to begin with your Machine Learning Journey, join the Machine Learning – Basic Level Course