Chrome 中的加密 cookie

2021-12-08 00:00:00 google-chrome cookies sqlite

我目前正在开发一个 C# 表单应用程序,它需要访问我计算机上的特定 cookie,我可以做得很好.问题来了:

I am currently working on a C# forms application that needs to access a specific cookie on my computer, which I can do perfectly fine. Here's the issue:

Google 将 cookie 存储在 SQLite 中,我已经下载了 Sqlite 数据库浏览器来帮助我查看这些值.令我惊讶的是,大约一半的 cookie 值显示为空(包括我需要的那个),尽管它们显然不是.

Google stores cookies in SQLite, and I've downloaded Sqlite database browser to help me look at these values. What surprises me is that about half of the cookie values shows as empty (including the one I need), even though they are obviously not.

db 文件位于:

C:Users\%username%AppDataLocalGoogleChromeUser DataDefaultCookies

在 Chrome 上,我有一个名为编辑此 Cookie"的插件,它允许我直接修改我所在网站上的 cookie.这个插件可以读取这些 cookie,并且 Web 浏览器可以在不同请求需要时通过 HTTP 解析值,所以它们肯定存在——仍然,SQLite 浏览器和我的自定义代码都得出特定值字段为空的结论.

On Chrome I have an addon called "Edit This Cookie" which allows me to directly modify cookies on the website I'm on. This addon can read these cookies, and the web browser can parse values through HTTP when needed for different requests, so they are definitely there - still, the SQLite browser, and my custom code both come to the conclusion that the particular value field is empty.

这是为什么?是什么以某种方式阻止某些应用程序读取该字段?

Why is that? What is it that somehow prevents the field from being read by certain applications?

推荐答案

好吧,如果有人感兴趣,我经过大量试验、错误和谷歌搜索后找到了解决这个问题的方法.

Alright, so in case anyone is interested, I found a solution to this problem after alot of trial, error and googling.

Google Chrome cookie 数据库有 2 列用于存储值:value"和encrypted_value",后者在存储的 cookie 被要求加密时使用 - 通常是某些机密信息和长时间会话密钥的情况.

Google Chrome cookies DB has 2 columns for storing values: "value" and "encrypted_value", the latter being used when the cookie stored was requested to be encrypted - often the case with certain confidential information and long-time session keys.

弄清楚这一点后,我需要找到一种方法来访问这个键,存储为一个 Blob 值.我找到了几个关于如何做到这一点的指南,但最终支付的是:http://www.codeproject.com/Questions/56109/Reading-BLOB-in-Sqlite-using-C-NET-CF-PPC

After figuring this out, I then needed to find a way to access this key, stored as a Blob value. I found several guides on how to do this, but the one that ended up paying of was: http://www.codeproject.com/Questions/56109/Reading-BLOB-in-Sqlite-using-C-NET-CF-PPC

仅仅读取值是不够的,因为它是加密的.- 谷歌浏览器使用三重 DES 加密和当前用户密码作为 Windows 机器上的种子.为了在 C# 中解密它,应该使用 Windows 数据保护 API (DPAPI),有一些关于如何使用它的指南.

Simply reading the value is not enough, as it is encrypted. - Google Chrome uses triple DES encryption with the current users password as seed on windows machines. In order to decrypt this in C#, one should use Windows Data Protection API (DPAPI), there are a few guides out there on how to make use of it.

相关文章