解密 Chromium cookie

2021-12-21 00:00:00 python google-chrome chromium cookies c++

我正在尝试在 Python 中使用 Chromium cookie,因为 Chromium 使用 AES(使用 CBC)加密它的 cookie,我需要扭转这一点.

I'm trying to use Chromium cookies in Python, because Chromium encrypts its cookies using AES (with CBC) I need to reverse this.

我可以从 OS X 的钥匙串中恢复 AES 密钥(它存储在 Base 64 中):

I can recover the AES key from OS X's Keychain (it's stored in Base 64):

security find-generic-password -w -a Chrome -s Chrome Safe Storage
# From Python:
python -c 'from subprocess import PIPE, Popen; print(Popen(['security', 'find-generic-password', '-w', '-a', 'Chrome', '-s', 'Chrome Safe Storage'], stdout=PIPE).stdout.read().strip())'

这是我的代码,我所缺少的只是解密 cookie:

Here's the code I have, all I'm missing is decrypting the cookies:

from subprocess import PIPE, Popen
from sqlite3 import dbapi2

def get_encryption_key():
  cmd = ['security', 'find-generic-password', '-w', '-a', 'Chrome', '-s', 'Chrome Safe Storage']
  return Popen(cmd, stdout=PIPE).stdout.read().strip().decode('base-64')

def get_cookies(database):
  key = get_encryption_key()
  with dbapi2.connect(database) as conn:
    conn.rollback()
    rows = conn.cursor().execute('SELECT name, encrypted_value FROM cookies WHERE host_key like ".example.com"')

  cookies = {}
  for name, enc_val in rows:
    val = decrypt(enc_val, key) # magic missing
    cookies[name] = val

  return cookies

我用 pyCrypto 的 AES 模块尝试了很多东西,但是:

I tried a bunch of things with pyCrypto's AES module but:

  1. 我没有初始化向量 (IV)
  2. enc_val 不是 16 的倍数
  1. I have no Initialization Vector (IV)
  2. enc_val is not a multiple of 16 in length

以下是一些看似有用的链接:

Here are some links that seem useful:

  • 开始这一切的提交
  • components/encryptor/keychain_password_mac.毫米
  • AES 密钥生成(未使用)在 OS X 中,但可以帮助其他人)
  • cookie 插入功能

你能帮我解决这个问题吗?

Can you help me figure this out?

推荐答案

您走对了!我已经研究了几天,终于弄明白了.(非常感谢 OP 提供了指向 Chromium 源代码的有用链接.)

You're on the right track! I've been working on this for a few days and finally figured it out. (Many thanks to the OP for the helpful links to the Chromium source.)

我已经发布了一篇帖子,其中包含更多细节和工作脚本,但这里是基本思想:

I've put up a post with a little more detail and a working script, but here is the basic idea:

#! /usr/bin/env python3

from Crypto.Cipher import AES
from Crypto.Protocol.KDF import PBKDF2

# Function to get rid of padding
def clean(x): 
    return x[:-x[-1]].decode('utf8')

# replace with your encrypted_value from sqlite3
encrypted_value = ENCRYPTED_VALUE 

# Trim off the 'v10' that Chrome/ium prepends
encrypted_value = encrypted_value[3:]

# Default values used by both Chrome and Chromium in OSX and Linux
salt = b'saltysalt'
iv = b' ' * 16
length = 16

# On Mac, replace MY_PASS with your password from Keychain
# On Linux, replace MY_PASS with 'peanuts'
my_pass = MY_PASS
my_pass = my_pass.encode('utf8')

# 1003 on Mac, 1 on Linux
iterations = 1003

key = PBKDF2(my_pass, salt, length, iterations)
cipher = AES.new(key, AES.MODE_CBC, IV=iv)

decrypted = cipher.decrypt(encrypted_value)
print(clean(decrypted))

相关文章