make getpeername() return the original socket address which before it was intercepted
[hband-tools.git] / user-tools / chromium_cookie_decrypt.py
blob45d615d8c1d670f4841beffa503cca95ce32ac51
1 #! /usr/bin/env python2
3 """
4 =pod
6 =head1 NAME
8 chromium_cookie_decrypt.py - Decrypt Chromium web browser stored cookies and output cleartext
10 =cut
12 """
14 from Crypto.Cipher import AES
15 from Crypto.Protocol.KDF import PBKDF2
16 import sys
17 import os
18 import binascii
20 # Function to get rid of padding
21 def clean_padding(x):
22 #return x[:-x[-1]].decode('utf8')
23 return x[:-ord(x[-1])]
25 while True:
26 record = sys.stdin.readline()
27 if not record:
28 break
30 field_number_to_decrypt = int(sys.argv[1])
31 fields = record.split()
32 try:
33 encrypted_value = binascii.unhexlify(fields[field_number_to_decrypt])
35 # Trim off the 'v10' that Chrome/ium prepends
36 encrypted_value = encrypted_value[3:]
38 # Default values used by both Chrome and Chromium in OSX and Linux
39 salt = b'saltysalt'
40 iv = b' ' * 16
41 length = 16
43 # On Mac, replace MY_PASS with your password from Keychain
44 # On Linux, replace MY_PASS with 'peanuts'
45 my_pass = os.environ['CHROMIUM_DECRYPT_PASS']
46 my_pass = my_pass.encode('utf8')
48 # 1003 on Mac, 1 on Linux
49 #iterations = 1003
50 iterations = 1
52 key = PBKDF2(my_pass, salt, length, iterations)
53 cipher = AES.new(key, AES.MODE_CBC, IV=iv)
55 decrypted = clean_padding(cipher.decrypt(encrypted_value))
56 fields[field_number_to_decrypt] = decrypted
57 except IndexError:
58 pass
59 print '\t'.join(fields)