user-tools/chromium_cookie_decrypt.py

   1 #! /usr/bin/env python2
   2
   3 """
   4 =pod
   5
   6 =head1 NAME
   7
   8 chromium_cookie_decrypt.py - Decrypt Chromium web browser stored cookies and output cleartext
   9
  10 =cut
  11
  12 """
  13
  14 from Crypto.Cipher import AES
  15 from Crypto.Protocol.KDF import PBKDF2
  16 import sys
  17 import os
  18 import binascii
  19
  20 # Function to get rid of padding
  21 def clean_padding(x):
  22     #return x[:-x[-1]].decode('utf8')
  23     return x[:-ord(x[-1])]
  24
  25 while True:
  26         record = sys.stdin.readline()
  27         if not record:
  28                 break
  29
  30         field_number_to_decrypt = int(sys.argv[1])
  31         fields = record.split()
  32         try:
  33                 encrypted_value = binascii.unhexlify(fields[field_number_to_decrypt])
  34
  35                 # Trim off the 'v10' that Chrome/ium prepends
  36                 encrypted_value = encrypted_value[3:]
  37
  38                 # Default values used by both Chrome and Chromium in OSX and Linux
  39                 salt = b'saltysalt'
  40                 iv = b' ' * 16
  41                 length = 16
  42
  43                 # On Mac, replace MY_PASS with your password from Keychain
  44                 # On Linux, replace MY_PASS with 'peanuts'
  45                 my_pass = os.environ['CHROMIUM_DECRYPT_PASS']
  46                 my_pass = my_pass.encode('utf8')
  47
  48                 # 1003 on Mac, 1 on Linux
  49                 #iterations = 1003
  50                 iterations = 1
  51
  52                 key = PBKDF2(my_pass, salt, length, iterations)
  53                 cipher = AES.new(key, AES.MODE_CBC, IV=iv)
  54
  55                 decrypted = clean_padding(cipher.decrypt(encrypted_value))
  56                 fields[field_number_to_decrypt] = decrypted
  57         except IndexError:
  58                 pass
  59         print '\t'.join(fields)