add chrome cookie extractor tutorial

Author: x4nth055

README.md

@@ -32,6 +32,7 @@ This is a repository of all the tutorials of [The Python Code](https://www.thepy
     - [How to Extract Chrome Passwords in Python](https://www.thepythoncode.com/article/extract-chrome-passwords-python). ([code](ethical-hacking/chrome-password-extractor))
     - [How to Use Shodan API in Python](https://www.thepythoncode.com/article/using-shodan-api-in-python). ([code](ethical-hacking/shodan-api))
     - [How to Make an HTTP Proxy in Python](https://www.thepythoncode.com/article/writing-http-proxy-in-python-with-mitmproxy). ([code](ethical-hacking/http-mitm-proxy))
+    - [How to Extract Chrome Cookies in Python](https://www.thepythoncode.com/article/extract-chrome-cookies-python). ([code](ethical-hacking/chrome-cookie-extractor))
 
 - ### [Machine Learning](https://www.thepythoncode.com/topic/machine-learning)
     - ### [Natural Language Processing](https://www.thepythoncode.com/topic/nlp)

ethical-hacking/chrome-cookie-extractor/README.md

@@ -0,0 +1,7 @@
+# [How to Extract Chrome Cookies in Python](https://www.thepythoncode.com/article/extract-chrome-cookies-python)
+To run this:
+- `pip3 install -r requirements.txt`
+- Simply run the script:
+```
+python chrome_cookie_extractor.py
+```

ethical-hacking/chrome-cookie-extractor/chrome_cookie_extractor.py

@@ -0,0 +1,109 @@
+import os
+import json
+import base64
+import sqlite3
+import shutil
+from datetime import datetime, timedelta
+import win32crypt # pip install pypiwin32
+from Crypto.Cipher import AES # pip install pycryptodome
+
+def get_chrome_datetime(chromedate):
+    """Return a `datetime.datetime` object from a chrome format datetime
+    Since `chromedate` is formatted as the number of microseconds since January, 1601"""
+    if chromedate != 86400000000 and chromedate:
+        try:
+            return datetime(1601, 1, 1) + timedelta(microseconds=chromedate)
+        except Exception as e:
+            print(f"Error: {e}, chromedate: {chromedate}")
+            return chromedate
+    else:
+        return ""
+
+
+def get_encryption_key():
+    local_state_path = os.path.join(os.environ["USERPROFILE"],
+                                    "AppData", "Local", "Google", "Chrome",
+                                    "User Data", "Local State")
+    with open(local_state_path, "r", encoding="utf-8") as f:
+        local_state = f.read()
+        local_state = json.loads(local_state)
+
+    # decode the encryption key from Base64
+    key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
+    # remove 'DPAPI' str
+    key = key[5:]
+    # return decrypted key that was originally encrypted
+    # using a session key derived from current user's logon credentials
+    # doc: http://timgolden.me.uk/pywin32-docs/win32crypt.html
+    return win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]
+
+
+def decrypt_data(data, key):
+    try:
+        # get the initialization vector
+        iv = data[3:15]
+        data = data[15:]
+        # generate cipher
+        cipher = AES.new(key, AES.MODE_GCM, iv)
+        # decrypt password
+        return cipher.decrypt(data)[:-16].decode()
+    except:
+        try:
+            return str(win32crypt.CryptUnprotectData(data, None, None, None, 0)[1])
+        except:
+            # not supported
+            return ""
+
+
+def main():
+    # local sqlite Chrome cookie database path
+    db_path = os.path.join(os.environ["USERPROFILE"], "AppData", "Local",
+                            "Google", "Chrome", "User Data", "default", "Cookies")
+    # copy the file to current directory
+    # as the database will be locked if chrome is currently open
+    filename = "Cookies.db"
+    if not os.path.isfile(filename):
+        # copy file when does not exist in the current directory
+        shutil.copyfile(db_path, filename)
+    # connect to the database
+    db = sqlite3.connect(filename)
+    cursor = db.cursor()
+    # get the cookies from `cookies` table
+    cursor.execute("""
+    SELECT host_key, name, value, creation_utc, last_access_utc, expires_utc, encrypted_value 
+    FROM cookies""")
+    # you can also search by domain, e.g thepythoncode.com
+    # cursor.execute("""
+    # SELECT host_key, name, value, creation_utc, last_access_utc, expires_utc, encrypted_value
+    # FROM cookies
+    # WHERE host_key like '%thepythoncode.com%'""")
+    # get the AES key
+    key = get_encryption_key()
+    for host_key, name, value, creation_utc, last_access_utc, expires_utc, encrypted_value in cursor.fetchall():
+        if not value:
+            decrypted_value = decrypt_data(encrypted_value, key)
+        else:
+            # already decrypted
+            decrypted_value = value
+        print(f"""
+        Host: {host_key}
+        Cookie name: {name}
+        Cookie value (decrypted): {decrypted_value}
+        Creation datetime (UTC): {get_chrome_datetime(creation_utc)}
+        Last access datetime (UTC): {get_chrome_datetime(last_access_utc)}
+        Expires datetime (UTC): {get_chrome_datetime(expires_utc)}
+        ===============================================================""")
+        # update the cookies table with the decrypted value
+        # and make session cookie persistent
+        cursor.execute("""
+        UPDATE cookies SET value = ?, has_expires = 1, expires_utc = 99999999999999999, is_persistent = 1, is_secure = 0
+        WHERE host_key = ?
+        AND name = ?""", (decrypted_value, host_key, name))
+    # commit changes
+    db.commit()
+    # close connection
+    db.close()
+
+
+if __name__ == "__main__":
+    main()

ethical-hacking/chrome-cookie-extractor/requirements.txt

@@ -0,0 +1,2 @@
+pypiwin32
+pycryptodome