昨天写了获取WIFI密码的脚本,今天继续写一段python脚本获取Chrome浏览器已保存的账号和密码。
Chrome浏览器已保存的密码都保存在一个sqlite3数据库文件中,和Cookies数据库在同一个文件夹,类似:
C:\Users\Lucas Lee\AppData\Local\Google\Chrome\User Data\Default\Login Data
使用CryptUnprotectData函数解密数据库中的密码字段,即可还原密码,只需要User权限,并且只能是User权限。
为了防止出现读写出错,建议先把数据库临时拷贝到当前目录。
程序会读出所有的账号、密码、网站,写入文件夹下ChromePass.txt文件
代码如下:
import os, sys
import shutil
import sqlite3
import win32crypt
outFile_path = os.path.join(os.path.dirname(sys.executable),
'ChromePass.txt')
if os.path.exists(outFile_path):
os.remove(outFile_path)
db_file_path = os.path.join(os.environ['LOCALAPPDATA'],
r'Google\Chrome\User Data\Default\Login Data')
tmp_file = os.path.join(os.path.dirname(sys.executable), 'tmp_tmp_tmp')
if os.path.exists(tmp_file):
os.remove(tmp_file)
shutil.copyfile(db_file_path, tmp_file) # In case file locked
conn = sqlite3.connect(tmp_file)
for row in conn.execute('select username_value, password_value, signon_realm from logins'):
pwdHash = str(row[1])
try:
ret = win32crypt.CryptUnprotectData(pwdHash, None, None, None, 0)
except:
print 'Fail to decrypt chrome passwords'
sys.exit(-1)
with open(outFile_path, 'a+') as outFile:
outFile.write('UserName: {0:<20} Password: {1:<20} Site: {2} \n\n'.format(
row[0].encode('gbk'), ret[1].encode('gbk'), row[2].encode('gbk')) )
conn.close()
print 'All Chrome passwords saved to:\n' + outFile_path
os.remove(tmp_file) # Remove temp file
Chrome 太不安全了,这样随便一个木马就能把密码全盗走。
这个设计是有解释的,是一种折中选择。 因为对方已经拥有了对PC的控制权。 建议不要把PC给不信任的人使用,离开时锁屏。
这个有点 恐怖 看来还是不能保存密码
额,其实我还是保存了不少密码的,注意安全就好。 不过盗号木马确实能做不少事啊。。。
Hi…有点事情想请教 麻烦可以加我微信吗 ccc0606 非常感谢
通过email就挺方便的: my[at]lijiejie.com
很久都没更新博客了呀~~
是啊,回家之后一直忙点别的事,稍后会抽空写一些东西的。
lz的主机在日本
KDDI CORPORATIONdescr: GARDEN AIR TOWER,3-10-10,Iidabashi,Chiyoda-ku,Tokyocountry: JPadmin-c: JNIC1-APtech-c: JNIC1-APstatus: ALLOCATED PORTABLEremarks: Email address for spam or abuse complaints [email protected]: [email protected] 20110315mnt-irt: IRT-JPNIC-JPmnt-by: MAINT-JPNICmnt-lower: MAINT-JPNICsource: APNICirt: IRT-JPNIC-JPaddress: Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kandaaddress: Chiyoda-ku, Tokyo 101-0047, Japane-mail: [email protected]-mailbox: [email protected]-c: JNIC1-APtech-c: JNIC1-APauth: # Filteredmnt-by: MAINT-JPNICchanged: [email protected] 20101108changed: [email protected] 20101111source: APNICrole: Japan Network Information Centeraddress: Urbannet-Kanda Bldg 4Faddress: 3-6-2 Uchi-Kandaaddress: Chiyoda-ku, Tokyo 101-0047,Japancountry: JPphone: +81-3-5297-2311fax-no: +81-3-5297-2312e-mail: [email protected]-c: JI13-APtech-c: JE53-APnic-hdl: JNIC1-APmnt-by: MAINT-JPNICchanged: [email protected] 20041222changed: [email protected] 20050324changed: [email protected] 20051027changed: [email protected] 20120828source: APNICinetnum: 106.128.0.0 – 106.191.255.255netname: KDDI-CIDR-BLK-JPdescr: KDDI CORPORATIONremarks: Email address for spam or abuse complaints : [email protected]: JPadmin-c: JP00000127tech-c: JP00000181remarks: This information has been partially mirrored by APNIC fromremarks: JPNIC. To obtain more specific information, please use theremarks: JPNIC WHOIS Gateway atremarks: http://www.nic.ad.jp/en/db/whois/en-gateway.html orremarks: whois.nic.ad.jp for WHOIS client. (The WHOIS clientremarks: defaults to Japanese output, use the /e switch for Englishremarks: output)changed: [email protected] 2011031
用的linode
NameError: name ‘os’ is not defined
import os,sys 就可以了
import os,sys 就可以了
感谢楼主提供代码,我已经根据这个实现了 解析chrome33+的cookies代码如下:import shutilimport sqlite3import win32cryptimport os,sys outFile_path = os.path.join(os.path.dirname(sys.executable), ‘ChromePass.txt’) if os.path.exists(outFile_path): os.remove(outFile_path) db_file_path = os.path.join(os.environ[‘LOCALAPPDATA’], r’GoogleChromeUser DataDefaultCookies’)tmp_file = os.path.join(os.path.dirname(sys.executable), ‘tmp_tmp_tmp’)if os.path.exists(tmp_file): os.remove(tmp_file)shutil.copyfile(db_file_path, tmp_file) # In case file lockedconn = sqlite3.connect(tmp_file)for row in conn.execute(‘select host_key,name,value,encrypted_value from cookies’): pwdHash = str(row
) try: ret = win32crypt.CryptUnprotectData(pwdHash, None, None, None, 0) except: print ‘Fail to decrypt chrome passwords’ sys.exit(-1) with open(outFile_path, ‘a+’) as outFile: outFile.write(‘host_key: {0:<20} name: {1:<20} value: {2} nn’.format( row[0].encode(‘gbk’), row 
.encode(‘gbk’),ret 
.encode(‘gbk’)) )conn.close()print ‘All Chrome cookies saved to:n’ + outFile_pathos.remove(tmp_file) # Remove temp file
没有报错,也没有ChromePass.txt文件生成
后来的版本没仔细测试过,应该是保存的方式变了。
调试后发现,可以connect,但execute后无记录…
用jiejie的返回Fail to decrypt chrome passwords
网上其他的报错
password = win32crypt.CryptUnprotectData(result[2], None, None, None, 0)[1]
pywintypes.error: (-2146893813, ‘CryptProtectData’, ‘\xb8’)
上面的脚本应该只能用于旧版本的Chrome,新版本需要看看是否已经改变加密方法了