由于Chrome會(huì)將大量瀏覽數(shù)據(jù)本地保存磁盤中,在本教程中,我們將編寫 Python 代碼來提取 Windows 計(jì)算機(jī)上 Chrome 中保存的密碼。
首先,讓我們安裝所需的庫(kù):
pip install pycryptodome pypiwin32
打開一個(gè)新的 Python 文件,并導(dǎo)入必要的模塊:
import os
import json
import base64
import sqlite3
import win32crypt
from Crypto.Cipher import AES
import shutil
from datetime import timezone, datetime, timedelta
在直接進(jìn)入提取 chrome密碼之前,我們需要定義一些有用的函數(shù)來幫助我們?cè)谥骱瘮?shù)中。
def get_chrome_datetime(chromedate):
"""從chrome格式的datetime返回一個(gè)`datetime.datetime`對(duì)象
因?yàn)?chromedate'的格式是1601年1月以來的微秒數(shù)"""
return datetime(1601, 1, 1) + timedelta(microseconds=chromedate)
def get_encryption_key():
local_state_path = os.path.join(os.environ["USERPROFILE"],"AppData", "Local", "Google", "Chrome","User Data", "Local State")
with open(local_state_path, "r", encoding="utf-8") as f:
local_state = f.read()
local_state = json.loads(local_state)
# 從Base64解碼加密密鑰
key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
# 刪除 DPAPI str
key = key[5:]
# 返回最初加密的解密密鑰
# 使用從當(dāng)前用戶的登錄憑據(jù)派生的會(huì)話密鑰
# 官方文檔doc: http://timgolden.me.uk/pywin32-docs/win32crypt.html
return win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]
def decrypt_password(password, key):
try:
# 獲取初始化向量
iv = password[3:15]
password = password[15:]
# 生成密碼
cipher = AES.new(key, AES.MODE_GCM, iv)
# 解密密碼
return cipher.decrypt(password)[:-16].decode()
except:
try:
return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1])
except:
# not supported
return ""
get_chrome_datetime()
函數(shù)負(fù)責(zé)將 chrome 日期格式轉(zhuǎn)換為人類可讀的日期時(shí)間格式。
get_encryption_key()
函數(shù)提取并解碼用于加密密碼的AES密鑰,這"%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Local State
"作為 JSON 文件存儲(chǔ)在路徑中
decrypt_password()
將加密密碼和 AES 密鑰作為參數(shù),并返回密碼的解密版本。
下面是main主要功能:
def main():
# 獲取AES密鑰
key = get_encryption_key()
# 本地sqlite Chrome數(shù)據(jù)庫(kù)路徑
db_path = os.path.join(os.environ["USERPROFILE"], "AppData", "Local","Google", "Chrome", "User Data", "default", "Login Data")
# 將文件復(fù)制到其他位置
# 因?yàn)槿绻鹀hrome當(dāng)前正在運(yùn)行,數(shù)據(jù)庫(kù)將被鎖定
filename = "ChromeData.db"
shutil.copyfile(db_path, filename)
# 連接數(shù)據(jù)庫(kù)
db = sqlite3.connect(filename)
cursor = db.cursor()
# 登錄表中有我們需要的數(shù)據(jù)
cursor.execute("select origin_url, action_url, username_value, password_value, date_created, date_last_used from logins order by date_created")
# iterate over all rows
for row in cursor.fetchall():
origin_url = row[0]
action_url = row[1]
username = row[2]
password = decrypt_password(row[3], key)
date_created = row[4]
date_last_used = row[5]
if username or password:
print(f"Origin URL: {origin_url}")
print(f"Action URL: {action_url}")
print(f"Username: {username}")
print(f"Password: {password}")
else:
continue
if date_created != 86400000000 and date_created:
print(f"Creation date: {str(get_chrome_datetime(date_created))}")
if date_last_used != 86400000000 and date_last_used:
print(f"Last Used: {str(get_chrome_datetime(date_last_used))}")
print("="*50)
cursor.close()
db.close()
try:
# 嘗試刪除復(fù)制的db文件
os.remove(filename)
except:
pass
首先,我們使用之前定義的get_encryption_key()函數(shù)獲取加密密鑰,然后我們將 sqlite 數(shù)據(jù)庫(kù)(位于"%USERPROFILE%\AppData\Local\Google\Chrome\User Data\default\Login Data
"保存密碼的位置)復(fù)制到當(dāng)前目錄并連接到它,這是因?yàn)樵紨?shù)據(jù)庫(kù)文件將被鎖定Chrome 當(dāng)前正在運(yùn)行。
之后,我們對(duì)登錄表進(jìn)行選擇查詢并遍歷所有登錄行,我們還解密每個(gè)密碼date_created
并將date_last_used
日期時(shí)間重新格式化為更易于閱讀的格式。
最后,我們打印憑據(jù)并從當(dāng)前目錄中刪除數(shù)據(jù)庫(kù)副本。
讓我們調(diào)用主函數(shù),完美提取Chrome瀏覽器保存的密碼:
完整代碼
import os
import json
import base64
import sqlite3
import win32crypt
from Crypto.Cipher import AES
import shutil
from datetime import datetime, timedelta
def get_chrome_datetime(chromedate):
"""從chrome格式的datetime返回一個(gè)`datetime.datetime`對(duì)象
因?yàn)?chromedate'的格式是1601年1月以來的微秒數(shù)"""
return datetime(1601, 1, 1) + timedelta(microseconds=chromedate)
def get_encryption_key():
local_state_path = os.path.join(os.environ["USERPROFILE"],
"AppData", "Local", "Google", "Chrome",
"User Data", "Local State")
with open(local_state_path, "r", encoding="utf-8") as f:
local_state = f.read()
local_state = json.loads(local_state)
key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
key = key[5:]
return win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]
def decrypt_password(password, key):
try:
iv = password[3:15]
password = password[15:]
cipher = AES.new(key, AES.MODE_GCM, iv)
return cipher.decrypt(password)[:-16].decode()
except:
try:
return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1])
except:
# not supported
return ""
def main():
key = get_encryption_key()
db_path = os.path.join(os.environ["USERPROFILE"], "AppData", "Local",
"Google", "Chrome", "User Data", "default", "Login Data")
filename = "ChromeData.db"
shutil.copyfile(db_path, filename)
db = sqlite3.connect(filename)
cursor = db.cursor()
cursor.execute("select origin_url, action_url, username_value, password_value, date_created, date_last_used from logins order by date_created")
# iterate over all rows
for row in cursor.fetchall():
origin_url = row[0]
action_url = row[1]
username = row[2]
password = decrypt_password(row[3], key)
date_created = row[4]
date_last_used = row[5]
if username or password:
print(f"Origin URL: {origin_url}")
print(f"Action URL: {action_url}")
print(f"Username: {username}")
print(f"Password: {password}")
else:
continue
if date_created != 86400000000 and date_created:
print(f"Creation date: {str(get_chrome_datetime(date_created))}")
if date_last_used != 86400000000 and date_last_used:
print(f"Last Used: {str(get_chrome_datetime(date_last_used))}")
print("="*50)
cursor.close()
db.close()
try:
# try to remove the copied db file
os.remove(filename)
except:
pass
if __name__ == "__main__":
main()
以上就是教你用Python提取Chrome瀏覽器保存的密碼的詳細(xì)內(nèi)容,更多關(guān)于Python提取Chrome瀏覽器保存的密碼的資料請(qǐng)關(guān)注腳本之家其它相關(guān)文章!