谷歌浏覽器會将浏覽數據保存在本地磁盤,我們将編寫 Python 代碼來提取 Windows 計算機上 Chrome 中保存的密碼,開始寫程序前請安裝所需要庫:
pipinstallpycryptodomepypiwin32
程序運行截圖:
1、get_chrome_datetime()函數負責将 chrome 日期格式轉換為人類可讀的日期時間格式。
2、get_encryption_key()函數提取并解碼用于加密密碼的AES密鑰,這"%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Local State"作為 JSON 文件存儲在路徑中
3、decrypt_password() 将加密密碼和 AES 密鑰作為參數,并返回密碼的解密版本
首先,我們使用之前定義的get_encryption_key()函數獲取加密密鑰,然後我們将 sqlite 數據庫(位于"%USERPROFILE%\AppData\Local\Google\Chrome\User Data\default\Login Data"保存密碼的位置)複制到當前目錄并連接到它,這是因為原始數據庫文件将被鎖定Chrome 當前正在運行。
之後,我們對登錄表進行選擇查詢并遍曆所有登錄行,我們還解密每個密碼date_created并将date_last_used日期時間重新格式化為更易于閱讀的格式。
最後,我們打印憑據并從當前目錄中删除數據庫副本。
讓我們調用主函數,完美提取Chrome浏覽器保存的密碼:
完整程序代碼
import os
import json
import base64
import sqlite3
import win32crypt
from Crypto.Cipher import AES
import shutil
from datetime import datetime, timedelta
def get_chrome_datetime(chromedate):
"""從chrome格式的datetime返回一個`datetime.datetime`對象
因為'chromedate'的格式是1601年1月以來的微秒數"""
return datetime(1601, 1, 1) timedelta(microseconds=chromedate)
def get_encryption_key():
local_state_path = os.path.join(os.environ["USERPROFILE"],
"AppData", "Local", "Google", "Chrome",
"User Data", "Local State")
with open(local_state_path, "r", encoding="utf-8") as f:
local_state = f.read()
local_state = json.loads(local_state)
key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
key = key[5:]
return win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]
def decrypt_password(password, key):
try:
iv = password[3:15]
password = password[15:]
cipher = AES.new(key, AES.MODE_GCM, iv)
return cipher.decrypt(password)[:-16].decode()
except:
try:
return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1])
except:
# not supported
return ""
def main():
key = get_encryption_key()
db_path = os.path.join(os.environ["USERPROFILE"], "AppData", "Local",
"Google", "Chrome", "User Data", "default", "Login Data")
filename = "ChromeData.db"
shutil.copyfile(db_path, filename)
db = sqlite3.connect(filename)
cursor = db.cursor()
cursor.execute(
"select origin_url, action_url, username_value, password_value, date_created, date_last_used from logins order by date_created")
# iterate over all rows
for row in cursor.fetchall():
origin_url = row[0]
action_url = row[1]
username = row[2]
password = decrypt_password(row[3], key)
date_created = row[4]
date_last_used = row[5]
if username or password:
print(f"Origin URL: {origin_url}")
print(f"Action URL: {action_url}")
print(f"Username: {username}")
print(f"Password: {password}")
else:
continue
if date_created != 86400000000 and date_created:
print(f"Creation date: {str(get_chrome_datetime(date_created))}")
if date_last_used != 86400000000 and date_last_used:
print(f"Last Used: {str(get_chrome_datetime(date_last_used))}")
print("=" * 50)
cursor.close()
db.close()
try:
# try to remove the copied db file
os.remove(filename)
except:
pass
if __name__ == "__main__":
main()
更多精彩资讯请关注tft每日頭條,我们将持续为您更新最新资讯!
zpostcode 
Recruit 
weather 
mreligion 
Yellowpages 
sport 
constellation 
shopping 
name 
game 
directory 
literature 
Word 
tour 
furnish 
Lottery 
tftnews 
lyrics 
News 
digital 
car 
dir 
Edu 
Finance 
