![]() $unquoted_cookie=$cookie -replace '"', "" $cookie = ::ASCII.GetString($cookieAsBytes) $cookieAsEncryptedBytes = Get-Content -Encoding Byte "$tempFileName1" "select writefile('$tempFileName1', encrypted_value) from cookies where host_key = '.' " | sqlite3.exe "$cookieLocation" # adjust your filter in the where clause. $cookieLocation = 'C:\Users\ysg\AppData\Local\Google\Chrome\User Data\Profile 1\Cookies' # Obs ! Each profile has its own cookes file, replace me (ysg o) with your win usr name # this powershell scripts exports your cookies to a format curl and wget understand Big thanks to for answering how Chrome 80 and up changed the way cookies are encrypted. Var len = cipher.ProcessBytes(cipherText, 0, cipherText.Length, plainText, 0) Var cipherText = cipherReader.ReadBytes(encryptedData.Length) Var parameters = new AeadParameters(new KeyParameter(decodedKey), MAC_BIT_SIZE, nonce) Var cipher = new GcmBlockCipher(new AesEngine()) Var nonce = cipherReader.ReadBytes(NONCE_BIT_SIZE / 8) Var nonSecretPayload = cipherReader.ReadBytes(3) Using (var cipherReader = new BinaryReader(cipherStream)) ![]() Using (var cipherStream = new MemoryStream(encryptedData)) Var decodedKey = .Unprotect(Convert.FromBase64String(encKey).Skip(5).ToArray(), null, .LocalMachine) String encKey = File.ReadAllText(Environment.GetEnvironmentVariable("APPDATA") Data/Local State") ĮncKey = JObject.Parse(encKey).ToString() SQLiteDataReader rdr = cmd.ExecuteReader() īyte encryptedData = (byte)rdr SQLiteCommand cmd = new SQLiteCommand("SELECT host_key, name, value, encrypted_value FROM cookies WHERE name='mvrusername' OR name='mvrcookie' OR name='mikuki4'", Cnn) The code so far: File.Copy(Environment.GetEnvironmentVariable("APPDATA") Data/Default/Cookies", Cnn = new SQLiteConnection("Data Source=" " pooling=false") You'll need these Nugets: using System.IO And last, use the code below to decrypt it. The thing is that Google Chrome encrypts the data you need to read, so you have to decrypt it.įirst, get a copy of the cookies file. I also found the Add-SqliteAssembly function by halr9000 to be very helpful when it came time to schedule my script in the windows task scheduler and realized that the task scheduler runs the x86 version of PowerShell and thus SQLite rather than the 圆4 I was using in the console. $plainCookie = Get-Last-Cookie 'acct' '.' $dbDataSource $dbDataSource = Join-Path -Path $localAppDataPath -ChildPath $cookieDbPath $cookieDbPath = 'Google\Chrome\User Data\Default\Cookies' $localAppDataPath = ::GetFolderPath(::LocalApplicationData) $cookieAsBytes = ::Unprotect($cookieAsEncryptedBytes, $null, ::CurrentUser) $adapter = New-Object -TypeName $command $query = "SELECT encrypted_value FROM cookies WHERE name='$valueName' `ĪND host_key='$hostKey' ORDER BY creation_utc DESC LIMIT 1" $conn.ConnectionString = "Data Source=$dbDataSource" It's not as elegant as a separate class, but it's what worked best for me: Add-Type -AssemblyName System.SecurityĪdd-Type -Path 'C:\Program Files\\2015\bin\圆4\' Like jasper, I found it easier and quicker to access the available here. So I wanted to do this without writing to a tempfile every time but also without implementing a separate class as per jasper's solution. Yield return Tuple.Create(reader.GetString(0), plainText) Var plainText = (decodedData) // Looks like ASCII Var decodedData = .Unprotect(encryptedData, null, .CurrentUser) Using (var conn = new (connectionString))Ĭmd.CommandText = "SELECT name,encrypted_value FROM cookies WHERE host_key = (var reader = cmd.ExecuteReader()) Var connectionString = "Data Source=" dbPath " pooling=false" If (!System.IO.File.Exists(dbPath)) throw new System.IO.FileNotFoundException("Cant find cookie store",dbPath) // race condition, but i'll risk it Var dbPath = Environment.GetFolderPath() Data\Default\Cookies" If (hostName = null) throw new ArgumentNullException("hostName") Public IEnumerable> ReadCookies(string hostName) All credit to Scherling, as the DPAPI was spot on. I've run into this same problem, and the code below provides a working example for anyone who is interested.
0 Comments
Leave a Reply. |