defaultnamehere / cookie_crimes Goto Github PK

This will print your Chrome cookies as JSON for the default profile. They're conveniently in the right format to be loaded into the EditThisCookie Chrome Extension

To compile to a single binary:

   make

Note that the binary created will be for the OS you run make on. There's no fancy cross-compiling magic going on here. You'll have to build this on the same OS as you're running it on.

macOS

Why is it different on macOS?

For whatever reason, running Chrome with --headless has allowed reading of cookies from normal ("headful") Chrome on-and-off over the last few years as changes to Chrome are made. Seriously there are so many commits every day that it's become difficult to say "Chrome does not have this feature". This has caused the headless method to sometimes not work on macOS.

How to do it

Instead, you can run:

./cookie_crimes_macos.sh

Formatting for EditThisCookie

Chrome's cookie format stores domains with leading dots (e.g. .google.com), and so to import all cookies into Chrome via the EditThisCookie Chrome Extension, you'll need to remove the leading dots. You can do this via the following Enterprise Grade and completely unnecessary bash script:

cat cookies.json | ./format_for_editthiscookie.sh

How it works

On macOS, remote debugging is enabled by quickly killing and restarting Chrome, and attaching remote debugging to the new Chrome session with --restore-last-session (Just like clicking "restore tabs" in Chrome). This does have the downside of making the Chrome window look like it crashed for about 0.5s (it did lol) and reloading all tabs. But hey, the user will probably just assume their Chrome crashed and restored itself.

Extra crispy thanks to @IAmMandatory for sharing this trick <3

cookie_crimes_macos.sh will also download, execute, and delete a websocat binary to make the websocket request.

Microsoft Edge

Listen I know that's not Chrome, but hear me out. Because Edge is based on Chromium, the same trick works. Here's a blog post by @wunderwuzzi23 with all the details.

Multiple Profiles

If you want to extract the Chrome cookies for a profile other than the Default profile, just edit the PROFILE variable in cookie_crimes.py. This uses some sneaky "writing to /tmp" tricks to trick Chrome into reading the cookies for us.

How it works

Headless Chrome and `user-data-dir`

Headless (no window is rendered) Chrome is allowed to specify a user-data-dir. This directory contains cookies, history, preferences, etc. By creating a new headless Chrome instance, and specifying the user-data-dir to be the same as the victim's, your headless Chrome instance will authenticate as the vicitm.

Remote debugging

From here, we just use a normal (but extremely forbidden and undocumented) feature of Chrome: the Remote Debugging protocol. This is how Chrome Developer Tools communicate with Chrome. Once your headless Chrome (with remote debugging enabled) instance is running, this code just executes remote debugging commands to print the user's cookies for all websites in plaintext.

You can fully control Chrome at this point, taking any action the user could take.

closing ceremony

don't do crimes with this please

cookie_crimes's People

Contributors

Stargazers

Watchers

cookie_crimes's Issues

no value

I just changed the path for it to work on windows, but it's not printing out values, getting everything else... ?

Not working

I tried running this project after fulfilling the requirements and doing "make"
running "python3 cookie_crimes.py" doesn't work.
Also running "python cookie_crimes.py " produces error at line 100
AttributeError: 'module' object has no attribute 'DEVNULL'

Any plans to make it work on windows* in the near future?

Tried it out at work but as said it's windows* supported

Error:
File "cookie_crimes.py", line 34, in
raise RuntimeError("what the heck kind of OS is this? seriously what is '%s'? y'know what i don't hav to deal with this i'm outta here car ignition noises driving noises driving noises fade away" % sys.platform)

RuntimeError: what the heck kind of OS is this? seriously what is 'win32'? y'know what i don't hav to deal with this i'm outta here car ignition noises driving noises driving noises fade away

Any plans to make that work in the future? would appreciate just the stepping stones tho

Thanks,

Can not crime gmail cookies

Restarting chrome can not load cookies . It would not work on it at Mac 77.0.3865.90

Not working on Windows 10 - Chrome 81.0.4044.138

While the tool does outputs some cookies, this aren't really the cookies of the user.
Chrome dev tools opens the page in some kind of container, without the user's cookies.
The cookies it outputs are just the cookies that google sets automatically, without the user being logged in.

If you delete de --headeless parameter in the source code, run the tool and when chrome opens you go to http://localhsot:9222/json/new?https://some_page_you_are_logged_in.com you will see you are not going to be logged in this URL, that's why the tool can't retrieve the real cookies.

At least that is what I understood. Only tested in Windows 10, on the latest Chrome.

error

$ python cookie_crimes.py
Traceback (most recent call last):
File "cookie_crimes.py", line 139, in
forbidden_process = summon_forbidden_protocol()
File "cookie_crimes.py", line 100, in summon_forbidden_protocol
stdout=subprocess.DEVNULL,
AttributeError: 'module' object has no attribute 'DEVNULL'

Connection refused problems

Hello,
Thank you for this research and tool. However, I failed to test the tool for myself. Got following error messages (OS is macOS)

Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connection.py", line 171, in _new_conn
    (self._dns_host, self.port), self.timeout, **extra_kw)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/util/connection.py", line 79, in create_connection
    raise err
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/util/connection.py", line 69, in create_connection
    sock.connect(sa)
ConnectionRefusedError: [Errno 61] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connectionpool.py", line 354, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 1239, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 1285, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 1234, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 1026, in _send_output
    self.send(msg)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/http/client.py", line 964, in send
    self.connect()
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connection.py", line 196, in connect
    conn = self._new_conn()
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connection.py", line 180, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x1093c3dd8>: Failed to establish a new connection: [Errno 61] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/adapters.py", line 445, in send
    timeout=timeout
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/util/retry.py", line 398, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='localhost', port=9222): Max retries exceeded with url: /json (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x1093c3dd8>: Failed to establish a new connection: [Errno 61] Connection refused',))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "cookie_crimes.py", line 140, in <module>
    secret_websocket_debugging_url = hit_that_secret_json_path_like_its_1997()
  File "cookie_crimes.py", line 109, in hit_that_secret_json_path_like_its_1997
    response = requests.get("http://localhost:{port}/json".format(port=REMOTE_DEBUGGING_PORT))
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/api.py", line 72, in get
    return request('get', url, params=params, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/sessions.py", line 512, in request
    resp = self.send(prep, **send_kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/sessions.py", line 622, in send
    r = adapter.send(request, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/adapters.py", line 513, in send
    raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='localhost', port=9222): Max retries exceeded with url: /json (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x1093c3dd8>: Failed to establish a new connection: [Errno 61] Connection refused',))

Mac - No such Chrome process

Installed the requirements and tried running the app but got an error immediately.

python3 cookie_crimes.py

Traceback (most recent call last):
  File "cookie_crimes.py", line 147, in <module>
    cleanup(forbidden_process)
  File "cookie_crimes.py", line 130, in cleanup
    os.kill(chrome_process.pid + 1, signal.SIGKILL)
ProcessLookupError: [Errno 3] No such process

defaultnamehere / cookie_crimes Goto Github PK

cookie_crimes's Introduction

Chrome Cookie Extraction Without Root

Features

Metasploit module

Blog post

Installation

Usage

Windows and Linux

macOS

Why is it different on macOS?

How to do it

Formatting for EditThisCookie

How it works

Microsoft Edge

Multiple Profiles

How it works

Headless Chrome and user-data-dir

Remote debugging

closing ceremony

cookie_crimes's People

Contributors

Stargazers

Watchers

Forkers

cookie_crimes's Issues

Recommend Projects

Recommend Topics

Recommend Org

Headless Chrome and `user-data-dir`