You can fully control Chrome at this point, taking any action the user could take.
Chrome cookie viewer code#
Once your headless Chrome (with remote debugging enabled) instance is running, this code just executes remote debugging commands to print the user's cookies for all websites in plaintext. This is how Chrome Developer Tools communicate with Chrome. Remote debuggingįrom here, we just use a normal (but extremely forbidden and undocumented) feature of Chrome: the Remote Debugging protocol. By creating a new headless Chrome instance, and specifying the user-data-dir to be the same as the victim's, your headless Chrome instance will authenticate as the vicitm. It is quite broad and will pull thousands of lines. This directory contains cookies, history, preferences, etc. This script will at least load the cookie database and let you pull values. Headless (no window is rendered) Chrome is allowed to specify a user-data-dir. How it works Headless Chrome and user-data-dir This uses some sneaky "writing to /tmp" tricks to trick Chrome into reading the cookies for us. If you want to extract the Chrome cookies for a profile other than the Default profile, just edit the PROFILE variable in cookie_crimes.py. Here's a blog post by with all the details. Because Edge is based on Chromium, the same trick works. Listen I know that's not Chrome, but hear me out. But hey, the user will probably just assume their Chrome crashed and restored itself.Įxtra crispy thanks to for sharing this trick <3Ĭookie_crimes_macos.sh will also download, execute, and delete a websocat binary to make the websocket request. This does have the downside of making the Chrome window look like it crashed for about 0.5s (it did lol) and reloading all tabs. On macOS, remote debugging is enabled by quickly killing and restarting Chrome, and attaching remote debugging to the new Chrome session with -restore-last-session (Just like clicking "restore tabs" in Chrome).
Requires Python3.6+ to run locally, but the binary it compiles to works anywhere.Ĭat cookies.json |. Actually also works on the Microsoft Edge browserįor ezmode #ethical #hacking, please direct your meterpreter session to Blog post.
Chrome cookie viewer password#
Works without root or the user's password.Prints all Chrome cookies in sweet sweet JSON.If you are not the kind of person who regularly gets the ability to execute code on other people's computers, you probably don't care about this. You don't need to have their password or be root to use it. This will print out a user's Chrome cookies.
0 kommentar(er)
