Skip to content

/PwnChrome

A small program that grabs saved passwords from Chrome using a vulnerability where saved passwords are vulnerable to attacks/grabs when Chrome is closed.
infosec python3 chrome vulnerability password
Python
  1. Python 100.0%
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Download ZIP

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio

If nothing happens, download the GitHub extension for Visual Studio and try again.

@Arszilla
Arszilla Fixed formatting
Latest commit 40a7432 Aug 24, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Feb 7, 2019
PwnChrome.py Formatting fixes Apr 12, 2019
README.md Fixed formatting Aug 24, 2019

README.md

PwnChrome

A small program that grabs saved passwords from Chrome using a vulnerability where saved passwords are vulnerable to attacks/grabs when Chrome is closed.

Requirements

  • Python 3.3+
  • pywin32 module - The program will automatically install this module if you don't have it

Information

To run the script just launch the PwnChrome.py using python PwnChrome.py.

The script will automatically detect the operating system (Windows/MacOS/Linux) and if the operating system is Windows, it will check if the pywin32 module is present. If the module isn't present, the script will automatically install it. Afterwards the script will check if chrome.exe is running and if it is, it will kill the task forcefully and silently so that it can navigate to Chrome's saved passwords directory and access the saved passwords; which are unprotected while Chrome is closed. At that point the script will extract the url, username and password to PwnChrome.txt which will be placed where PwnChrome.py is located at.

The reason why the script checks if your operating system is Windows' is because pywin32 can't be installed in MacOS or Linux due to pywin32 requiring Windows due to the module providing access to many of the Windows' APIs for Python. I am looking for ways to decrypt OS X Keychain for MacOS and GNOME Keyring or KWallet on Linux.

This project is for educational purposes ONLY.

Written with Python 3.7.

Acknowledgements

Disclaimer

This project is for educational purposes ONLY. As the MIT License states:

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Donations

If you'd like to donate to me use one of these two methods please:

Bitcoin Cash: bitcoincash:qppxw4t8zqm4cp8gpvaldx4sur2f4e8wvgqecnl4ld

Bitcoin: 1FBGXoAMSEmZwnbzyjQ81eo72EGU8hjV7A

You can’t perform that action at this time.