Skip to content

A small program that grabs saved passwords from Chrome using a vulnerability where saved passwords are vulnerable to attacks/grabs when Chrome is closed.

License

Notifications You must be signed in to change notification settings

Arszilla/PwnChrome

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 

Repository files navigation

PwnChrome

A small program that grabs saved passwords from Chrome using a vulnerability where saved passwords are vulnerable to attacks/grabs when Chrome is closed.

Requirements

  • Python 3.3+
  • pywin32 module - The program will automatically install this module if you don't have it

Information

To run the script just launch the PwnChrome.py using python PwnChrome.py.

The script will automatically detect the operating system (Windows/MacOS/Linux) and if the operating system is Windows, it will check if the pywin32 module is present. If the module isn't present, the script will automatically install it. Afterwards the script will check if chrome.exe is running and if it is, it will kill the task forcefully and silently so that it can navigate to Chrome's saved passwords directory and access the saved passwords; which are unprotected while Chrome is closed. At that point the script will extract the url, username and password to PwnChrome.txt which will be placed where PwnChrome.py is located at.

The reason why the script checks if your operating system is Windows' is because pywin32 can't be installed in MacOS or Linux due to pywin32 requiring Windows due to the module providing access to many of the Windows' APIs for Python. I am looking for ways to decrypt OS X Keychain for MacOS and GNOME Keyring or KWallet on Linux.

This project is for educational purposes ONLY.

Written with Python 3.7.

Acknowledgements

Disclaimer

This project is for educational purposes ONLY. As the MIT License states:

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

About

A small program that grabs saved passwords from Chrome using a vulnerability where saved passwords are vulnerable to attacks/grabs when Chrome is closed.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages