Google Chrome Password recovery tool
Dumps Google Chrome saved passwords for the current user. This is a console mode program for now. Run it from the command line.
This is a .NET Core application as of version 2.0 (Go back to tag "fullfx" for last full framework version)
This also means it will work on both Windows Chrome and OS X Chrome.
For OS X it is important to note:
- Chrome cannot be running when running the app.
- The app will ask for permission to read the encryption password from the Keychain. Needless to
say, you will need to allow this for the program to work. Alternatively, you may pass the password on the commandline using the
The OS X decryption code was heavily influenced by this helpful article
Does this demonstrate a vulnerability in Chrome ?
Absolutely not. All this do is utilize your currently authenticated user (and keychain access for OS X) in order to provide you with your own data in a more helpful format than Chrome allows you to. If you don't have access to the Windows user account / OS X Keychain, you also don't have access to the data this app provides.
Assuming you have .NET Core 2.1 installed, you should be able to do:
dotnet cprecover.dll <domain> <switches>
Include a domain name as the first argument if you want to get the saved passwords for just the specified domain.
Available switches are:
-dump:xmlfile Dump results to the specified XML file. -file:filespec Try to read passwords from the specified file. If you omit this, the program will try the default Chrome data directory. -help Display a help text.
Print all saved logins to the console
Print all saved logins for www.google.com to the console:
dotnet cprecover.dll www.google.com
Dump data to an XML file: