A collection of Python scripts for decrypting saved credit card numbers and passwords stored by Chromium-based browsers and Firefox on Windows.
For educational and research purposes only. Only run these scripts against your own browser profiles.
- OS: Windows only
- Python: 3.8+
pip install pycryptodome pyasn1 PythonForWindows| Package | Used by |
|---|---|
pycryptodome |
All scripts |
pyasn1 |
decrypt_card_number_firefox.py |
windows (PythonForWindows) |
Chrome / Edge scripts |
Decrypts saved credit card numbers from Google Chrome (v20+ App-Bound Encryption).
Requires: Administrator privileges
# Run PowerShell or CMD as Administrator
python decrypt_card_number_chrome.pyThe script automatically reads from:
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Local State%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Web Data
Decrypts saved credit card numbers from Microsoft Edge (v20+ App-Bound Encryption).
Requires: Administrator privileges
# Run PowerShell or CMD as Administrator
python decrypt_card_number_edge.pyThe script automatically reads from:
%USERPROFILE%\AppData\Local\Microsoft\Edge\User Data\Local State%USERPROFILE%\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Decrypts saved credit card numbers from Mozilla Firefox. Uses the Windows Credential Manager to retrieve the OSKeyStore AES key.
Does not require Administrator privileges.
python decrypt_card_number_firefox.py -d "<path_to_firefox_profile>" [-p "<master_password>"]Arguments:
| Argument | Description | Required |
|---|---|---|
-d, --dir |
Path to the Firefox profile directory | Yes |
-p, --password |
Firefox master password (leave empty if none is set) | No |
Finding your Firefox profile directory:
- Open Firefox and go to
about:profiles - Find your active profile and copy the Root Directory path
Example:
python decrypt_card_number_firefox.py -d "C:\Users\YourName\AppData\Roaming\Mozilla\Firefox\Profiles\abc123.default-release"With a master password:
python decrypt_card_number_firefox.py -d "C:\Users\YourName\AppData\Roaming\Mozilla\Firefox\Profiles\abc123.default-release" -p "MyMasterPassword"Decrypts saved passwords from Google Chrome (v20+ App-Bound Encryption).
Requires: Administrator privileges
# Run PowerShell or CMD as Administrator
python decrypt_chrome_v20.pyThe script automatically reads from:
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Local State%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Login Data
Decrypts saved passwords from Microsoft Edge (v20+ App-Bound Encryption).
Requires: Administrator privileges
# Run PowerShell or CMD as Administrator
python decrypt_edge_v20.pyThe script automatically reads from:
%USERPROFILE%\AppData\Local\Microsoft\Edge\User Data\Local State%USERPROFILE%\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Chrome and Edge v20+ protect stored data using App-Bound Encryption:
- The master key is stored in
Local State, encrypted with DPAPI under the SYSTEM account. - The scripts impersonate
lsass.exeto gain SYSTEM privileges and decrypt the key via DPAPI. - Depending on the key blob flag, AES-GCM or ChaCha20-Poly1305 is used to decrypt the final master key.
- Individual entries (passwords / card numbers) are then decrypted with AES-GCM using the master key.
This is why Administrator privileges are required for Chrome and Edge scripts.
Firefox uses two layers:
- Master key — stored in
key4.db, encrypted with PBE (3DES or AES-CBC via PBKDF2). Protected by an optional master password. - Credit card numbers — encrypted with AES-GCM using a 16-byte key stored in Windows Credential Manager under the label
Firefox Encrypted Storage.