HackChromeData (mac OS)

NOTICE

• This software decrypt your Chrome's cookie and password, then send them to standard output.
  • This software does not upload any credential to the internet.

Referenced source code

• This repository contains the necessary part only for PoC.

Disclaimer

• This tool is limited to education and security research only!!

Build

• It uses github.com/crazy-max/xgo to build cgo binary on cross environment.

make build

Supported OS and Architecture

• macOS x64
• macOS ARM64

Usage

• For macOS (Normal)
  • (When your profile name is Default)
  • HackChromeData asks to access keychain
    • (security find-generic-password -wa "Chrome" is called internally)

# Cookie
$ ./hack-chrome-data -kind cookie -targetpath ~/Library/Application\ Support/Google/Chrome/Default/Cookies

# Password
$ ./hack-chrome-data -kind logindata -targetpath ~/Library/Application\ Support/Google/Chrome/Default/Login\ Data

• For macOS (Use Keychain Value)
  • (When your profile name is Default)
  1. Get Chrome Sesssion Storage value on Keychain
     • security find-generic-password -wa "Chrome"
     • or you can get the value through forensic tool like chainbreaker.
  2. Decrypt cookies and passwords

# Cookie
$ ./hack-chrome-data -kind cookie -targetpath ~/Library/Application\ Support/Google/Chrome/Default/Cookies -sessionstorage <session storage value>

# Password
$ ./hack-chrome-data -kind logindata -targetpath ~/Library/Application\ Support/Google/Chrome/Default/Login\ Data -sessionstorage <session storage value>