Decrypt Chrome Cookies with Python
Tags:
Bottom Line: Use PyCrypto to decrypt Chrome’s cookies for easier Python scraping.
I posted pyCookieCheat a while back, which is a quick script using some sqlite3 to steal cookies from Chrome for use in a Python script. The reason this is a big deal, is because it works fairly well to turn a complicated login script and POSTing all kinds of url encoded stuff into something much more simple:
url = 'http://n8henrie.com'
cookies = chrome_cookies(url)
html = requests.get(url, cookies=cookies)
I’m not saying it works all the time, but it has certainly made a few scraping jobs easier for me (when the page to be scraped is behind a login that writes cookies, obviously).
Recently, both Chrome and Chromium started encrypting their cookies, which broke my script. I’ve seen a few posts on how to decrypt it on Windows, but I couldn’t find any good instructions for Mac or Linux.
It took a little browsing through the Chromium source code, but I was eventually able to come up with a script to decrypt them using PyCrypto, so that I could continue using pyCookieCheat.py. The key parts ended up being:
- salt is
b'saltysalt' - key length is
16 ivis 16 bytes of spaceb' ' * 16- on Mac OSX:
- password is in keychain under
Chrome Safe Storage- I use the excellent keyring package to get the password
- You could also use bash:
security find-generic-password -w -s "Chrome Safe Storage"
- number of iterations is
1003
- password is in keychain under
- on Linux:
- password is
peanuts - number of iterations is
1
- password is
A few other tricky parts:
v10gets prepended to the encrypted key- the padding at the end of the encrypted value varies based on the number of bytes it needs to pad, but you can strip it off as demonstrated at StackOverflow. </ul> I’m sure my code could be improved in about a bazillion ways, but it seems to be working again for me. Hope this can help some of you out there!