Bottom Line: Use PyCrypto to decrypt Chrome’s cookies for easier Python scraping.

I posted pyCookieCheat a while back, which is a quick script using some sqlite3 to steal cookies from Chrome for use in a Python script. The reason this is a big deal, is because it works fairly well to turn a complicated login script and POSTing all kinds of url encoded stuff into something much more simple:

url = ''
cookies = chrome_cookies(url)
html = requests.get(url, cookies=cookies)

I’m not saying it works all the time, but it has certainly made a few scraping jobs easier for me (when the page to be scraped is behind a login that writes cookies, obviously).

Recently, both Chrome and Chromium started encrypting their cookies, which broke my script. I’ve seen a few posts on how to decrypt it on Windows, but I couldn’t find any good instructions for Mac or Linux.

It took a little browsing through the Chromium source code, but I was eventually able to come up with a script to decrypt them using PyCrypto, so that I could continue using The key parts ended up being:

  • salt is b'saltysalt'
  • key length is 16
  • iv is 16 bytes of space b' ' * 16
  • on Mac OSX:
    • password is in keychain under Chrome Safe Storage
      • I use the excellent keyring package to get the password
      • You could also use bash: security find-generic-password -w -s "Chrome Safe Storage"
    • number of iterations is 1003
  • on Linux:
    • password is peanuts
    • number of iterations is 1

A few other tricky parts:

  • v10 gets prepended to the encrypted key
    • the padding at the end of the encrypted value varies based on the number of bytes it needs to pad, but you can strip it off as demonstrated at StackOverflow. </ul> I’m sure my code could be improved in about a bazillion ways, but it seems to be working again for me. Hope this can help some of you out there!