Do you think it is safe to store your password in Chrome?
Does Chrome store your password safely?
My answer is “No”.
A simple program to decrypt the Chrome password saved on your machine.
This code has only been tested on Windows, so it may not work on other OS like Linux or MAC.
OS support:
- Windows
Dependencies:
- sqlite
- pycryptodomex
- csv
- pywin32
Requirements:
- sqlite=3.33.0=h2a8f88b_0
- pycryptodomex=3.10.1=pypi_0
- pywin32=227=py38he774522_1
Usage
python decrypt_chrome_password.py
Now first I will check my saved password in Chrome.
Go to settings >> Autofill and passwords >> Google Password Manager
When you try to get the password then it’s asking for the Windows user password.
Now I am able to get the password.
Decrypting Chrome passwords
Four important steps to decrypt Chrome passwords:
- Find the encryption key
- Find the encrypted passwords
- Understand AES cryptography
- Decrypt the saved passwords
Find the encryption key:
The encryption key is kept in a JSON file, which can be located in the following place on your Windows PC.
C:\Users\<PC Name>\AppData\Local\Google\Chrome\User Data\Local StateWe have found the key to decrypt the saved password:
Open the file “Local state” and search for “encrypted_key”.
Find the encrypted passwords:
The encrypted password is saved in a SQLite database, which can be located in the following location on your Windows PC:
C:\Users\<PC Name>\AppData\Local\Google\Chrome\User Data\Default\Login Data
Important Notes: Install Python and Git on your Windows machine.
For details on how to download and install Python, check the tutorials for details:
http://checkpointengineer.com/how-to-install-python/
Download and install Git for Windows.
Open the PowerShell and run:
git clone https://github.com/ohyicong/decrypt-chrome-passwords.gitI created one Folder in C drive and named as “Chrome Hack”. (c:\>)
Now we go to the directory decrypt-chrome-passwords and before changing the directory verify first by using ls command.
ls
cd decrypt-chrome-passwords 
Install PyCryptodome by running the below command:
pip install pycryptodomexPyCryptodome is a self-contained Python package of low-level cryptographic primitives. It supports Python 2.7, Python 3.5, and newer.
Now run the final command to get the passwords.
python decrypt_chrome_password.py
However, I also checked banking sites and was unable to decode them.
We can also export the auto-save all decrypted passwords in .CSV format.
So go to the folder where you clone to download and install.
Next, you are able to see one file called decrypted_password.csv so take that file to open.
,CSV file output.
Thank you.