从Cookie本地文件里解密读取cookie值
By
bobo
at 2022-11-10 • 0人收藏 • 835人看过
HttpOnly是Cookie中一个属性,用于防止客户端脚本通过document.cookie属性访问Cookie,但毕竟Cookis是一种本地存储机制,全部的数据记录都存放在指定文件中(SQLITE格式,数值加密),所以可以解密此文件,用来获取到HttpOnly cookie等。
代码以 WBVEIW 为例,也可以解密 chrome 和 chrome edge 浏览器的cookie
import win.ui; import crypt; import crypt.protectData; import web.json; import py3; import sqlite; /*DSG{{*/ mainForm = win.form(text="COOKIE抓取";right=523;bottom=541) mainForm.add( btnCookie={cls="button";text="从数据文件解析Cookies";left=134;top=8;right=366;bottom=42;z=2}; custom={cls="custom";text="自定义控件";left=25;top=49;right=494;bottom=528;z=1} ) /*}}*/ import web.view; var wb = web.view(mainForm.custom,"/"); wb.go("https://passport.baidu.com/") wb.wait(""); getCookie = function(){ var userDataPath = io.curDir() ++ "EBWebView\" // 1、从 EBWebView 文件夹下读取 Local State 文件中的encrypted_key值 var ekeyFile = io.open(userDataPath ++ "Local State","r+"); var ekeyArr = web.json.parse( ekeyFile.read() ); var base64_encrypted_key = ekeyArr.os_crypt.encrypted_key; //2 、 base64解码,DPAPI解密,得到真实的AESGCM key(bytes) var encrypted_key_with_header = crypt.decodeBin(base64_encrypted_key); var encrypted_key = string.trimleft(encrypted_key_with_header,"DPAPI"); var key = crypt.protectData.decrypt(encrypted_key,false); //3、AES-GCM解密,aardio未找到此函数,调用PY处理 pyCode = /** from cryptography.hazmat.primitives.ciphers.aead import AESGCM def DecryptString(key,data): nonce,cipherbytes=data[3:15],data[15:] aesgcm=AESGCM(key) plainbytes=aesgcm.decrypt(nonce,cipherbytes,None) plaintext=plainbytes.decode('utf-8') return plaintext **/ py3.exec(pyCode) //4、从SQLITE格式的COOKIES文件里读取数据 var db = sqlite(userDataPath ++ "Default\Network\Cookies"); var result = {}; var sqlStr = /* select name,encrypted_value from cookies where host_key like '%passport.baidu.com' */ for name,encrypted_value in db.each(sqlStr) { result[name] = tostring(py3.main.DecryptString(key,encrypted_value)); } return result; } mainForm.btnCookie.oncommand = function(id,event){ mainForm.msgbox( getCookie() ) } mainForm.show(); win.loopMessage();
调用python的AES-GCM有些繁琐,c#大佬门可尝试更换下C#下的AES-GCM函数
2 个回复 | 最后更新于 2022-11-11
登录后方可回帖
注释的很详细, 赞一个