bertrandom / chrome-cookies-secure

Extract encrypted Google Chrome cookies for a url on a Mac or Linux
https://www.npmjs.com/package/chrome-cookies-secure
MIT License
147 stars 51 forks source link

Error running through SSH #51

Open lolo169 opened 1 year ago

lolo169 commented 1 year ago

chrome-cookies-secure is very helpful ;-) thanks for that

The following code works just fine on MacOS:

const chrome = require('chrome-cookies-secure');
chrome.getCookies('https://www.google.com/', function(err, cookies) {
        console.log(cookies);
});

but running it through SSH I get the following error:

node:internal/process/promises:289
            triggerUncaughtException(err, true /* fromPromise */);
            ^

[Error: User interaction is not allowed.]

Node.js v19.2.0

Keychain access to "Chrome Safe Storage" is set to "Allow all applications to access this item"

Any idea?

rubengmurray commented 1 year ago

Are you SSH'ing to another macOS server? What command are you using to trigger the script? I've not run it like this before.

lolo169 commented 1 year ago

I solved the problem hardcoding chromePassword call: crypto.pbkdf2(chromePassword, SALT, ITERATIONS, KEYLENGTH, 'sha1', callback); in '/Users/team/node_modules/chrome-cookies-secure/index.js'

rubengmurray commented 1 year ago

You mean in the getDerivedKey function there's a case that wasn't handled by the if / else blocks?

It already runs pbkdf2 as you describe it in the darwin & linux cases:

https://github.com/bertrandom/chrome-cookies-secure/blob/master/index.js#L52

So are you saying there's platform value that isn't getting picked up?

Or are you hard-coding the chromePassword value itself in one of the if blocks?

lolo169 commented 1 year ago

Hi Ruben,

Yes, I hardcode the chromePassword.

if (process.platform === 'darwin') {
keytar = require('keytar');
keytar.getPassword('Chrome Safe Storage', 'Chrome').then(function(chromePassword) {
//crypto.pbkdf2(chromePassword, SALT, ITERATIONS, KEYLENGTH, 'sha1', callback);
crypto.pbkdf2('hxC47gOiK9i2f+Olwdaonw==', SALT, ITERATIONS, KEYLENGTH, 'sha1', callback);
});
}
rubengmurray commented 1 year ago

Where did you get the password from? Is this from your keychain?

lolo169 commented 1 year ago

Yes

Le ven. 29 sept. 2023 à 19:16, Reece Daniels @.***> a écrit :

Where did you get the password from? Is this from your keychain?

— Reply to this email directly, view it on GitHub https://github.com/bertrandom/chrome-cookies-secure/issues/51#issuecomment-1741241811, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANQXEA6GJT36FCNLTKRC27DX4366RANCNFSM6AAAAAAWG3ETLA . You are receiving this because you authored the thread.Message ID: @.***>