[Bug]: Inability to Decrypt Cookies in Octo Browser

[igorank]

What happened?

Hello @thewh1teagle, once again, thank you very much for adding Octo Browser to the software, but in this issue, I would like to make some recommendations regarding fixes.

Firstly, the octo_browser(domains: Option<Vec<&str>>) function besides the domains argument must necessarily contain additional arguments: cookies_path, key_path because Octo Browser generates a new folder (under a random name) in the directory C:\Users\username\AppData\Roaming\Octo Browser\tmp every time the profile is launched, where browser files, including cookies and others, are located. Therefore, calling find_chrome_based_paths() in the octo_browser() function doesn't make sense.

Secondly, for some reason, attempting to decrypt cookies with the "encrypted_key" key, which is located in the "Local State" file, results in the error "can't decrypt using key." Although the "encrypted_key" keys of Octo Browser and Google Chrome seem to be identical. The values of "encrypted_value" in the table also seem to be encrypted with the same algorithm as in Google Chrome. In general, everything seems to be the same, but for some reason, it is not possible to decrypt the cookie using the aforementioned key.

Below, I am attaching two files, "Cookies" and "Local State," which Octo Browser uses. Perhaps, in your free time, you could take a look and figure out what's going on, why it's not possible to decrypt the cookie values.

Local State.txt Cookies.txt

P.S.: I changed the file extension for the "Cookies" file to .txt because GitHub does not allow uploading files with extensions like .sqlite3, etc.

Steps to reproduce

1. Open Octo Browser (Chromium based).
2. Attempt to decrypt the cookies using the "encrypted_key" key from the "Local State" file.
3. Observe the error message: "can't decrypt using key."
4. Note that the "encrypted_key" keys of Octo Browser and Google Chrome appear identical, and the values of "encrypted_value" in the "Cookies" file seem to be encrypted with the same algorithm as in Google Chrome.
5. Despite the similarities, the cookies cannot be decrypted using the provided key.

What browsers are you seeing the problem on?

Chromium

Relevant log output

No response

[ShayBox]

I'm not completely sure, but I believe this is related to an issue that was reported to me, I found #16 which lead me to this.

range end index 3 out of range for slice of length 0 https://github.com/thewh1teagle/rookie/blob/main/rookie-rs/src/browser/chromium.rs#L98

This user is on Windows and only has Edge and hasn't installed any other browsers.

[thewh1teagle]

How can I reproduce on octo browser? Do I need to pay for the browser?

[igorank]

How can I reproduce on octo browser? Do I need to pay for the browser?

I can provide you with a temporary login and password to access the Octo browser. Could you please tell me where I can send this information to you?

[thewh1teagle]

How can I reproduce on octo browser? Do I need to pay for the browser?

I can provide you with a temporary login and password to access the Octo browser. Could you please tell me where I can send this information to you?

You can send me in telegram https://t.me/thewh1teagle

[thewh1teagle]

Update: I checked octobrowser on windows. It finds the key and the database, there is encryoted_value field as usual but looks like it fails to decrypt it (also in linux like encryption) so looks like they use custom encryption

I think that the only way to find out how to decrypt it, is to reverse engineer it.

[techtanic]

@igorank Maybe you can try contacting their technical support and try.