search

thewh1teagle / rookie

Load cookies from your web browsers
https://crates.io/crates/rookie
MIT License
147 stars 14 forks source link

[Bug]: inability to decrypt newer cookies #50

Open gamer191 opened 2 weeks ago

gamer191 commented 2 weeks ago

What happened?

Likely due to https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html, this program no longer decrypts newer chrome cookies. However, instead of displaying an error, it simply includes lots cookie names without values in the output

Steps to reproduce

  1. update to the latest version of chrome
  2. create some cookies by visiting random sites (old cookies aren't encrypted with the new method, I guess)
  3. run cli -b chrome

What browsers are you seeing the problem on?

Chrome

Relevant log output

NOTE: I have removed most cookies from the log, for privacy reasons
[2024-09-13T07:31:36Z DEBUG rookie::common::paths] Found chrome path C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies, C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Network\../../Local State
[2024-09-13T07:31:36Z WARN  rookie::browser::chromium] Unlocking Chrome database... This may take a while (sometimes up to a minute)
[2024-09-13T07:31:36Z INFO  rookie::browser::chromium] Creating SQLite connection to C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
[
  {
    "domain": ".dotmetrics.net",
    "path": "/",
    "secure": true,
    "expires": 1757748787,
    "name": "DotMetrics.DeviceKey",
    "value": "",
    "http_only": false,
    "same_site": 0
  },
  {
    "domain": ".dotmetrics.net",
    "path": "/",
    "secure": true,
    "expires": 1757748787,
    "name": "DotMetrics.UniqueUserIdentityCookie",
    "value": "",
    "http_only": false,
    "same_site": 0
  },
  {
    "domain": ".abc.net.au",
    "path": "/",
    "secure": true,
    "expires": 1726212847,
    "name": "_chartbeat4",
    "value": "",
    "http_only": false,
    "same_site": -1
  },
  {
    "domain": "iview.abc.net.au",
    "path": "/",
    "secure": false,
    "expires": 1726213686,
    "name": "_dd_s",
    "value": "",
    "http_only": false,
    "same_site": 2
  }
]
thewh1teagle commented 1 week ago

Hey! Thanks for report I'm happy that Chrome finally tries to improve it on Windows since it's so easy to access this secrets... However we still can extract it by process injection or high privileges. A new pr is welcome if anyone interested!

The source code is here chrome/browser/os_crypt