Hacking Tools

ChromeStealer : A Tool For Extracting Chrome Passwords

ChromeStealer is an educational tool developed by @bernKing20 to demonstrate how to extract and decrypt stored passwords from Google Chrome on Windows systems using C/C++.

The project aims to address gaps in existing resources by providing a functional and detailed implementation.

Key Features And Functionality

ChromeStealer focuses on decrypting passwords stored locally by Google Chrome. Chrome uses the AES-GCM algorithm for encrypting sensitive data, with the encryption key stored in a Local State JSON file and the encrypted passwords in an SQLite database called Login Data.

ChromeStealer retrieves these files, extracts the encryption key using Windows API functions like CryptUnprotectData, and decrypts the stored passwords.

The tool is built with dependencies such as:

  • libsodium (for cryptographic operations),
  • nlohmann/json (for JSON parsing),
  • sqlite3 (for database interaction).

To use ChromeStealer, ensure you have Visual Studio 2022 and vcpkg installed. Follow these steps:

  1. Clone the repository:
   git clone https://github.com/BernKing/ChromeStealer.git
   cd ChromeStealer
  1. Install dependencies via vcpkg:
   vcpkg install libsodium jsoncpp sqlite3
  1. Open the project in Visual Studio, build it, and run the executable. On-screen instructions will guide you through extracting and decrypting passwords.

ChromeStealer is designed for educational purposes only, helping users understand how password storage works in Chrome.

Misuse of this tool can lead to legal consequences, and users are advised to operate it only on systems they own or have explicit permission to test.

The project is open-source under the MIT License. It acknowledges contributions from libraries like libsodium, nlohmann/json, and sqlite3.

For further technical details or code, visit ChromeStealer’s GitHub repository or read the full write-up on BernKing’s blog.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

1 week ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

1 week ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

1 week ago