✨ get cookies from chrome

Author: onyas

.gitignore

@@ -0,0 +1 @@
+.idea/

browserCookie.go

@@ -0,0 +1,144 @@
+package browsercookie
+
+import (
+	"net/http"
+	"net/http/cookiejar"
+	"os/user"
+	"time"
+	"net/url"
+	"github.com/go-sqlite/sqlite3"
+	"fmt"
+)
+
+/**
+Get cookie from chrome
+*/
+func LoadCookieJarFromChrome(cookileUrl string) (http.CookieJar, error) {
+	jar, _ := cookiejar.New(nil)
+
+	usr, _ := user.Current()
+	cookiesFile := fmt.Sprintf("%s/Library/Application Support/Google/Chrome/Default/Cookies", usr.HomeDir)
+	cookies, err := ReadChromeCookies(cookiesFile, "", "", time.Time{})
+	if err != nil {
+		return nil, err
+	}
+
+	cookieURL, _ := url.Parse(cookileUrl)
+	jar.SetCookies(cookieURL, cookies)
+
+	return jar, nil
+}
+
+func ReadChromeCookies(filename string, domainFilter string, nameFilter string, expireAfter time.Time) ([]*http.Cookie, error) {
+	var cookies []*http.Cookie
+	var unexpectedCols bool
+	db, err := sqlite3.Open(filename)
+	if err != nil {
+		return nil, err
+	}
+	defer db.Close()
+
+	if err := db.VisitTableRecords("cookies", func(rowId *int64, rec sqlite3.Record) error {
+		if rowId == nil {
+			return fmt.Errorf("unexpected nil RowID in Chrome sqlite database")
+		}
+		cookie := &http.Cookie{}
+
+		if len(rec.Values) != 14 {
+			unexpectedCols = true
+			return nil
+		}
+
+		domain, ok := rec.Values[1].(string)
+		if !ok {
+			return fmt.Errorf("expected column 2 (host_key) to to be string; got %T", rec.Values[1])
+		}
+		name, ok := rec.Values[2].(string)
+		if !ok {
+			return fmt.Errorf("expected column 3 (name) in cookie(domain:%s) to to be string; got %T", domain, rec.Values[2])
+		}
+		value, ok := rec.Values[3].(string)
+		if !ok {
+			return fmt.Errorf("expected column 4 (value) in cookie(domain:%s, name:%s) to to be string; got %T", domain, name, rec.Values[3])
+		}
+		path, ok := rec.Values[4].(string)
+		if !ok {
+			return fmt.Errorf("expected column 5 (path) in cookie(domain:%s, name:%s) to to be string; got %T", domain, name, rec.Values[4])
+		}
+		var expires_utc int64
+		switch i := rec.Values[5].(type) {
+		case int64:
+			expires_utc = i
+		case int:
+			if i != 0 {
+				return fmt.Errorf("expected column 6 (expires_utc) in cookie(domain:%s, name:%s) to to be int64 or int with value=0; got %T with value %v", domain, name, rec.Values[5], rec.Values[5])
+			}
+		default:
+			return fmt.Errorf("expected column 6 (expires_utc) in cookie(domain:%s, name:%s) to to be int64 or int with value=0; got %T with value %v", domain, name, rec.Values[5], rec.Values[5])
+		}
+		encrypted_value, ok := rec.Values[12].([]byte)
+		if !ok {
+			return fmt.Errorf("expected column 13 (encrypted_value) in cookie(domain:%s, name:%s) to to be []byte; got %T", domain, name, rec.Values[12])
+		}
+
+		var expiry time.Time
+		if expires_utc != 0 {
+			expiry = chromeCookieDate(expires_utc)
+		}
+		//creation := chromeCookieDate(*rowId)
+
+		if domainFilter != "" && domain != domainFilter {
+			return nil
+		}
+
+		if nameFilter != "" && name != nameFilter {
+			return nil
+		}
+
+		if !expiry.IsZero() && expiry.Before(expireAfter) {
+			return nil
+		}
+
+		cookie.Domain = domain
+		cookie.Name = name
+		cookie.Path = path
+		cookie.Expires = expiry
+		//cookie.Creation = creation
+		cookie.Secure = rec.Values[6] == 1
+		cookie.HttpOnly = rec.Values[7] == 1
+
+		if len(encrypted_value) > 0 {
+			decrypted, err := decryptValue(encrypted_value)
+			if err != nil {
+				return fmt.Errorf("decrypting cookie %v: %v", cookie, err)
+			}
+			cookie.Value = decrypted
+		} else {
+			cookie.Value = value
+		}
+		cookies = append(cookies, cookie)
+
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+
+	if cookies == nil && unexpectedCols {
+		return nil, fmt.Errorf("no cookies found, but we skipped rows with an unexpected number of columns (not 14)")
+	}
+	return cookies, nil
+}
+
+// See https://cs.chromium.org/chromium/src/base/time/time.h?l=452&rcl=fceb9a030c182e939a436a540e6dacc70f161cb1
+const windowsToUnixMicrosecondsOffset = 11644473600000000
+
+// chromeCookieDate converts microseconds to a time.Time object,
+// accounting for the switch to Windows epoch (Jan 1 1601).
+func chromeCookieDate(timestamp_utc int64) time.Time {
+	if timestamp_utc > windowsToUnixMicrosecondsOffset {
+		timestamp_utc -= windowsToUnixMicrosecondsOffset
+	}
+
+	return time.Unix(timestamp_utc/1000000, (timestamp_utc%1000000)*1000)
+}
+

browserCookie_test.go

@@ -0,0 +1,18 @@
+package browsercookie
+
+import (
+	"testing"
+	"fmt"
+	"time"
+	"os/user"
+)
+
+func TestReadChromeCookies(t *testing.T) {
+	cookieJar, _ := LoadCookieJarFromChrome("")
+	fmt.Println("CookieJar=", cookieJar)
+
+	usr, _ := user.Current()
+	cookiesFile := fmt.Sprintf("%s/Library/Application Support/Google/Chrome/Default/Cookies", usr.HomeDir)
+	cookies, _ := ReadChromeCookies(cookiesFile, "", "", time.Time{})
+	fmt.Println("Cookies=", cookies)
+}

chrome_darwin.go

@@ -0,0 +1,93 @@
+package browsercookie
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/sha1"
+	"errors"
+	"fmt"
+
+	"golang.org/x/crypto/pbkdf2"
+
+	keychain "github.com/keybase/go-keychain"
+)
+
+// Thanks to https://gist.github.com/dacort/bd6a5116224c594b14db.
+
+const (
+	salt       = "saltysalt"
+	iv         = "                "
+	length     = 16
+	iterations = 1003
+)
+
+// keychainPassword is a cache of the password read from the keychain.
+var keychainPassword []byte
+
+// setChromeKeychainPassword exists so tests can avoid trying to read
+// the Keychain.
+func setChromeKeychainPassword(password []byte) []byte {
+	oldPassword := keychainPassword
+	keychainPassword = password
+	return oldPassword
+}
+
+// getKeychainPassword retrieves the Chrome Safe Storage password,
+// caching it for future calls.
+func getKeychainPassword() ([]byte, error) {
+	if keychainPassword == nil {
+		password, err := keychain.GetGenericPassword("Chrome Safe Storage", "Chrome", "", "")
+		if err != nil {
+			return nil, fmt.Errorf("error reading 'Chrome Safe Storage' keychain password: %v", err)
+		}
+		keychainPassword = password
+	}
+	return keychainPassword, nil
+}
+
+func decryptValue(encrypted []byte) (string, error) {
+	if len(encrypted) == 0 {
+		return "", errors.New("empty encrypted value")
+	}
+
+	if len(encrypted) <= 3 {
+		return "", fmt.Errorf("too short encrypted value (%d<=3)", len(encrypted))
+	}
+
+	encrypted = encrypted[3:]
+
+	password, err := getKeychainPassword()
+	if err != nil {
+		return "", err
+	}
+
+	key := pbkdf2.Key(password, []byte(salt), iterations, length, sha1.New)
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", err
+	}
+
+	decrypted := make([]byte, len(encrypted))
+	cbc := cipher.NewCBCDecrypter(block, []byte(iv))
+	cbc.CryptBlocks(decrypted, encrypted)
+
+	plainText, err := aesStripPadding(decrypted)
+	if err != nil {
+		return "", err
+	}
+	return string(plainText), nil
+}
+
+// In the padding scheme the last <padding length> bytes
+// have a value equal to the padding length, always in (1,16]
+func aesStripPadding(data []byte) ([]byte, error) {
+	if len(data)%length != 0 {
+		return nil, fmt.Errorf("decrypted data block length is not a multiple of %d", length)
+	}
+	paddingLen := int(data[len(data)-1])
+	if paddingLen > 16 {
+		return nil, fmt.Errorf("invalid last block padding length: %d", paddingLen)
+	}
+	return data[:len(data)-paddingLen], nil
+}
+

cmd/main.go

@@ -0,0 +1,15 @@
+package main
+
+import (
+	".."
+	"fmt"
+	"log"
+)
+
+func main() {
+	cookieJar, err := browsercookie.LoadCookieJarFromChrome("")
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Println(cookieJar)
+}