Encrypted cookies in Chrome
I've run into this same problem, and the code below provides a working example for anyone who is interested. All credit to Scherling, as the DPAPI was spot on.
public class ChromeCookieReader{ public IEnumerable<Tuple<string,string>> ReadCookies(string hostName) { if (hostName == null) throw new ArgumentNullException("hostName"); var dbPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + @"\Google\Chrome\User Data\Default\Cookies"; if (!System.IO.File.Exists(dbPath)) throw new System.IO.FileNotFoundException("Cant find cookie store",dbPath); // race condition, but i'll risk it var connectionString = "Data Source=" + dbPath + ";pooling=false"; using (var conn = new System.Data.SQLite.SQLiteConnection(connectionString)) using (var cmd = conn.CreateCommand()) { var prm = cmd.CreateParameter(); prm.ParameterName = "hostName"; prm.Value = hostName; cmd.Parameters.Add(prm); cmd.CommandText = "SELECT name,encrypted_value FROM cookies WHERE host_key = @hostName"; conn.Open(); using (var reader = cmd.ExecuteReader()) { while (reader.Read()) { var encryptedData = (byte[]) reader[1]; var decodedData = System.Security.Cryptography.ProtectedData.Unprotect(encryptedData, null, System.Security.Cryptography.DataProtectionScope.CurrentUser); var plainText = Encoding.ASCII.GetString(decodedData); // Looks like ASCII yield return Tuple.Create(reader.GetString(0), plainText); } } conn.Close(); } }}
Alright, so in case anyone is interested, I found a solution to this problem after alot of trial, error and googling.
Google Chrome cookies DB has 2 columns for storing values: "value" and "encrypted_value", the latter being used when the cookie stored was requested to be encrypted - often the case with certain confidential information and long-time session keys.
After figuring this out, I then needed to find a way to access this key, stored as a Blob value. I found several guides on how to do this, but the one that ended up paying of was: http://www.codeproject.com/Questions/56109/Reading-BLOB-in-Sqlite-using-C-NET-CF-PPC
Simply reading the value is not enough, as it is encrypted. - Google Chrome uses triple DES encryption with the current users password as seed on windows machines. In order to decrypt this in C#, one should use Windows Data Protection API (DPAPI), there are a few guides out there on how to make use of it.
Like Jasper's answer, in a PowerShell script (of course, customize the SQL query to your needs, and the path to your cookies location):
$cookieLocation = 'C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\cookies'$tempFileName = [System.IO.Path]::GetTempFileName()"select writefile('$tempFileName', encrypted_value) from cookies where host_key = 'localhost' and path = '/api' and name = 'sessionId';" | sqlite3.exe "$cookieLocation"$cookieAsEncryptedBytes = Get-Content -Encoding Byte "$tempFileName"Remove-Item "$tempFileName"Add-Type -AssemblyName System.Security$cookieAsBytes = [System.Security.Cryptography.ProtectedData]::Unprotect($cookieAsEncryptedBytes, $null, [System.Security.Cryptography.DataProtectionScope]::CurrentUser)$cookie = [System.Text.Encoding]::ASCII.GetString($cookieAsBytes)$cookie