Exposing the Password Secrets of Google Chrome

HOME TOOLS ARTICLES RESEARCH DOWNLOAD BLOG ABOUT CONTACT

Latest Tool

ProcNetMonitor 2.7

Updated: 2 Sep 2010

Tool of the Month

DllHijackAuditor 1.0

Book of the Month

Recommended book for any one who would like to know in & out of the Cyber crooks, their operations and the framework in which they operate to make millions behind the lines. Book of the month list.

Latest Stuff

Updated ProcNetMonitor 2.7

Released DllHijackAuditor, new tool to audit against Dll Hijack Vulnerability

Released SpyBHORemover 2.5

Updated SXPasswordSuite 1.0

ThunderbirdPassDecryptor, new tool to recover Thunderbird Passwords is released.

Top Tools

GooglePasswordDecryptor

FirePasswordViewer

SpyDLLRemover

ChromePasswordDecryptor

NetworkPasswordDecryptor

SpyBHORemover

FirePassword

IEPasswordDecryptor

ProcNetMonitor

SXPasswordSuite

...more statistics

Top Articles

Password Secrets of Popular Windows Applications

Exposing the Password Secrets of Internet Explorer

Exposing the Password Secrets of Google Applications

Exposing the Secret of Decrypting Opera's Magic Wand

Exposing the Secret of Decrypting Network Passwords

Exposing the Secret of Decrypting Outlook Passwords

Decrypting the Sign-on Secrets of Firefox using FirePassword

Using Rainbow crack to recover Windows password

Using BackTrack to fix Windows Registry offline.

Remote Threat Execution using NtCreateThreatEx function for Vista/Win7

Submit Feedback

Submit any errors, suggestions and feedbacks.

Associations

Exposing the Password Secrets of Google Chrome - www.SecurityXploded.com

Exposing the Password Secrets of Google Chrome

About Google Chrome

Google Chrome browser is the latest entry into the ongoing web browser war, mainly ruled by IE and Firefox. The word Google behind the Chrome has given it lot of hype and popularity than any other browser got in such a short duration. However some of the salient features such as searching from the same address bar, thumbnail view of top sites, private browsing etc makes it stand apart from other browsers in the market.

Google Chrome Password Manager

Like other browsers Chrome also has built-in login password manager functionality which keeps track of the login secrets of all visited websites. Whenever user logins to any website, he/she will be prompted to save the credentials for later use and if user chooses so, then the username & passwords will be stored in internal login database. So next time onwards whenever user visits that website, he/she will be automatically logged in using these stored credentials which saves hassle of entering the credentials every time.

Also user can opt to never store the credentials for a particular website. In such case that website is added to the exception list and user will never be prompted again to remember the password for that website.

Internals of Google Chrome Login Secrets

Chrome maintains internal database for all the settings and book keeping things in the default profile location. Generally on pre-Vista machines the profile path is located below

C:\Documents and Settings\<username>\Local Settings\Application Data\Google\Chrome\User Data\Default

On Vista onwards, default profile location will be as follows

C:\Users\<username>\Appdata\Local\Google\Chrome\User Data\Default

Where <username> refers to currently logged on user.

The profile folder contains lot of files pertaining to history, bookmarks, cache, settings etc. However there is one interesting file called 'Web Data' where Chrome stores all the login passwords.

This login database file 'Web Data' is in SQLite format which is lighter version of popular SQL database. In addition to login credentials it also stores other information such as auto complete entries, IE7 Logins, search keywords etc. The 'logins' table is where all the login or sign-on secrets are stored by Chrome. This table contains following interesting fields

Origin_URL - Base URL of the website
Action_URL - Login URL of the website
Username_element - Name of the username field in the website
Username_value - Actual username
Password_element - Name of the password field in the website
Password_value - Encrypted password
Date_created - Date when this entry is stored
Blacklisted_by_user - Set to 1 or 0 based on if website is blacklisted or not.

Except the password field all other fields are entered in clear text. The password for all stored websites is encrypted using Triple DES algorithm seeded with logged on user's password. That means login secrets cannot be decrypted across the user or system boundaries unless under certain conditions.

Though this mechanism allows only logged on user to view his/her chrome secrets, it cannot prevent any malicious programs running on the system from stealing the user's chrome passwords. That way Firefox offers better security by providing option to set the master password to view the stored login passwords.

You can use any SQLite editor to view the contents of this login database file. Here is the snapshot of the SQLite Database Browser showing the contents of 'logins' table...

SQLite Browser showing Secrets of Chrome

Recovering Chrome Secrets using ChromePasswordDecryptor

One can decrypt or recover the login secrets stored by Chrome using ChromePasswordDecryptor tool. This chrome password recovery application automatically detect the default chrome profile path for the current user and displays all the stored login credentials in clear text after decrypting them. It also shows all the blacklisted website entries added by the user. Export feature can be used to save the login secrets to the local file in HTML format.

Here is the snapshot of ChromePasswordDecryptor showing the decrypted login credentials....

For more information and to download ChromePasswordDecryptor, please visit its main page here.