0

I get cookie "encrypted_value" from chrome cookies file, and decode, but one of string variable, it appears unexpected changes when I use it.

If you output direct:

echo "$SEID"

output is:

aa312d7a2a15ab67a16f39495dbc22bf9930dafaf70b3eddbd955b0fb39bd7ef661af6ac15d0d98fbbc179c9d6e85901b56c2c4efd9a40df013060d7

when I did this:

echo "$SEID;"

but output changed, you should see the penultimate eighth character changed from zero to semicolon!!!

aa312d7a2a15ab67a16f39495dbc22bf9930dafaf70b3eddbd955b0fb39bd7ef661af6ac15d0d98fbbc179c9d6e85901b56c2c4efd9a40df;13060d7

my value come from this script:

SEID=$(get_cookies_from_chrome "xxxx.com" "SEID")

get_cookies_from_chrome is this:

#!/usr/local/bin/python3
#coding=utf-8 

import os 
import sys
import sqlite3 
import keyring 
from Crypto.Cipher import AES 
from Crypto.Protocol.KDF import PBKDF2

my_pass = keyring.get_password('Chrome Safe Storage', 'Chrome') 
my_pass = my_pass.encode('utf8') 
iterations = 1003 
cookie_file = os.path.expanduser('~/Library/Application Support/Google/Chrome/Default/Cookies') 

salt = b'saltysalt' 
length = 16 
iv = b' ' * length 

class ChromeCookies:
    @staticmethod
    def aes_decrypt(token): 
        key = PBKDF2(my_pass, salt, length, iterations) 
        cipher = AES.new(key, AES.MODE_CBC, IV=iv) 
        dec_token = cipher.decrypt(token) 
        return dec_token 

    @staticmethod
    def query_cookies(host_key, name): 
        with sqlite3.connect(cookie_file) as conn: 
            sql = 'select encrypted_value from cookies where host_key="%s" and name = "%s"' % (host_key, name)
        result = conn.execute(sql).fetchall() 
        return result 

    @staticmethod
    def get_value(host_key, name):
        result = ChromeCookies.query_cookies(host_key, name)
        if len(result) != 0:
            return ChromeCookies.aes_decrypt(result[0][0][3:]).decode('utf-8')
        else:
            return None


if __name__ == '__main__': 
    print(ChromeCookies.get_value(sys.argv[1], sys.argv[2]))
Zheng Xiaodong
  • 143
  • 3
  • 9
  • I solved this, `re.sub("[^{}]+".format(printable), "", result)`, use this code process my string, I don't known why get so many invisible character. – Zheng Xiaodong Jun 15 '19 at 13:46

2 Answers2

0

echo "$SEID;" will print the value of the SEID variable followed by a semicolon, followed by a newline. The reason you're seeing what you're seeing is that the Python script prints some non-printable characters which have special meaning in the current terminal - they make the cursor (the thing which decides where on the screen to put the next character) to move before printing the semicolon.

To see the non-printable characters try escaping the characters by running for example get_cookies_from_chrome "xxxx.com" "SEID" | xxd.

l0b0
  • 55,365
  • 30
  • 138
  • 223
0

Your script must be generating text with a CR character, see Why does my tool output overwrite itself and how do I fix it?. For example if your script output 123456789\rabcde and you saved it in SEID then echo "$SEID" would output what looks like abcde6789 and then echo "$SEID;" would output what looks like abcde;789

Ed Morton
  • 188,023
  • 17
  • 78
  • 185