chrome
Last updated
Last updated
dpapi::chrome
dumps stored credentials and cookies from Chrome. (cf. ) It has the following command line arguments:
in
: the C:\Users\<UserName>\AppData\Local\Google\Chrome\User Data\Default\Login Data
for the saves logins and the C:\Users<UserName>\AppData\Local\Google\Chrome\User Data\Default\Cookies
for the cookies
key
: it is the key output value of the dpapi::masterkey in:"C:\Users\<UserName>\AppData\Roaming\Microsoft\Protect\SID\MasterKey_ID" /rpc
. it is useful for offline dumping of Chrome. CoreSecurity has published an excellent on how this can be accomplished offline
state
: TODO
encryptedkey
: TODO
/password
: the user's password to use for decryption
/masterkey
: the masterkey to use for decryption. It can be obtained through .
/unprotect
: display the decryption results on screen