CHCon “ALEX” – STEALING CHROME COOKIES WITHOUT A PASSWORD, https://2019.chcon.nz/talks/alex/
If you steal someone’s Chrome cookies, you can log in to their accounts on every website they’re logged in to. Normally you need the user’s password to do it, but I found a way to do it without the password. You just need to be able to execute code on their computer. It works by using Chrome’s Remote Debugging Protocol. To my knowledge this is the only way to extract a user’s Chrome cookies without their password, and by far the easiest way. It involves plugging together several extremely forbidden and undocumented Chrome features, as well as figuring out how to speak the websocket protocol stealthily on a victim’s machine. This talk is about how the technique was found, how it works, and what you can do with it.
- “Alex” (Purplecon organiser) has found a new way to get Google Chrome to give up its cookies, if you can run commands as the targetted user. https://mango.pdf.zone/stealing-chrome-cookies-without-a-password
- TL;DR – The Remote Debugging Protocol combined with a Headless browser, pointed at the same Profile directory as the user's real GUI browser, will let you extract their secrets.