Need help with chrome_password_grabber?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

559 Stars 111 Forks GNU General Public License v3.0 25 Commits 8 Opened issues


Get unencrypted 'Saved Password' from Google Chrome

Services available


Need anything else?

Contributors list

# 100,458
16 commits
# 152,642
2 commits
# 450,522
Visual ...
1 commit
# 451,045
1 commit
# 2,814
1 commit


Get unencrypted 'Saved Password' from Google Chrome


Like other browsers Chrome also has built-in login password manager functionality which keeps track of the login secrets of all visited websites. Whenever user logins to any website, he/she will be prompted to save the credentials for later use and if user chooses so, then the username & passwords will be stored in internal login database. So next time onwards whenever user visits that website, he/she will be automatically logged in using these stored credentials which saves hassle of entering the credentials every time.

Chrome stores all the sign-on secrets into the internal database file called 'Web data' in the current user profile folder. Newer version has moved the login passwords related database into new file named 'Login Data'.This database file is in SQLite format and contains number of tables storing different kind of data such as auto complete, search keyword, ie7logins etc in addition to login secrets.

The logins table mainly contains the information about sign-on secrets such as website URL, username, password fields etc. All this information is stored in the clear text except passwords which are in encrypted format.

Windows Implementation

Google Chrome encrypt the password with the help of CryptProtectData function, built into Windows. Now while this can be a very secure function using a triple-DES algorithm and creating user-specific keys to encrypt the data, it can still be decrypted as long as you are logged into the same account as the user who encrypted it.The CryptProtectData function has a twin, who does the opposite to it; CryptUnprotectData, which... well you guessed it, decrypts the data. And obviously this is going to be very useful in trying to decrypt the stored passwords.

Mac/Linux Implementation

Encryption Scheme: AES-128 CBC with a constant salt and constant iterations. The decryption key is a PBKDF2 key generated with the following:

  • salt is b'saltysalt'
  • key length is 16
  • iv is 16 bytes of space b' ' * 16
  • on Mac OSX:
    • password is in keychain under Chrome Safe Storage
    • I use the excellent keyring package to get the password
    • You could also use bash: security find-generic-password -w -s "Chrome Safe Storage"
    • number of iterations is 1003
  • on Linux:
    • password is peanuts
    • number of iterations is 1

Python Implementation (Working)


>>> from chrome import Chrome
>>> chrome_pwd = Chrome()
>>> chrome_pwd.get_login_db
'/Users/x899/Library/Application Support/Google/Chrome/Default/'
>>> chrome_pwd.get_password(prettyprint=True)
    "data": [
            "url": "",
            "username": "admin",
            "password": "[email protected]$$w0rD"
            "url": "",
            "username": "[email protected]",
            "password": "@[email protected]$$m0rC1"


Feel free to contribute. Please Follow PEP8 Guidelines.

TO DO: * Cookie support * Updating database password directly

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.