This project is designed to decrypt cookies stored by the Microsoft Edge browser. It retrieves the encrypted AES key from the Local State file, decrypts it using Windows DPAPI, and then uses the decrypted AES key to decrypt the cookies stored in the Edge browser's SQLite database.
- Terminate the Edge browser process to ensure the database is not locked.
- Retrieve and decrypt the AES key used by Edge to encrypt cookies.
- Read and decrypt cookies from the Edge browser's SQLite database.
- Export decrypted cookies to a JSON file.
- Windows operating system
- Microsoft Edge browser
- SQLite3
- nlohmann/json library
-
Clone the repository:
git clone https://github.com/yourusername/edge-cookie-decryptor.git cd edge-cookie-decryptor -
Open the project in your IDE (e.g., CLion).
-
Ensure you have the required libraries installed and linked:
sqlite3nlohmann/json
-
Build the project using your IDE's build tools.
-
Ensure the Edge browser is closed. The program will attempt to terminate the Edge process if it is running.
-
Run the executable:
./edge-cookie-decryptor.exe -
The program will output the decrypted cookies to a file named
cookies.json.
-
Terminate Edge Process:
- The program begins by attempting to terminate the Edge browser process using the
KillProcessByNamefunction. This ensures that the SQLite database containing the cookies is not locked, allowing for read access.
- The program begins by attempting to terminate the Edge browser process using the
-
Retrieve Encrypted AES Key:
- The program then calls
getEncryptedAESKeyto retrieve the encrypted AES key from the Edge browser'sLocal Statefile. The key is base64-encoded, so it is decoded usingbase64Decode.
- The program then calls
-
Decrypt AES Key:
- Once the AES key is decoded, it is decrypted using the Windows DPAPI (
CryptUnprotectData) through thedecryptAESKeyfunction. This decrypted AES key is then used to decrypt the cookies.
- Once the AES key is decoded, it is decrypted using the Windows DPAPI (
-
Locate Edge Browser Cookie Database:
- The program constructs the path to the SQLite database that stores the cookies via the
getEdgeBrowserCookiePathfunction.
- The program constructs the path to the SQLite database that stores the cookies via the
-
Decrypt Cookies:
- Using the decrypted AES key, the program reads and decrypts the cookies stored in the SQLite database. The
readAndDecryptCookiesfunction handles the decryption process, and thedecryptDatafunction determines the encryption method (AES-GCM or DPAPI) and decrypts the cookie values.
- Using the decrypted AES key, the program reads and decrypts the cookies stored in the SQLite database. The
-
Output to JSON:
- Finally, the decrypted cookies are written to a JSON file named
cookies.jsonusing thewriteCookiesToJsonfunction, providing a structured output of the cookies' names, values, domains, paths, creation times, and expiration times.
- Finally, the decrypted cookies are written to a JSON file named
- KillProcessByName: Terminates the Edge browser process.
- getUserProfilePath: Retrieves the user's profile path.
- getEdgeBrowserCookiePath: Constructs the path to the Edge browser's cookie database.
- getLocalStatePath: Constructs the path to the Edge browser's
Local Statefile. - getEncryptedAESKey: Retrieves the encrypted AES key from the
Local Statefile. - base64Decode: Decodes a base64-encoded string.
- decryptAESKey: Decrypts the AES key using Windows DPAPI.
- decryptWithAESGCM: Decrypts data using AES-GCM.
- decryptWithDPAPI: Decrypts data using Windows DPAPI.
- decryptData: Determines the encryption method and decrypts the data.
- writeCookiesToJson: Writes the decrypted cookies to a JSON file.
- readAndDecryptCookies: Reads and decrypts cookies from the SQLite database.
This project is licensed under the MIT License. See the LICENSE file for details.