[Bug]: Browser_cookie3 or any other way to decrypt cookies is no longer working due to security changes from Google to chrome and chromium based browsers.

[Onyz107]

What happened?

In Chrome 127 google introduced a new protection on Windows that improves on the DPAPI by providing Application-Bound (App-Bound) Encryption primitives. Rather than allowing any app running as the logged in user to access this data, Chrome can now encrypt data tied to app identity, similar to how the Keychain operates on macOS.

they will be migrating each type of secret to this new system starting with cookies in Chrome 127. In future releases they intend to expand this protection to passwords, payment data, and other persistent authentication tokens, further protecting users from infostealer malware.

So using the library browser_cookies3 or possibly any other python library is no longer possible to extract cookies at the moment.

Expected Result

I suggest either limiting the user to use firefox since firefox does not encrypt their cookies and they store them in their database in plaint text.

Or guiding the user through how to get their cookie from the developer tools and providing the cookies as a command line argument

Branch

master/main

What operating systems are you seeing the problem on?

Windows

Relevant log output

No response

Other information

Source