Chlonium is an application designed for cloning Chromium Cooki | Ethical Hackers Vol. 2

Chlonium is an application designed for cloning Chromium Cookies. From Chromium 80 and upwards, cookies are encrypted using AES-256 GCM, with a state key which is stored in the Local State file. This state key is encrypted using DPAPI. This is a change from older versions, which used DPAPI to encrypt each cookie item in the cookie database. What this means is that if you have the state key, you will always be able to decrypt the cookie database offline, without needing continual access to DPAPI keys.This essentially makes cookie databases "portable", meaning they can be moved from machine to machine, provided you have dumped the state key. The cookies themselves need to be re-encrypted when they are imported, because the state keys will differ on each user profile & machine. This can be done using the same process as decryption, by first decrypting the state key from the "target" browser, and then re-encrypting each item with the new key. The project is written in C# and has two separate components to it. The first component, chlonium.exe is the collector binary. It simply decrypts the state key and prints it. Keep a note of this key and you can decrypt cookies in the future by downloading the Cookies database file whenever you need updated cookies. By default it will attempt to decrypt the Chrome state key. If you want to dump the state key for another browser (e.g. Edge), you can specify a path to the key. For example: Chlonium.exe "c:\users\user\AppData\Local\Microsoft\Edge\User Data\Local State" [+] Statekey = 3Cms3YxFXVyJRUbulYCnxqY2dO/jubDkYBQBoYIvqfc='>> Chlonium.exe "c:\users\user\AppData\Local\Microsoft\Edge\User Data\Local State" [+] Statekey = 3Cms3YxFXVyJRUbulYCnxqY2dO/jubDkYBQBoYIvqfc= The second component, ChloniumUI.exe is the "importer" tool. This takes care of decrypting a given Cookies database file with a given state key, re-encrypting the values with the current users state key, and importing the cookies into your chosen browser. You run this on the machine you want to import the cookies into. To use it, run the ChloniumUI.exe executable. Enter the previously extracted state key, choose the Cookies file you wish to import, and select the browser you wish the import the cookies into. Now click "Import Cookies" and the cookies will be imported. ChloniumUI currently supports three Chromium based browsers: Edge, Chrome and Vivaldi. Additional browsers can be added in Browsers.cs. This adds the unintended benefit of being able to import an Edge cookie file into Chrome, or vice versa (for example), though it's probably not a good idea given that the user-agent will mismatch. Important Note: When importing the cookie file into your browser, all old cookies are cleared! A backup is copied to the current directory (https://www.kitploit.com/search/label/Directory) (with relevant time stamp). If you need to restore the previous cookies, simply copy the backup file over the Cookies file. Why Tools such as Mimikatz (https://github.com/gentilkiwi/mimikatz/wiki/module-~-dpapi) and SharpChromium (https://github.com/djhohnstein/SharpChromium) already have the capability to dump Chrome 80 cookies, why another tool? This tool is specifically aimed at making it easier to import cookies into another browser. Whilst these tools do a great job of dumping Chromium cookies (and more!), I wanted to have something that let me easily import into another browser. Third-party cookie manager (https://www.kitploit.com/search/label/Cookie%20Manager) plugins exist, but I've always found these fiddly and prone to failure. CloniumUI is designed to make this process easier by importing the cookies directly into your browser's sqlite database. Whilst this project comes with the chlonium.exe collector, which aids in dumping the state key, this is really only an example. Other tools such as Mimikatz will also dump the state key for you, in a potentially stealthier way (depending on your operating environment, execution method