This is a Vault Extension for the Microsoft.PowerShell.SecretManagement module. It allows you to quickly detect and access passwords saved in Chromium-based browsers such as Google Chrome and Microsoft Edge. You can use credentials saved in the browser to access other resources via PowerShell.
- PowerShell 7 (Windows PowerShell 5.1 support on the roadmap)
- Microsoft Windows (Linux/OSX support on the roadmap)
Install-Module SecretManagement.Chromium
#Autodetect Chrome and Edge
Register-ChromiumSecretVault -Verbose
#View the vaults
Get-SecretVault
#Get a list of all secrets in the vaults
Get-SecretInfo
-
Fetching secrets, including secrets synced from Android
-
Powerful filter and search syntax
Secrets are presented in username|domain format, because usernames can contain @,, and whitespace symbols, hence the somewhat unusual naming format. If there is a conflict and two secrets have the same username and URL combination, the database ID of that entry may be appended to the entry with a colon You can still use this entry to get this specific entry
You can search for secrets in the following ways:
- User + Domain Explicit Search (
myuser|https://www.twitter.com/
) - Explicit URL (
https://www.twitter.com/
). All components, including trailing backspaces, are required! - Wildcard URL Search (
*twitter*
) - Explicit User Search (
myuser|
) - Wildcard User Search (
my*|
) - Note the trailing|
to indicate you want to search user and not URL - User + Domain Wildcard Search (
*m*|*tw*
)
-
Why are the secret names so "ugly"?
Because of a limitation in the SecretManagement API. If this annoys you, upvote this issue!
-
This was too easy, I didn't know Chromium was so insecure!
It's not insecure per se, your passwords are encrypted at rest by Windows DPAPI and the key is "bound" to your user profile and windows login, so you have to be logged into your profile in order for this to work. Go ahead, try copying the files to another machine or a different user profile on the same machine and try it, it will fail. This is more of a Single Sign-On approach.
That said, this is also a lesson that any program you run in your userspace can potentially harvest these passwords since it runs in the context of your username, so don't click that email link!