A Windows-only Python tool that inspects your local Google Chrome profiles and exports key browser artifacts for auditing and research. It focuses on showing what Chrome stores on disk and how those secrets are protected, rather than being a credential dumper.
Use this only on systems and profiles that you own or are explicitly authorized to analyze.
- Locates Chrome profiles under your Windows user folder
e.g.C:\Users\<username>\AppData\Local\Google\Chrome\User Data\DefaultandProfile X - Reads the Chrome
Local Statefile to extract the browser encryption key wrapped with Windows DPAPI - Uses Windows APIs to unwrap that key, demonstrating how Chrome protects secrets on disk
- Safely copies locked Chrome SQLite databases to temporary files so they can be read without closing the browser
- Extracts artifacts from each profile:
- Logins (URL, username, encrypted password bytes)
- Autofill
- Cookies
- Browsing history
- Downloads
- Bookmarks
- Installed extensions (ID, name, version)
- Saves extracted data into CSV and JSON per profile
- Produces a combined summary file and a zip archive of all outputs
In short, it lets you inspect the local footprint of Chrome on your own machine.
Modern Chrome on Windows uses:
- A per-user encryption key in
Local State - Windows DPAPI
- Additional context and key material inside Chrome itself
This tool:
- Extracts and unwraps the Chrome encryption key
- Enumerates saved logins from the
Login Datadatabase - Attempts to decode encrypted password blobs
Important notes:
- Many entries cannot be fully decrypted to clean plaintext outside the original browser context
- You may see placeholders like
[Unable to decrypt], raw bytes, or partially decoded strings - This is expected and demonstrates Chrome’s security model
Value of the project:
- Shows local storage of login data
- Explains DPAPI protection of the encryption key
- Demonstrates that full password recovery is not trivial without exact browser context
- Multi-profile support (finds
DefaultandProfile Xautomatically) - Artifact export: Logins, Autofill, Cookies, History, Downloads, Bookmarks, Extensions
- Structured outputs: CSV + JSON per artifact, combined JSON summary
- Optional decoding pass for password strings
- Quiet logging and temporary file cleanup
Windows only:
- Uses Windows DPAPI
- Relies on Windows-specific Chrome paths
Python:
- Python 3.10 or newer recommended
Packages:
pip install pandas psutil pywin32Clone the repository:
git https://github.com/anishvedant/Chrome-Browser-Data-Footprint-Extractor-Windows.git
cd Chrome-Browser-Data-Footprint-Extractor-Windows(Optional) Create and activate a virtual environment, then install dependencies:
pip install pandas psutil pywin32Run from the project directory:
python script.pyWhat happens:
- Discovers all Chrome profiles under the current Windows user
- Extracts data from each profile
- Writes multiple CSV and JSON files to the working directory
- Creates a zip archive bundling the outputs
- Optionally runs a second pass to decode password strings into a separate JSON file
Example console output:
Chrome data extraction completed. Results saved to chrome_<session>.zip
Decoded passwords saved to chrome_decoded_passwords.json
Depending on your profiles, you may see:
Per-profile artifacts:
- chrome_logins_Default.csv
- chrome_autofill_Default.csv
- chrome_cookies_Default.csv
- chrome_history_Default.csv
- chrome_downloads_Default.csv
- chrome_bookmarks_Default.json
- chrome_extensions_Default.csv
Aggregate and logs:
- chrome_all_results.json — Combined summary of profiles, artifacts, and basic system info
- chrome_all_results.csv — CSV view of the combined result data
- chrome_decoded_passwords.json — Best-effort decoded login strings
- chrome_extraction.log — Timestamps and status messages
- chrome_.zip — Archive of CSV/JSON outputs
Note: Filenames may vary based on script name and profile layout.
- Full plaintext recovery of Chrome passwords is not guaranteed
- On modern Chrome builds, recovering every password outside the live browser context is intentionally difficult
- Read-only and local: no network transmission, no profile modifications
Potential improvements:
- Better handling of newer encryption formats
- More detailed reporting on decryption failures
- Optional redaction mode for safe sharing
Intended for:
- Personal privacy audits
- Educational use in labs
- Incident response and forensics with clear, written authorization
Do not use this tool on machines, profiles, or accounts you do not own or administer. Unauthorized access to credentials and browser data may be illegal. Use it responsibly.