Decryption problem when using linux cookies on windows

Question

When I try to use Cookies file (sqlite fomatted) on Linux (Ubuntu) and Windows I fall into troubles with decryption of 'encrypted_value'. Is there any chance to make Cookies file compatible with two systems?

Basically selenium driver use Cookies file for various purpouses, and everything works on Linux. Sometimes my action is needed, so I want to have this Cookies file on my desktop which works on Windows, but when I download it directly and copy-paste it to my profile directory, my chromedriver logs error:

[4708:4884:0604/082853.607:ERROR:os_crypt_win.cc(61)] Failed to decrypt: The parameter is incorrect. (0x57)

I assume that there is some problem with 'encrypted_value' column decryption but I am unable to work-around this issue.

I use selenium for python this is snippet where I create options for my webdriver:

def create_options_for_webdriver(session_directory):
    print('Creating options for webdriver!')
    options = Options()
    options.add_argument("user-data-dir=my_userdir")
    options.add_argument("user-agent=my_useragent")
    options.add_argument('--disable-background-networking ')
    options.add_argument('--disable-client-side-phishing-detection')
    options.add_argument('--disable-default-apps')
    options.add_argument('--disable-hang-monitor')
    options.add_argument('--disable-popup-blocking')
    options.add_argument('--disable-prompt-on-repost')
    options.add_argument('--disable-sync')
    options.add_argument('--disable-web-resources')
    options.add_argument('--enable-automation')
    options.add_argument('--enable-blink-features=ShadowDOMV0')
    options.add_argument('--force-fieldtrials=SiteIsolationExtensions/Control')
    options.add_argument('--ignore-certificate-errors')
    options.add_argument('--no-first-run')
    options.add_argument('--password-store=basic')
    options.add_argument('--use-mock-keychain')
    return options

before option creating I create minimal directory structure which looks like my_userdir/Default/, and I download Cookies file to Default folder.

Answer 1

Coming back with update! It appears that, as @jww mentioned process is more complicated, but just a little :)

In order to make Cookies fully compatible with any OS some special treatment must be applied.

In my case I used pickle library to create compatible file. To achieve it, things needs to be done as follow:

from selenium.webdriver import Chrome
import pickle
driver = Chrome()
####here you do some job which generate cookies like FB login or whatever
input("Press any key to close session") #you cant simply close browser, in order to make it work browser have to be closed in console so the rest of script will execute
pickle.dump(driver.get_cookies(), open('cookies.pkl',"wb"))
driver.quit()
print("Session closed!")

This will create cookies.pkl file which can be accessed under any OS like that:

import pickle
from selenium import Chrome
driver = Chrome()
for cookie in pickle.load(open("cookies.pkl"."rb")):
    driver.add_cookie(cookie)
### anything you want to execute

As I mentioned this kind of cookies file will work under any OS, sadly it forced me to use selenium, but better this than nothing :)

Answer 2

... when I download it directly and copy-paste it to my profile directory, my chromedriver logs error:

[... ERROR:os_crypt_win.cc(61)] Failed to decrypt: The parameter is incorrect. (0x57)

It looks like it is not possible. Or maybe not possible they way you are trying to do it. It takes extra effort.

The question Decrypting Chrome's cookies on windows has a link to os_crypt_win.cc. os_crypt_win.cc uses DPAPI, which is the old WinCrypt gear. DPAPI ties encryption to a user's Windows login. DPAPI also places a MAC on the encrypted data. I believe the MAC is the reason for the message you are seeing: "The parameter is incorrect". DPAPI sees the MAC over the encrypted data is wrong, and it gives you the generic error message.

So if you truly want to use the Linux cookie on Windows, you will need to decrypt it using the Linux spec, and then re-encrypt it using the Windows spec.

If you are going to pursue it, then you may want to visit this BlackHat talk: Reversing dpapi and stealing windows secrets offline. It will allow you to encrypt the user's data on Linux for Windows.