:py:mod:`dissect.target.plugins.apps.browser.chromium`
======================================================

.. py:module:: dissect.target.plugins.apps.browser.chromium


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.apps.browser.chromium.ChromiumMixin
   dissect.target.plugins.apps.browser.chromium.ChromiumPlugin



Functions
~~~~~~~~~

.. autoapisummary::
   :nosignatures:

   dissect.target.plugins.apps.browser.chromium.remove_padding
   dissect.target.plugins.apps.browser.chromium.decrypt_v10
   dissect.target.plugins.apps.browser.chromium.decrypt_v10_2



Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.apps.browser.chromium.HAS_CRYPTO
   dissect.target.plugins.apps.browser.chromium.CHROMIUM_DOWNLOAD_RECORD_FIELDS


.. py:data:: HAS_CRYPTO
   :value: True

   

.. py:data:: CHROMIUM_DOWNLOAD_RECORD_FIELDS
   :value: [('uri', 'tab_url'), ('uri', 'tab_referrer_url'), ('string', 'mime_type')]

   

.. py:class:: ChromiumMixin


   Mixin class with methods for Chromium-based browsers.

   .. py:attribute:: DIRS
      :value: []

      

   .. py:attribute:: BrowserHistoryRecord

      

   .. py:attribute:: BrowserCookieRecord

      

   .. py:attribute:: BrowserDownloadRecord

      

   .. py:attribute:: BrowserExtensionRecord

      

   .. py:attribute:: BrowserPasswordRecord

      

   .. py:method:: check_compatible() -> None


   .. py:method:: history(browser_name: Optional[str] = None) -> Iterator[BrowserHistoryRecord]

      Return browser history records from supported Chromium-based browsers.

      :param browser_name: The name of the browser as a string.

      :Yields: *Records with the following fields* --     ts (datetime): Visit timestamp.
                   browser (string): The browser from which the records are generated from.
                   id (string): Record ID.
                   url (uri): History URL.
                   title (string): Page title.
                   description (string): Page description.
                   rev_host (string): Reverse hostname.
                   visit_type (varint): Visit type.
                   visit_count (varint): Amount of visits.
                   hidden (string): Hidden value.
                   typed (string): Typed value.
                   session (varint): Session value.
                   from_visit (varint): Record ID of the "from" visit.
                   from_url (uri): URL of the "from" visit.
                   source: (path): The source file of the history record.


   .. py:method:: cookies(browser_name: Optional[str] = None) -> Iterator[BrowserCookieRecord]

      Return browser cookie records from supported Chromium-based browsers.

      :param browser_name: The name of the browser as a string.

      :Yields: *Records with the following fields* --     ts_created (datetime): Cookie created timestamp.
                   ts_last_accessed (datetime): Cookie last accessed timestamp.
                   browser (string): The browser from which the records are generated from.
                   name (string): The cookie name.
                   value (string): The cookie value.
                   host (string): Cookie host key.
                   path (string): Cookie path.
                   expiry (varint): Cookie expiry.
                   is_secure (bool): Cookie secury flag.
                   is_http_only (bool): Cookie http only flag.
                   same_site (bool): Cookie same site flag.


   .. py:method:: downloads(browser_name: Optional[str] = None) -> Iterator[BrowserDownloadRecord]

      Return browser download records from supported Chromium-based browsers.

      :param browser_name: The name of the browser as a string.

      :Yields: *Records with the following fields* --     ts_start (datetime): Download start timestamp.
                   ts_end (datetime): Download end timestamp.
                   browser (string): The browser from which the records are generated from.
                   id (string): Record ID.
                   path (string): Download path.
                   url (uri): Download URL.
                   tab_url (string): Tab URL.
                   tab_referrer_url (string): Referrer URL.
                   size (varint): Download file size.
                   mime_type (string): MIME type.
                   state (varint): Download state number.
                   source: (path): The source file of the download record.


   .. py:method:: extensions(browser_name: Optional[str] = None) -> Iterator[BrowserExtensionRecord]

      Iterates over all installed extensions for a given browser.

      :param browser_name: Name of the browser to scan for extensions.
      :type browser_name: str

      :Yields: *Records with the following fields* --     ts_install (datetime): Extension install timestamp.
                   ts_update (datetime): Extension update timestamp.
                   browser (string): The browser from which the records are generated.
                   id (string): Extension unique identifier.
                   name (string): Name of the extension.
                   short_name (string): Short name of the extension.
                   default_title (string): Default title of the extension.
                   description (string): Description of the extension.
                   version (string): Version of the extension.
                   ext_path (path): Relative path of the extension.
                   from_webstore (boolean): Extension from webstore.
                   permissions (string[]): Permissions of the extension.
                   manifest (varint): Version of the extensions' manifest.
                   source: (path): The source file of the download record.


   .. py:method:: passwords(browser_name: str = None) -> Iterator[BrowserPasswordRecord]

      Return browser password records from Chromium browsers.

      Chromium on Linux has ``basic``, ``gnome`` and ``kwallet`` methods for password storage:
          - ``basic`` ciphertext prefixed with ``v10`` and encrypted with hard coded parameters.
          - ``gnome`` and ``kwallet`` ciphertext prefixed with ``v11`` which is not implemented (yet).

      Chromium on Windows uses DPAPI user encryption.

      The SHA1 hash of the user's password or the plaintext password is required to decrypt passwords
      when dealing with encrypted passwords created with Chromium v80 (February 2020) and newer.

      You can supply a SHA1 hash or plaintext password using the keychain.

      Resources:
          - https://chromium.googlesource.com/chromium/src/+/master/docs/linux/password_storage.md
          - https://chromium.googlesource.com/chromium/src/+/master/components/os_crypt/sync/os_crypt_linux.cc#40



.. py:class:: ChromiumPlugin(target: dissect.target.target.Target)


   Bases: :py:obj:`ChromiumMixin`, :py:obj:`dissect.target.plugins.apps.browser.browser.BrowserPlugin`

   Chromium browser plugin.

   .. py:attribute:: __namespace__
      :value: 'chromium'

      

   .. py:attribute:: DIRS
      :value: ['.config/chromium/Default', '.var/app/org.chromium.Chromium/config/chromium/Default',...

      

   .. py:method:: history() -> Iterator[ChromiumMixin]

      Return browser history records for Chromium browser.


   .. py:method:: cookies() -> Iterator[ChromiumMixin]

      Return browser cookie records for Chromium browser.


   .. py:method:: downloads() -> Iterator[ChromiumMixin]

      Return browser download records for Chromium browser.


   .. py:method:: extensions() -> Iterator[ChromiumMixin]

      Return browser extension records for Chromium browser.


   .. py:method:: passwords() -> Iterator[ChromiumMixin]

      Return browser password records for Chromium browser.



.. py:function:: remove_padding(decrypted: bytes) -> bytes


.. py:function:: decrypt_v10(encrypted_password: bytes) -> str


.. py:function:: decrypt_v10_2(encrypted_password: bytes, key: bytes) -> str

   struct chrome_pass {
       byte signature[3] = 'v10';
       byte iv[12];
       byte ciphertext[EOF];
   }