NAME

HTTP::Cookies::Chrome - Cookie storage and management for Google Chrome

SYNOPSIS

use HTTP::Cookies::Chrome;

my $password = HTTP::Cookies::Chrome->get_from_gnome;

my $cookie_jar = HTTP::Cookies::Chrome->new(
	chrome_safe_storage_password => $password,
	file     => ...,
	autosave => ...,
	);
$cookie_jar->load( $path_to_cookies );

# otherwise same as HTTP::Cookies

DESCRIPTION

This package overrides the load() and save() methods of HTTP::Cookies so it can work with Google Chrome cookie files, which are SQLite databases. This also should work from Chrome clones, such as Brave.

First, you are allowed to create different profiles within Chrome, and each profile has its own set of files. The default profile is just Default. Along with that, there are various clones with their own product names. The expected paths incorporate the product and profiles:

Starting with Chrome 80, cookie values may be (likely are) encrypted with a password that Chrome changes and stores somewhere. Additionally, each cookie record tracks several other fields. If you are using an earlier Chrome, you should use an older version of this module (the 1.x series).

macOS - ~/Library/Application Support/PRODUCT/Chrome/PROFILE/Cookies
Linux - ~/.config/PRODUCT/PROFILE/Cookies
Windows - C:\Users\USER\AppData\Local\PRODUCT\User Data\$profile\Cookies

Class methods

  • guess_password

    Try to retrieve the Chrome Safe Storage password by accessing the system secrets for the logged-in user. This returns nothing if it can't find it.

    You don't need to use this to get the password.

    On macOS, this looks in the Keyring using security.

    On Linux, this uses secret-tool, which you might have to install separately. Also, some early versions used the hard-coded password peanut, and some others may have used mock_password.

    I don't know how to do this on Windows. If you know, send a pull request. That goes for other systems too.

  • guess_path( PROFILE )

    Try to retrieve the directory that contains the Cookies file. If you don't specify PROFILE, it uses Default.

    macOS: ~/Library/Application Support/Google/Chrome/PROFILE/Cookies

    Linux: ~/.config/google-chrome/PROFILE/Cookies

  • new

    The extends the new in HTTP::Cookies, with the additional parameter for the decryption password.

    chrome_safe_storage_password - the password
  • load

    This overrides the load from HTTP::Cookies. There are a few differences that matter.

    The Cookies database for Chrome tracks many more things than HTTP::Cookies knows about, so this shoves everything into the "rest" hash. Notably:

    • Chrome sets the port to -1 if the cookie does not specify the port.

    • The value of the cookie is either the plaintext value or the decrypted value from encrypted_value.

    • If ignore_discard is set, this ignores the $maxage part of HTTP::Cookies, but remembers the value in expires_utc.

Instance Methods

  • save( [ FILE ] )

    With no argument, save the cookies to the original filename. With a file name argument, write the cookies to that filename. This will be a SQLite database.

  • set_cookie

    Overrides the set_cookie in HTTP::Cookies so it can ignore the port check. Chrome uses -1 as the port if the cookie did not specify a port. This version of set_cookie does no port check.

Getting the Chrome Safe Storage password

You can get the Chrome Safe Storage password, although you may have to respond to other dialogs and features of its storage mechanism:

On macOS:

% security find-generic-password -a "Chrome" -w
% security find-generic-password -a "Brave" -w

On Ubuntu using libsecret:

% secret-tool lookup xdg:schema chrome_libsecret_os_crypt_password application chrome
% secret-tool lookup xdg:schema chrome_libsecret_os_crypt_password application brave

If you know of other methods, let me know.

Some useful information:

The Chrome cookies table

creation_utc    INTEGER NOT NULL UNIQUE PRIMARY KEY
host_key        TEXT NOT NULL
name            TEXT NOT NULL
value           TEXT NOT NULL
path            TEXT NOT NULL
expires_utc     INTEGER NOT NULL
is_secure       INTEGER NOT NULL
is_httponly     INTEGER NOT NULL
last_access_utc INTEGER NOT NULL
has_expires     INTEGER NOT NULL
is_persistent   INTEGER NOT NULL
priority        INTEGER NOT NULL
encrypted_value BLOB
samesite        INTEGER NOT NULL
source_scheme   INTEGER NOT NULL
source_port     INTEGER NOT NULL
is_same_party   INTEGER NOT NULL

TO DO

There are many ways that this module can approve.

1. The HTTP::Cookies module was written a long time ago. We still inherit from it, but it might be time to completely dump it even if we keep the interface.

2. Some Windows people can fill in the Windows details for guess_password and guess_path.

3. As in (2), systems that aren't Linux or macOS can fill in their details.

4. We need a way to specify a new password to output the cookies to a different Chrome-like SQLite database. The easiest thing right now might be to make a completely new object with the new password and load cookies into it.

SOURCE AVAILABILITY

This module is in Github:

https://github.com/briandfoy/http-cookies-chrome

AUTHOR

brian d foy, <bdfoy@cpan.org>

CREDITS

Jon Orwant pointed out the problem with dates too far in the future

COPYRIGHT AND LICENSE

Copyright © 2009-2021, brian d foy <bdfoy@cpan.org>. All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms of the Artistic License 2.0.