NAME
HTTP::Cookies::Chrome - Cookie storage and management for Google Chrome
SYNOPSIS
use HTTP::Cookies::Chrome;
my $password = HTTP::Cookies::Chrome->get_from_gnome;
my $cookie_jar = HTTP::Cookies::Chrome->new(
chrome_safe_storage_password => $password,
file => ...,
autosave => ...,
);
$cookie_jar->load( $path_to_cookies );
# otherwise same as HTTP::Cookies
DESCRIPTION
This package overrides the load()
and save()
methods of HTTP::Cookies
so it can work with Google Chrome cookie files, which are SQLite databases. This also should work from Chrome clones, such as Brave.
First, you are allowed to create different profiles within Chrome, and each profile has its own set of files. The default profile is just Default
. Along with that, there are various clones with their own product names. The expected paths incorporate the product and profiles:
Starting with Chrome 80, cookie values may be (likely are) encrypted with a password that Chrome changes and stores somewhere. Additionally, each cookie record tracks several other fields. If you are using an earlier Chrome, you should use an older version of this module (the 1.x series).
- macOS - ~/Library/Application Support/PRODUCT/Chrome/PROFILE/Cookies
- Linux - ~/.config/PRODUCT/PROFILE/Cookies
- Windows - C:\Users\USER\AppData\Local\PRODUCT\User Data\$profile\Cookies
Class methods
guess_password
Try to retrieve the Chrome Safe Storage password by accessing the system secrets for the logged-in user. This returns nothing if it can't find it.
You don't need to use this to get the password.
On macOS, this looks in the Keyring using
security
.On Linux, this uses
secret-tool
, which you might have to install separately. Also, some early versions used the hard-coded passwordpeanut
, and some others may have usedmock_password
.I don't know how to do this on Windows. If you know, send a pull request. That goes for other systems too.
guess_path( PROFILE )
Try to retrieve the directory that contains the Cookies file. If you don't specify
PROFILE
, it usesDefault
.macOS: ~/Library/Application Support/Google/Chrome/PROFILE/Cookies
Linux: ~/.config/google-chrome/PROFILE/Cookies
new
The extends the
new
in HTTP::Cookies, with the additional parameter for the decryption password.chrome_safe_storage_password - the password
load
This overrides the
load
from HTTP::Cookies. There are a few differences that matter.The Cookies database for Chrome tracks many more things than HTTP::Cookies knows about, so this shoves everything into the "rest" hash. Notably:
Chrome sets the port to -1 if the cookie does not specify the port.
The value of the cookie is either the plaintext value or the decrypted value from
encrypted_value
.If
ignore_discard
is set, this ignores the$maxage
part of HTTP::Cookies, but remembers the value inexpires_utc
.
Instance Methods
save( [ FILE ] )
With no argument, save the cookies to the original filename. With a file name argument, write the cookies to that filename. This will be a SQLite database.
set_cookie
Overrides the
set_cookie
in HTTP::Cookies so it can ignore the port check. Chrome uses-1
as the port if the cookie did not specify a port. This version ofset_cookie
does no port check.
Getting the Chrome Safe Storage password
You can get the Chrome Safe Storage password, although you may have to respond to other dialogs and features of its storage mechanism:
On macOS:
% security find-generic-password -a "Chrome" -w
% security find-generic-password -a "Brave" -w
On Ubuntu using libsecret:
% secret-tool lookup xdg:schema chrome_libsecret_os_crypt_password application chrome
% secret-tool lookup xdg:schema chrome_libsecret_os_crypt_password application brave
If you know of other methods, let me know.
Some useful information:
On Linux systems not using a keychain, the password might be
peanut
ormock_password
. Maybe I should use Passwd::Keyring::Gnomehttps://rtfm.co.ua/en/chromium-linux-keyrings-secret-service-passwords-encryption-and-store/
https://stackoverflow.com/questions/57646301/decrypt-chrome-cookies-from-sqlite-db-on-mac-os
The Chrome cookies table
creation_utc INTEGER NOT NULL UNIQUE PRIMARY KEY
host_key TEXT NOT NULL
name TEXT NOT NULL
value TEXT NOT NULL
path TEXT NOT NULL
expires_utc INTEGER NOT NULL
is_secure INTEGER NOT NULL
is_httponly INTEGER NOT NULL
last_access_utc INTEGER NOT NULL
has_expires INTEGER NOT NULL
is_persistent INTEGER NOT NULL
priority INTEGER NOT NULL
encrypted_value BLOB
samesite INTEGER NOT NULL
source_scheme INTEGER NOT NULL
source_port INTEGER NOT NULL
is_same_party INTEGER NOT NULL
TO DO
There are many ways that this module can approve.
1. The HTTP::Cookies module was written a long time ago. We still inherit from it, but it might be time to completely dump it even if we keep the interface.
2. Some Windows people can fill in the Windows details for guess_password
and guess_path
.
3. As in (2), systems that aren't Linux or macOS can fill in their details.
4. We need a way to specify a new password to output the cookies to a different Chrome-like SQLite database. The easiest thing right now might be to make a completely new object with the new password and load cookies into it.
SOURCE AVAILABILITY
This module is in Github:
https://github.com/briandfoy/http-cookies-chrome
AUTHOR
brian d foy, <bdfoy@cpan.org>
CREDITS
Jon Orwant pointed out the problem with dates too far in the future
COPYRIGHT AND LICENSE
Copyright © 2009-2021, brian d foy <bdfoy@cpan.org>. All rights reserved.
This program is free software; you can redistribute it and/or modify it under the terms of the Artistic License 2.0.