I am only able to grab cookies with the same domain, but when you view the cookies in the chrome dev tool, you can see a bunch of cookies with different domain values under the same url tree tab on the right like below. The circled cookie is from a different domain for example but show up under developer.chrome.
My question is how do you pull all the cookies from that domain tab with different domain values?
chrome.cookies.getAll({'url': ""}, function (cookies) {
if (cookies) {
console.log(cookies); //will only pull cookies with domain value developer.chrome
}
});
I am only able to grab cookies with the same domain, but when you view the cookies in the chrome dev tool, you can see a bunch of cookies with different domain values under the same url tree tab on the right like below. The circled cookie is from a different domain for example but show up under developer.chrome..
My question is how do you pull all the cookies from that domain tab with different domain values?
chrome.cookies.getAll({'url': "http://developer.chrome."}, function (cookies) {
if (cookies) {
console.log(cookies); //will only pull cookies with domain value developer.chrome.
}
});
- how can a cookie be from another domain, isn't that against the rules? – dandavis Commented Mar 15, 2015 at 0:13
-
for example tracking cookies from facebook and linked in show up with domain value set to '.facebook.' or '.linkedin.'. When you use
getAllit does not seem to grab these cookies that were set on the same url. for example, the circle cookie has a domain value of '.somewhere.' and it is not possible to obtain it. – user299709 Commented Mar 15, 2015 at 1:56 - By just having the URL, you can't predict what cross-domain resources (and consequently, cookies) will be loaded with the document. – Xan Commented Mar 15, 2015 at 10:43
- I see. anyway to grab all the cookies loaded with the document somehow? this is tough because theres so many ways to load a cookie, via iframe, js, pixels, etc... – user299709 Commented Mar 15, 2015 at 19:24
-
Market it fav, will look into it tomorrow. Seems not a trivial question, so far I managed to retrieve all-along cookies, but I can't see an easy way to retrieve them on page context. Smells like
tabfunctionality. – yergo Commented Mar 19, 2015 at 10:04
3 Answers
Reset to default 2 +50You need to inspect the requests being made on a tab to see which are making requests for cross-domain cookies.
In order to access the network api, you need to make a DevTools extension [info].
From there you need to make the following request:
chrome.devtoolswork.getHAR()
This will log json regarding the network requests being made. In that json, you can access a cookie object. The json is based on the HAR spec. [info]
You can read all your cookies by accessing document.cookie and parse accordingly.
See an example here
document.cookie won't give you access to the cookie from a script unless the HttpOnly flag has not been set by the web application whose cookies you're trying to access.
Also, you can't make cross-domain cookie requests unless there's an XSS or similar vulnerability.
The Chrome extension mentioned above seems able to inspect all browser traffic (cross domain) and pull the cookies from that traffic, although I haven't tried it myself so could be wrong on that point.