3

I am only able to grab cookies with the same domain, but when you view the cookies in the chrome dev tool, you can see a bunch of cookies with different domain values under the same url tree tab on the right like below. The circled cookie is from a different domain for example but show up under developer.chrome.com.

enter image description here

My question is how do you pull all the cookies from that domain tab with different domain values?

    chrome.cookies.getAll({'url': "http://developer.chrome.com"}, function (cookies) {
        if (cookies) {
            console.log(cookies); //will only pull cookies with domain value developer.chrome.com
        }
    });
user299709
  • 4,922
  • 10
  • 56
  • 88
  • how can a cookie be from another domain, isn't that against the rules? – dandavis Mar 15 '15 at 00:13
  • for example tracking cookies from facebook and linked in show up with domain value set to '.facebook.com' or '.linkedin.com'. When you use `getAll` it does not seem to grab these cookies that were set on the same url. for example, the circle cookie has a domain value of '.somewhere.com' and it is not possible to obtain it. – user299709 Mar 15 '15 at 01:56
  • By just having the URL, you can't predict what cross-domain resources (and consequently, cookies) will be loaded with the document. – Xan Mar 15 '15 at 10:43
  • I see. anyway to grab all the cookies loaded with the document somehow? this is tough because theres so many ways to load a cookie, via iframe, js, pixels, etc... – user299709 Mar 15 '15 at 19:24
  • Market it fav, will look into it tomorrow. Seems not a trivial question, so far I managed to retrieve all-along cookies, but I can't see an easy way to retrieve them on page context. Smells like `tab` functionality. – yergo Mar 19 '15 at 10:04
  • So, something you need to clarify: you need to obtain this in your background script? In your content script? Without DevTools open? – Xan Mar 19 '15 at 10:11
  • @yergo yeah thats the problem. easy to get all the cookies but hard to get page context....might be impossible' – user299709 Mar 19 '15 at 20:35
  • @Xan yes the background script. – user299709 Mar 19 '15 at 20:35
  • why you do not use pure Javascript and fetch all cookies regardless of chrome api, as I answered ? – Sunil Sharma Mar 24 '15 at 17:13
  • @SunilSharma because it is not fetching cross domain cookies at first place. – yergo Mar 25 '15 at 11:20
  • @yergo You cant fetch cookies of different tab. You can only fetch for same domain. Cross domain cookies fetch is a crime . – Sunil Sharma Mar 25 '15 at 16:27

3 Answers3

2

You can read all your cookies by accessing document.cookie and parse accordingly.

See an example here

Community
  • 1
  • 1
Sunil Sharma
  • 1,297
  • 3
  • 17
  • 31
2

You need to inspect the requests being made on a tab to see which are making requests for cross-domain cookies.

In order to access the network api, you need to make a DevTools extension [info].

From there you need to make the following request:

chrome.devtools.network.getHAR()

This will log json regarding the network requests being made. In that json, you can access a cookie object. The json is based on the HAR spec. [info]

Xan
  • 74,770
  • 16
  • 179
  • 206
cdosborn
  • 3,111
  • 29
  • 30
  • Do not leave old versions of your answer in the answer, unless it's important for new answers. That's what edit history is for. – Xan Mar 25 '15 at 16:22
0

document.cookie won't give you access to the cookie from a script unless the HttpOnly flag has not been set by the web application whose cookies you're trying to access.

Also, you can't make cross-domain cookie requests unless there's an XSS or similar vulnerability.

The Chrome extension mentioned above seems able to inspect all browser traffic (cross domain) and pull the cookies from that traffic, although I haven't tried it myself so could be wrong on that point.

NIMISHAN
  • 1,265
  • 4
  • 20
  • 29
Bob Smight
  • 1