HTTP::Cookies::Chrome - Cookie storage and management for Google Chrome
use HTTP::Cookies::Chrome; my $password = HTTP::Cookies::Chrome->get_from_gnome; my $cookie_jar = HTTP::Cookies::Chrome->new( chrome_safe_storage_password => $password, file => ..., autosave => ..., ); $cookie_jar->load( $path_to_cookies ); # otherwise same as HTTP::Cookies
This package overrides the load() and save() methods of HTTP::Cookies so it can work with Google Chrome cookie files, which are SQLite databases. This also should work from Chrome clones, such as Brave.
load()
save()
HTTP::Cookies
First, you are allowed to create different profiles within Chrome, and each profile has its own set of files. The default profile is just Default. Along with that, there are various clones with their own product names. The expected paths incorporate the product and profiles:
Default
Starting with Chrome 80, cookie values may be (likely are) encrypted with a password that Chrome changes and stores somewhere. Additionally, each cookie record tracks several other fields. If you are using an earlier Chrome, you should use an older version of this module (the 1.x series).
guess_password
Try to retrieve the Chrome Safe Storage password by accessing the system secrets for the logged-in user. This returns nothing if it can't find it.
You don't need to use this to get the password.
On macOS, this looks in the Keyring using security.
security
On Linux, this uses secret-tool, which you might have to install separately. Also, some early versions used the hard-coded password peanut, and some others may have used mock_password.
secret-tool
peanut
mock_password
I don't know how to do this on Windows. If you know, send a pull request. That goes for other systems too.
guess_path( PROFILE )
Try to retrieve the directory that contains the Cookies file. If you don't specify PROFILE, it uses Default.
PROFILE
macOS: ~/Library/Application Support/Google/Chrome/PROFILE/Cookies
Linux: ~/.config/google-chrome/PROFILE/Cookies
new
The extends the new in HTTP::Cookies, with the additional parameter for the decryption password.
chrome_safe_storage_password - the password
load
This overrides the load from HTTP::Cookies. There are a few differences that matter.
The Cookies database for Chrome tracks many more things than HTTP::Cookies knows about, so this shoves everything into the "rest" hash. Notably:
Chrome sets the port to -1 if the cookie does not specify the port.
The value of the cookie is either the plaintext value or the decrypted value from encrypted_value.
encrypted_value
If ignore_discard is set, this ignores the $maxage part of HTTP::Cookies, but remembers the value in expires_utc.
ignore_discard
$maxage
expires_utc
save( [ FILE ] )
With no argument, save the cookies to the original filename. With a file name argument, write the cookies to that filename. This will be a SQLite database.
set_cookie
Overrides the set_cookie in HTTP::Cookies so it can ignore the port check. Chrome uses -1 as the port if the cookie did not specify a port. This version of set_cookie does no port check.
-1
You can get the Chrome Safe Storage password, although you may have to respond to other dialogs and features of its storage mechanism:
On macOS:
% security find-generic-password -a "Chrome" -w % security find-generic-password -a "Brave" -w
On Ubuntu using libsecret:
% secret-tool lookup xdg:schema chrome_libsecret_os_crypt_password application chrome % secret-tool lookup xdg:schema chrome_libsecret_os_crypt_password application brave
If you know of other methods, let me know.
Some useful information:
On Linux systems not using a keychain, the password might be peanut or mock_password. Maybe I should use Passwd::Keyring::Gnome
https://rtfm.co.ua/en/chromium-linux-keyrings-secret-service-passwords-encryption-and-store/
https://stackoverflow.com/questions/57646301/decrypt-chrome-cookies-from-sqlite-db-on-mac-os
https://superuser.com/a/969488/12972
creation_utc INTEGER NOT NULL UNIQUE PRIMARY KEY host_key TEXT NOT NULL name TEXT NOT NULL value TEXT NOT NULL path TEXT NOT NULL expires_utc INTEGER NOT NULL is_secure INTEGER NOT NULL is_httponly INTEGER NOT NULL last_access_utc INTEGER NOT NULL has_expires INTEGER NOT NULL is_persistent INTEGER NOT NULL priority INTEGER NOT NULL encrypted_value BLOB samesite INTEGER NOT NULL source_scheme INTEGER NOT NULL source_port INTEGER NOT NULL is_same_party INTEGER NOT NULL
There are many ways that this module can approve.
1. The HTTP::Cookies module was written a long time ago. We still inherit from it, but it might be time to completely dump it even if we keep the interface.
2. Some Windows people can fill in the Windows details for guess_password and guess_path.
guess_path
3. As in (2), systems that aren't Linux or macOS can fill in their details.
4. We need a way to specify a new password to output the cookies to a different Chrome-like SQLite database. The easiest thing right now might be to make a completely new object with the new password and load cookies into it.
This module is in Github:
https://github.com/briandfoy/http-cookies-chrome
brian d foy, <bdfoy@cpan.org>
<bdfoy@cpan.org>
Jon Orwant pointed out the problem with dates too far in the future
Copyright © 2009-2021, brian d foy <bdfoy@cpan.org>. All rights reserved.
This program is free software; you can redistribute it and/or modify it under the terms of the Artistic License 2.0.
To install HTTP::Cookies::Chrome, copy and paste the appropriate command in to your terminal.
cpanm
cpanm HTTP::Cookies::Chrome
CPAN shell
perl -MCPAN -e shell install HTTP::Cookies::Chrome
For more information on module installation, please visit the detailed CPAN module installation guide.