A cross-platform tool that extracts Chrome and Edge browser cookies without requiring root access or user passwords.
Read local Chrome cookies without root or decrypting
This tool is primarily used by security professionals, penetration testers, and ethical hackers to extract browser cookies from endpoints where they have code execution access but lack elevated privileges. It enables quick and stealthy cookie harvesting for session hijacking or forensic analysis without needing user credentials or root permissions.
On macOS, the extraction method involves restarting Chrome with remote debugging enabled, which causes a brief visible crash and tab reload. The compiled binary must be built on the target OS as cross-compilation is not supported. The tool leverages Chrome's headless mode and user-data-dir features to access cookies without elevated privileges. Users should be aware that executing this tool on systems without authorization may violate privacy and legal policies.
Ensure Python 3.6 or higher is installed
Run `pip3 install -r requirements.txt` to install dependencies
Optionally, run `make` to compile the tool into a single binary for your OSpython cookie_crimes.py
Run the tool locally on Windows or Linux to print Chrome cookies as JSON for the default profile
make
Compile the tool into a single binary executable for the current operating system
./cookie_crimes_macos.sh
Run the macOS-specific script that uses remote debugging to extract Chrome cookies
cat cookies.json | ./format_for_editthiscookie.sh
Format extracted cookies to remove leading dots from domains for importing into EditThisCookie Chrome extension