Skip to content

Latest commit

 

History

History
175 lines (118 loc) · 7.82 KB

README.md

File metadata and controls

175 lines (118 loc) · 7.82 KB

Cookie-share Chrome/Edge/Firefox Extension/Tampermonkey Script

Note: For learning and communication purposes only. Commercial use is strictly prohibited. Please delete within 24 hours. Do not spread on social platforms. If this project is helpful to you, please give it a star, it helps me a lot, thank you!

Please check issues | discussions first if you have questions

English | 简体中文 | Update Log


Overview

Cookie-share is a Chrome/Edge/Firefox extension (also available as a Tampermonkey script) that allows users to send and receive cookies between different devices or browsers. It can be used for multiple account switching, video membership sharing, community subscription sharing, and other scenarios. The backend uses self-hosted Cloudflare Worker to ensure data security.

image


image


Tampermonkey Script One-Click Install (Recommended) | Mirror | Extension Download

Effects and Use Cases

Many websites don't support multiple account switching, don't want to log out and log in again?

Have a video membership subscription, tired of scanning QR codes for friends?

Joined a community platform, want to share costs with classmates?

Simply too lazy to take out your phone or enter passwords when switching devices?

  1. Go to the homepage of a logged-in website (any address with cookies works)
  2. Click the extension icon, customize an ID (only letters and numbers supported), send the cookie
  3. On devices without login, visit the login page, use the ID you just created to get cookies, wait for the extension to show successful cookie retrieval and setup, then refresh the page

Tested websites:

  1. Certain community platforms
  2. Certain video platforms
  3. Certain L sites

Features

  • Generate random unique IDs for cookie sharing
  • Send cookies from current tab to server
  • Receive and set cookies from server to current tab
  • Admin features for managing stored cookies
  • Due to greater extension permissions, can support HTTPOnly cookies that JS cannot access

Usage Instructions

Tampermonkey Script Usage (Recommended)

  1. Install Tampermonkey or other script managers
  2. One-Click Install | Mirror
  3. If you encounter cookie permission issues, please enable it in Tampermonkey settings 1 2
  4. Send Cookie from logged-in browser page
  5. Accept Cookie on non-logged-in browser page
  6. Note: Don't add / after the address, example: https://your-worker-name.your-subdomain.workers.dev/{PATH_SECRET}

Extension Usage

  1. Enable browser developer mode:
    • Chrome/Edge: Visit chrome://extensions/
    • Firefox: Visit about:debugging#/runtime/this-firefox
  2. Load extension:
    • Chrome/Edge: Drag cookie-share.zip directly into browser
    • Firefox: Temporarily load cookie-share.xpi file or install from Firefox Add-ons
  3. Click Cookie-share icon in browser toolbar
  4. Send Cookie from logged-in browser page
  5. Accept Cookie on non-logged-in browser page
  6. Note: Don't add / after the address, example: https://your-worker-name.your-subdomain.workers.dev/{PATH_SECRET}

Backend Deployment Guide

  1. Register Cloudflare account and create a Worker
  2. Copy contents of _worker.js to newly created Worker
  3. Add following environment variables in Cloudflare Worker settings:
    • ADMIN_PASSWORD: Set a strong password for accessing admin endpoints
    • PATH_SECRET: Set a strong string to prevent brute force attacks
    • COOKIE_STORE: Create a KV namespace for storing cookie data
  4. Bind KV namespace in Worker settings:
    • Variable name: COOKIE_STORE
    • KV namespace: Select your created KV namespace
  5. Save and deploy Worker
  6. Note Worker URL format: https://your-worker-name.your-subdomain.workers.dev/{PATH_SECRET} (use custom domain if blocked)

Security Considerations

  • Ensure ADMIN_PASSWORD is set to a strong password and changed regularly
  • Don't hardcode ADMIN_PASSWORD in code, always use environment variables
  • Regularly review stored data, delete unnecessary cookie data
  • Consider setting expiration times for cookie data to reduce risk of storing sensitive information long-term
  • Use PATH_SECRET in worker config to prevent brute force attacks
  • Set complex project names and disable built-in workers.dev domain

Backend (Cloudflare Worker)

If /{PATH_SECRET}/admin/* endpoints have issues, check if X-Admin-Password is added or use CF official KV management page

Backend implemented as Cloudflare Worker, provides following endpoints:

Note: Add X-Admin-Password: yourpassword

Example:

/{PATH_SECRET}/admin/list-cookies

curl --location --request GET 'https://your-worker-name.your-subdomain.workers.dev/{PATH_SECRET}/admin/list-cookies' \
--header 'X-Admin-Password: yourpassword'

/{PATH_SECRET}/admin/delete

curl --location --request DELETE 'https://your-worker-name.your-subdomain.workers.dev/{PATH_SECRET}/admin/delete?key={yourid}' \
--header 'X-Admin-Password: yourpassword'

Available endpoints:

  • POST /{PATH_SECRET}/send-cookies: Store cookies associated with unique ID
  • GET /{PATH_SECRET}/admin: Access admin management page
  • GET /{PATH_SECRET}/admin/list-cookies: List all stored cookie IDs and URLs
  • GET /{PATH_SECRET}/admin/list-cookies-by-host: List cookies filtered by hostname
  • DELETE /{PATH_SECRET}/admin/delete: Delete data for given key
  • PUT /{PATH_SECRET}/admin/update: Update data for given key
  • OPTIONS /{PATH_SECRET}/: Handle CORS preflight requests

Admin management page provides user-friendly interface for managing cookies and other data stored in Worker. Includes viewing all stored cookies, creating new cookie entries, updating existing cookies, and deleting individual cookies or all stored data.

To access admin page, navigate to https://your-worker-name.your-subdomain.workers.dev/admin in browser. Admin password required before accessing management interface.

Admin endpoints require authentication using admin password.

File Structure

  • manifest.json: Extension configuration file
  • popup.html: HTML structure for extension popup
  • popup.js: JavaScript for handling user interactions and cookie operations
  • style.css: CSS styles for popup
  • _worker.js: Cloudflare Worker script for backend operations

Development

Modifying extension:

  1. Edit relevant files (popup.html, popup.js, style.css)
  2. Reload extension in Chrome to see changes

Modifying backend:

  1. Edit _worker.js file
  2. Deploy updated Worker to Cloudflare

Future Development Plans

  • Future updates will focus on Tampermonkey script, extension temporarily not updated

Contributions

aBER0724 (aBER) - Contributed initial Tampermonkey script version

Contributions welcome! Feel free to submit Pull Requests.

Star History

Star History Chart

License

MIT