Is Get cookies.txt LOCALLY safe?

Findings

Broad Host Permissions

Flags items that declare overly broad host access patterns, enabling interaction with all websites. This level of access can be exploited to inject scripts into trusted sites and increases the risk of sensitive data exposure, cross-site surveillance, and credential harvesting.

medium

Identity & Authentication Permissions

Flags items that request access to user identity or authentication flows. These capabilities may expose session credentials or login behavior, increasing the risk of impersonation, session hijacking, or unauthorized account access.

medium

Unverified Publisher

Flags items published by entities that haven’t gone through the publisher verification process of the marketplace. Lack of verification may indicate higher risk, as the publisher’s identity and trustworthiness are unconfirmed.

medium

All findings are available for Enterprise users

Code analysis

AI-powered analysis of the extension's source code for security insights and risk assessment.

Purpose and Intention:

This Chrome extension is designed to allow users to export their browser cookies to a file (cookies.txt) locally. The extension emphasizes that it does not send any information outside the user's device and is open-source.

Key Functionalities:

Badge Counter:
- Updates the extension's badge with the number of cookies for the active tab.
- Listens for changes in cookies, tab updates, tab activation, and window focus to update the badge.
- Uses the chrome.cookies API to retrieve cookies for the current site.
Notifications:
- On extension update, shows a notification to the user with options to view GitHub releases or uninstall the extension.
- Handles button clicks in the notification to either open the GitHub releases page or initiate self-uninstallation.
File Saving:
- Listens for messages (type: 'save') to trigger saving cookies to a file using the saveToFile module.
- The file is saved locally and there is no indication of network transmission of cookie data.

API Calls:

chrome.cookies.onChanged
chrome.tabs.onUpdated, chrome.tabs.onActivated, chrome.windows.onFocusChanged
chrome.notifications.create, chrome.notifications.onButtonClicked
chrome.runtime.onInstalled, chrome.runtime.onMessage
chrome.management.uninstallSelf

Network Activity:

The only external URL referenced is for opening the GitHub releases page when the user clicks the notification button. There is no automatic or background network communication.

Filesystem Activity:

Uses a local file save mechanism via the saveToFile module, triggered by user action or message.

Other Security-Relevant Behaviors:

No evidence of process execution, shell command execution, PowerShell usage, privilege escalation, persistence mechanisms, registry access, file creation outside user-initiated downloads, user creation, or clipboard access.

Potentially Sensitive Code Snippet:

chrome.runtime.onMessage.addListener(async (message, sender, sendResponse) => {
  const { type, target, data } = message || {};
  if (target !== 'background') return;
  if (type === 'save') {
    const { text, name, format, saveAs } = data || {};
    await saveToFile(text, name, format, saveAs);
    sendResponse('done');
    return true;
  }
  return true;
});

This code listens for a message to save data to a file, but there is no indication that this is triggered by anything other than user action.

Summary:

The extension's code is straightforward, with no evidence of malicious intent or behavior. All network activity is user-initiated and transparent. No obfuscation is present.

Permissions

high

api

Permits reading and modifying browser cookies, which can contain sensitive information including login session data and site preferences.

medium

downloads

api

Grants full control over the browser's download functionality, including accessing download history and initiating new downloads.

low

activeTab

api

Grants temporary access to the current tab's data when triggered by user interaction, limiting scope compared to permanent permissions.

API Calls

API calls detected through static analysis of the source code. For more accurate insights, explore our sandbox dynamic analysis.

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

API CALLS ARE AVAILABLE FOR ENTERPRISE USERS

Secrets

Any encoded/decoded secrets we managed to find in the source code, git repository, or related files

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

SECRETS ARE AVAILABLE FOR ENTERPRISE USERS

Vulnerabilities

Known vulnerabilities and security issues detected in the extension's dependencies and code.

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

VULNERABILITIES ARE AVAILABLE FOR ENTERPRISE USERS

External communication

Any identifiers we detected that may indicate external communication from the item's code

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

EXTERNAL COMMUNICATIONS ARE AVAILABLE FOR ENTERPRISE USERS

Dependencies

Dependencies and third-party libraries used by the extension, including version information and license details.

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

DEPENDENCIES ARE AVAILABLE FOR ENTERPRISE USERS

Licenses & Compliance

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

LICENSES & COMPLIANCE ARE AVAILABLE FOR ENTERPRISE USERS