I need to export my chrome cookies in the sqlite database file (generally located in appdata on windows) to a certain format. I need to get all of the properties in this documentation : https://developer.chrome.com/docs/extensions/reference/cookies/#type-Cookie
Expecially, I need to know if the cookie is hostOnly True or False, but in my sqlite data base, here are the name of all the properties of a cookie :
As you can see, there is no is_hostonly or such...
How am I supposed to know if the cookie is hostOnly please?
Related
The first answer in this question: Session is lost and created as new in every servlet request is valid, however users in an intranet are very familiar no to type the whole domain in the URL. It will be very useful to configure the browser so they accept the URL without the domain and still keep the session.
According to this article: Cookie attributes- Domain and Path, you can know that the Domain attribute defines the scope of the cookie. It lets the browser know which website the cookie belongs to. If the server does not specify the domain of the cookie, it will default to the domain of the requested resource.
Therefore, I think your requirement cannot be implemented.
The decision was not to the browser, but to the Web.config file in the ASP.NET application. For a different issue we had to add the text cookieSameSite="None" to the SessionState tab in Web.config file on May 2020. Time came and apparently a new update of the browsers caused the application lost the session because it did not create the cookie with SessionID as ASP.NET need, unless we specify the whole domain in the URL.
That said we have 2 solutions: Remove the cookieSameSite="None" from Web.Config file or Type the whole domain in the address of the application.
From the 2 solutions the first one was not possible in our case, because the ASP.NET app is inside an iframe tab and without cookieSameSite="None" it does not keep the session, so we included the whole domain name inside the html page using iframe as src="myServer.MyDomain/MyApp/"
Let's say I set a cookie using the setcookie() function in PHP:
setcookie('name','foo',false,'/',false);
I can see it in:
chrome://settings/cookies
However, I can not find the actual file stored on my hard disk. Can anyone tell me where this specific cookie is stored on the hard disk?
The answer is due to the fact that Google Chrome uses an SQLite file to save cookies. It resides under:
C:\Users\<your_username>\AppData\Local\Google\Chrome\User Data\Default\
inside Cookies file. (which is an SQLite database file)
So it's not a file stored on hard drive but a row in an SQLite database file which can be read by a third party program such as: SQLite Database Browser
EDIT: Thanks to #Chexpir, it is also good to know that the values are stored encrypted.
For Google chrome Version 97.0.4692.71 (Latest Release) cookies are found inside the Network folder.
There is a file called "Cookies".
Path : C:\Users\user_name\AppData\Local\Google\Chrome\User Data\Default\Network
Remember to replace user_name.
You can find a solution on SuperUser :
Chrome cookies folder in Windows 7:-
C:\Users\your_username\AppData\Local\Google\Chrome\User Data\Default\
You'll need a program like SQLite Database Browser to read it.
For Mac OS X, the file is located at :-
~/Library/Application Support/Google/Chrome/Default/Cookies
Actually the current browsing path to the Chrome cookies in the address bar is:
chrome://settings/content/cookies
On Windows the path is:
C:\Users\<current_user>\AppData\Local\Google\Chrome\User Data\<Profile 1>\Cookies(Type:File)
Chrome doesn't store each cookies in separate text file. It stores all of the cookies together in a single file in the profile folder. That file is not readable.
For Google chrome Version 56.0.2924.87 (Latest Release) cookies are found inside profile1 folder.
If you browse that you can find variety of information.
There is a separate file called "Cookies". Also the Cache folder is inside this folder.
Path :
C:\Users\user_name\AppData\Local\Google\Chrome\User Data\Profile 1
Remember to replace user_name.
For Version 61.0.3163.100
Path :
C:\Users\user_name\AppData\Local\Google\Chrome\User Data\Default
Inside this folder there is Cookies file and Cache folder.
Since the expiration time is zero (the third argument, the first false) the cookie is a session cookie, which will expire when the current session ends. (See the setcookie reference).
Therefore it doesn't need to be saved.
Chromium on Linux: it's an SQLite3 database, located at:
~/.config/chromium/Default/Cookies
Google Chrome is going to be similar, try replace with
In case you came here to find out how to see info about the cookie of a particular website in Chrome, open Inspector (press F12) navigating the website, go to the tab Application/Aplicativo and look below in the left tree, there is Storage/cookies with all info:
cookie variables
content, length
expiration dates, etc
I would like my application to be associated with certain extension (in my case *.ecw).
The use case is that, when somebody clicks on a link in a browser (f.e. Internet Explorer) that directs to a *.ecw file (http://address.com/files/itscool.ewc), my application is launched and the whole information (nagivation context, file token etc.) is passed along.
*.ecw is a ASCII text file, so it can be viewed in the browser easily but I'd like to invoke my app when such URI/file is entered/launched. I need to process the data stored in the file and produce some output for the user.
So far I have "registered" (according to MSDN tutorial) the file association in the manifest:
<Extensions>
<FileTypeAssociation Name="ECWReader" TaskID="_default" NavUriFragment="fileToken=%s">
<SupportedFileTypes>
<FileType ContentType="application/ecw">.ecw</FileType>
</SupportedFileTypes>
</FileTypeAssociation>
</Extensions>
But this didn't help at all - browser keeps opening those files.
Thanks in advance.
What you did is correct. However, the reason why it doesn't work is that, while the extention of the file is .ewc, the content type that the server responds with when requesting that url is text/html and not application/ecw.
If the server responds with a ContentType text/html, it simply means that the response is intended to be read by a web browser, and not some other app.
Here's a link to a ecw file that comes with a ContentType of text/plain. Change your ContentType filter to match it and try that link in your phone, it should normally work and your app will be invoked.
I'm working on a web page. In chrome, Is there a way to return original path of some file, rather than fake path. I need my page to read the local path which the user selects and that local user path will be sent to back end for some functionality.
Chrome always returns C:/fakepath/text.txt but I need actual path like C:/users/abc/text.txt (original path)
Is there a way to do that by changing some chrome settings ?
You can't, security feature. And because it's a security feature, there's no way around it. disclosing the path could give away personally identifiable information such as the users real name (common account name) or the location of other similar files.
I have a web app that stores videos. I am using a java servlet (over https) which verifies a username and password. Once the details are verified, i redirect the user to a video stored in AWS S3. For those who don't know how S3 works, its just a web service that stores objects (basically think of it as storing files). It also uses https. Now obviously to make this work, the s3 object (file) is public. I've given it a random name full of numbers and letters.
So the servlet basically looks like this:
void doGet(request, response){
if (authenticateUser(request.getParameter("Username"), request.getParameter("Password")){
response.sendRedirect("https://s3.amazonaws.com/myBucket/xyz1234567.mp4");
}
}
This is obviously simplified but it gets the point across. Are there any very obvious security flaws here? The video tag will obviously have a source of something like https://www.mysite.com/getVideo?Username="Me"&Password="randomletters". At first blush it seems like it should be as secure as anything else assuming i give the file names sitting at AWS s3 sufficiently random names?
The obvious security flaw is that anybody could detect which URL the authentication servlet redirects to, and share this URL with all his friends, thus allowing anyone to access the resource directly, without going through the euthentication servlet.
Unfortunately, I don't know S3 at all, so I can't recommend any fix to the security problem.
All this mechanism does is provide a very limited obfuscation - using developer tools in most modern browsers (or a proxy such as Fiddler) a user will be able to watch the URL of the video that's being loaded and, if it's in a Public S3 bucket, then simply share the link.
With S3 your only real solution would be to secure the bucket and then either require that the user is logging in or use the temporary tokens for access [http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html] ... though this does complicate your solution
I would also mention that including the password and username in plaintext on the link to the video asset (from the question above) is very insecure