I have a local ASP.NET app using Forms authentication.
I'd like to know where this cookie is coming from:
I looked in C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default but have no idea how to work out which file the cookie is stored in.
How can I find out what file the cookie is stored in?
On Windows, Google Chrome stores cookies in:
C:\Users\Your User Name\AppData\Local\Google\Chrome\User Data\Default\Cookies
This is a sqlite database
See:
Where does Chrome store cookies?
and
Encrypted cookies in Chrome
Related
Chrome cookies on windows machines are stored in C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies. To read the file I installed sqlite database browser. I have successfully read all values except encrypted_value, because it is encrypted.
How do I read encrypted_value? Which encryption scheme is used and what is used as a key?
I used to have a development website : http://foo.dev
Due to recent updates on how Chrome behaves with *.dev urls (redirecting them to https (https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/), I cannot access any longer my local website.
I have changed it's url to : http://foo.local
My problem is that I would like to export the localStorage data stored from site_1 (http://foo.dev) and import it into site_2 (http://foo.local).
I know I can export the localStorage data with devTools while visiting site_1, but I cannot do that due to the redirection...
Is there a way to export the localStorage data for a website without visiting it ?
ok i solved this for my case by:
started a web server on port 80 (actually was a spring boot app with had nothing to do with this)
added my machine's IP to the hosts file redirecting the URL to my IP
opened chrome on the "old URL"
exported the LS data with LocalStorage Manager
removed redirect in the hosts file
I'd like to make an SSH-based extension for Chrome, but I can't figure out how the secure shell extension is able to access raw sockets in Chrome.
It only has these permissions:
Yet I'm able to connect on port 22 via SSH. I know it uses PNaCl through Enscripten, but how do these provide raw socket access?
Has Google hard-coded whitelabel permission to the sockets API just for this extension?
Secure Shell gets access to raw sockets via (P)NaCl because it has been whitelisted in the Chromium source. ugly, i know.
https://chromium.googlesource.com/apps/libapps/+/master/nassh/doc/hack.md#Whitelisted-Permissions
if you want to do raw sockets in your own Chrome app, you can do so via JavaScript:
https://developer.chrome.com/apps/socket
if you want to access raw sockets from Chrome extensions, or via a PWA, then currently you won't be able to do so. those only have access to WebSockets currently (which is basically HTTP). this is why projects like WebSockify exist.
if you check the manifest, you will see that it has this permission "terminalPrivate".
Then if you poke alittle bit around you will find those posts:
http://chromium.2324630.n4.nabble.com/crx-Use-chrome-terminalPrivate-API-in-chromeOS-extension-app-td17265.html
https://groups.google.com/a/chromium.org/forum/#!topic/chromium-hterm/PtR2q2p_vss
The "good" comments you find on those sites are:
chrome.terminalPrivate exists, but it's native code only available to
the Secure Shell chrome extension, and only on Chrome OS.
Or this one:
chrome.xPrivate APIs are, well, private APIs that are only used by
certain Chrome or Google extensions and applications.
I'm building a packaged app that's meant to interact with a website I wrote to get its localStorage data and send it to other devices using bluetooth. This seems like it would be easy with an extension, however with an extension I would not have access to chrome's bluetooth API. I'm not sure this is even possible, but if it is, how would I go about accessing and communicating with the website using the packaged app?
The answer is that you can't. The two local storage repositories are distinct ("sandboxed"), and one can't access the other.
If this website wants to make data available to any other website, or to a Chrome App, it should put it someplace on the server, accessible via a URL, and then the Chrome App can easily access it. But, there's no way to effect such sharing with the data on the client.
Two Chrome Apps can share data locally, because they can access the local file system. However, web apps (HTML/JavaScript loaded from a server) can't access the local file system, only a sandboxed file system.
I have a HTML5 webapp which is running perfectly when served via the IIS without authentication.
Is is using a cache.manifest file.
Both when running in safari, and as an "add to homescreen" fullscreen app, once I update the manifest file on the server, and the app will update.
When I turn on authentication on all files except the cache.manifest, then I only see the update when running it in the safari browser.
If I add it to the homescreen, I am not able to make the app update the cache.
If I wireshark the traffic on the server, I can see the manifest file is fetched without problems, but all the files in the manifest file hits a 401 Unautorized error.
Any idea how I can fix this? Running it in the safari browser is working..
Any help is highly appreciated.
Safari is much more aware of HTTP Basic Auth, but web.app (the home screen web app handler, which is basically a UIWebView wrapper) isn't as full-featured and doesn't appear to support basic auth.
It seems you may need to work around this with either a server-side solution to append an authentication key to the filename (such as application.css?longhexkey) to bypass basic auth, or go with a more traditional login form (which may require significant changes to your app)
Same issue on Sencha forums: Unanswered: Forcing re-authentication after offline usage on iOS devices?