Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/barnardb/cookies
Extracts cookies from the user's Chrome, Chromium, Firefox or Safari cookie database.
A single cookie value can be retrieved, or all cookies applicable to given URL
can be retrieved and output in a format appropriate for use in the HTTP Cookie
header.
Both of these usages are useful for scripting purposes.
The core cookie reading code is provided by the zellyn/kooky cookie extraction library.
This cookies
tool provides a command-line interface to that library that
allows you to select which browser cookie databases to use and filter for all
or a particular cookie that are relevant for a given URL.
On MacOS with Homebrew:
brew install barnardb/cookies/cookies
Alternatively, or on other platforms, follow the instructions below for building an executable.
As explained by cookies --help
:
usage: ./cookies [options…] <URL> [<cookie-name>]
The following options are available:
-a, --accept-missing don't fail with exit status 1 when cookies aren't found
-b, --browser stringArray browser to try extracting a cookie from, can be repeated to try multiple browsers (default [chrome,chromium,firefox,safari])
-v, --verbose[=level] enables logging to stderr; specify it twice or provide level 2 to get per-cookie details (`-vv` or `--verbose=2`)
--version prints version information and exits
cookies version 0.5.1 (https://github.com/barnardb/cookies)
To get all cookies relevant to a URL in the format expected by the Cookie
header,
provide the URL as an argument. E.g., running
cookies http://www.example.com
might yield
some.random.value=1234;JSESSIONID=0123456789ABCDEF0123456789ABCDEF;another_cookie:example-cookie-value
Or you can get just the value of a particular cookie by providing both a URL and a cookie name. E.g. running
cookies http://www.example.com JSESSIONID
might yield
0123456789ABCDEF0123456789ABCDEF
curl --cookie "$(cookies http://www.example.com)" http://www.example.com
might produce an HTTP request like this:
GET / HTTP/1.1
Host: www.example.com
User-Agent: curl/7.54.0
Accept: */*
Cookie: some.random.value=1234;JSESSIONID=0123456789ABCDEF0123456789ABCDEF;another_cookie:example-cookie-value
http http://www.example.com Cookie:"$(cookies http://www.example.com)"
might produce an HTTP request like this:
GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: some.random.value=1234;JSESSIONID=0123456789ABCDEF0123456789ABCDEF;another_cookie:example-cookie-value
Host: www.example.com
User-Agent: HTTPie/1.0.2
I use this tool for day-to-day tasks on multiple MacOS systems. (Note that there is a cookie database permission issue you will have to deal with if you want to read Safari cookies: zellyn/kooky #7.)
As the library is essentially a wrapper around zellyn/kooky and the library supports other platforms as well, this tool should also work on other platforms.
Pull requests are welcome.
Requires Go.
Known to work with version go1.15.6
.
To build the code, check out the repository and run:
go build
This produces a cookies
executable.
Releases are prepared by running:
./prepare-release.sh "${version}"
${version}
should be a semantic version number in the "0.0.0" format.
This tags the release (e.g. as "v0.0.0") and creates a draft release in GitHub,
which can be given release notes and published.
Once the new release it published to GitHub, the homebrew formula in barnardb/homebrew-cookies should be updated following the instructions in that repo's README.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.