Go library to load cookies from local browser profiles.
- Chromium-family: Chrome, Chromium, Microsoft Edge, Brave, Vivaldi, Opera (macOS / Windows / Linux), Whale (macOS / Windows / Linux), Arc / Comet (macOS / Windows), Dia / ChatGPT Atlas (macOS), Helium (macOS; opt-in)
- Firefox and Firefox-based browsers: Firefox (macOS / Windows / Linux), Zen, Floorp, Waterfox, LibreWolf
- Safari (macOS only; reads
Cookies.binarycookies)
Firefox multi-account containers show up on Cookie.Container (ID is the
userContextId, Name comes from containers.json). Default container is the
zero value, and cookies in different containers aren't merged together.
package main
import (
"context"
"fmt"
"github.com/steipete/sweetcookie"
)
func main() {
res, err := sweetcookie.Get(context.Background(), sweetcookie.Options{
URL: "https://example.com/",
Names: []string{"session", "csrf"},
Browsers: []sweetcookie.Browser{sweetcookie.BrowserChrome, sweetcookie.BrowserFirefox},
Mode: sweetcookie.ModeMerge,
})
if err != nil {
panic(err)
}
for _, w := range res.Warnings {
fmt.Println("warn:", w)
}
for _, c := range res.Cookies {
fmt.Println(c.Source.Browser, c.Domain, c.Name, c.Value)
}
}Inline cookies (escape hatch for locked DBs / new encryption schemes):
res, _ := sweetcookie.Get(context.Background(), sweetcookie.Options{
URL: "https://example.com/",
Inline: sweetcookie.InlineCookies{
File: "/path/to/cookies.json",
},
Mode: sweetcookie.ModeFirst,
})
_ = res- Chrome-family cookie DBs can be locked; sweetcookie snapshots the DB + WAL sidecars before reading.
- Helium support is macOS-only and explicit opt-in via
BrowserHelium; it is not included inDefaultBrowsers(). - Chromium safe-storage lookup can be overridden for deterministic tooling with per-browser env vars such as
GOOKIE_HELIUM_SAFE_STORAGE_PASSWORD. - macOS: derives legacy Chromium AES-128-CBC key from Keychain “Safe Storage” password via
security. - Windows: uses DPAPI to unwrap the Chromium master key from
Local Stateand decrypts AES-256-GCM cookie values. - Linux: tries
go-keyringfirst, then shells out tosecret-tool(GNOME) orkwallet-query+dbus-send(KDE) to read “Safe Storage”. - Some very new Chromium Windows “app-bound” cookie encryption variants are not directly decryptable without extra OS-specific plumbing; use inline cookies for those cases.
make ci