From 4a17f35a1caf8015659c289aa49da96e7a8368af Mon Sep 17 00:00:00 2001 From: Matthew Herod Date: Sun, 5 Jan 2025 00:58:13 +0000 Subject: [PATCH] docs: update platform support and browser documentation --- README.md | 52 ++---- docs/.vitepress/config.mjs | 1 + docs/guide/browsers.md | 287 ++++++++++++++++++++------------- docs/guide/limitations.md | 57 +++++++ docs/guide/platform-support.md | 171 ++++++++++++++++++++ docs/guide/security.md | 166 ++++++++++++++----- docs/index.md | 12 +- 7 files changed, 550 insertions(+), 196 deletions(-) create mode 100644 docs/guide/limitations.md create mode 100644 docs/guide/platform-support.md diff --git a/README.md b/README.md index bc09820..f86dab8 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,11 @@ const cookies = await getCookie({ }); ``` -⚠️ **Note: macOS only. Windows/Linux support planned.** +⚠️ **Platform Support**: + +- Chrome: macOS only +- Firefox: macOS and Linux +- Safari: macOS only ## Installation 📦 @@ -60,7 +64,7 @@ get-cookie --url https://example.com/path ### Node.js ```typescript -import { getCookie } from "@mherod/get-cookie"; +import { getCookie, type CookieSpec } from "@mherod/get-cookie"; try { // Get specific cookie @@ -73,7 +77,6 @@ try { const cookies = await getCookie({ name: "%", // all cookies domain: "example.com", - removeExpired: true, // skip expired }); } catch (error) { console.error("Failed:", error); @@ -82,26 +85,17 @@ try { ## Features ✨ -- 🌐 **Multi-Browser Support**: Works with Chrome, Firefox, and Safari on macOS -- 🔒 **Secure**: Safe cookie extraction with proper encryption handling -- 📝 **TypeScript Ready**: Built with TypeScript for excellent type safety -- 🎯 **Flexible Querying**: Search by name, domain, or URL pattern +- 🌐 **Multi-Browser Support**: + - Chrome (macOS) + - Firefox (macOS, Linux) + - Safari (macOS) +- 🔒 **Secure**: Browser-specific encryption handling +- 📝 **TypeScript Ready**: Full type safety with exported type definitions +- 🎯 **Flexible Querying**: Search by name, domain, or use wildcards - 🔄 **Multiple Output Formats**: JSON, rendered, or grouped results -- 👥 **Profile Support**: Query cookies from different browser profiles - -## Platform Support 🖥️ - -**Important: This package currently only works on macOS.** - -- ✅ macOS: Full support for Chrome, Firefox, and Safari -- ❌ Windows: Not currently supported -- ❌ Linux: Not currently supported +- 👥 **Profile Support**: Chrome and Firefox multi-profile support -Browser-specific notes: - -- Chrome: Requires macOS Keychain access for cookie decryption -- Firefox: Reads from SQLite database in profile directories -- Safari: Reads binary cookie format from Safari container +⚠️ **Note: Platform support varies by browser. See our [Platform Support Guide](https://mherod.github.io/get-cookie/guide/platform-support.html) for details.** ## Output Formats 📊 @@ -140,18 +134,4 @@ This project is licensed under the MIT License - see the LICENSE file for detail ## Known Limitations 🚧 -1. **Platform Support** - - - Only works on macOS - - Windows and Linux support is planned for future releases - -2. **Browser Support** - - - Chrome: Requires macOS Keychain access - - Firefox: Requires readable profile directory - - Safari: Requires access to Safari container directory - -3. **Error Handling** - - Some cookies may fail to decrypt - - Browser profile access may be restricted - - Keychain access may require user approval +For a comprehensive list of limitations and known issues, please see our [Known Limitations Guide](https://mherod.github.io/get-cookie/guide/limitations.html). diff --git a/docs/.vitepress/config.mjs b/docs/.vitepress/config.mjs index de18e62..fe179cd 100644 --- a/docs/.vitepress/config.mjs +++ b/docs/.vitepress/config.mjs @@ -51,6 +51,7 @@ export default defineConfig({ { text: "🛡️ Security & Privacy", link: "/guide/security" }, { text: "🔍 Troubleshooting", link: "/guide/troubleshooting" }, { text: "💻 CLI Usage", link: "/guide/cli-usage" }, + { text: "🚧 Known Limitations", link: "/guide/limitations" }, ], }, { diff --git a/docs/guide/browsers.md b/docs/guide/browsers.md index 72cc0cc..87a628c 100644 --- a/docs/guide/browsers.md +++ b/docs/guide/browsers.md @@ -1,59 +1,93 @@ # Browser-Specific Details 🔐 -Understanding how get-cookie works with different browsers. +Understanding how get-cookie works with different browsers and platforms. -## Chrome +## Platform Support Matrix + +| Browser | macOS | Linux | Windows | +| ------- | ----- | ----- | ------- | +| Chrome | ✅ | ❌ | ❌ | +| Firefox | ✅ | ✅ | ❌ | +| Safari | ✅ | ❌ | ❌ | + +✅ Full Support | ❌ Not Supported + +## Chrome (macOS Only) ### Storage Location Chrome stores cookies in an SQLite database: +macOS: + ``` ~/Library/Application Support/Google/Chrome/Default/Cookies ``` ### Security Model -- Cookies are encrypted using Chrome's Safe Storage -- Requires macOS Keychain access -- Each profile has its own encryption key +- Cookies are encrypted using Chrome Safe Storage +- Encryption key stored in macOS Keychain +- Each profile has a unique encryption key +- Requires Keychain access permission +- Chrome must be installed and configured +- Profile must be unlocked and accessible ### Profile Support - Multiple profiles supported - Default profile: "Default" - Profile list in `Local State` file -- Each profile has separate cookie storage +- Each profile requires: + - Separate cookie database + - Unique encryption key + - Independent Keychain access ### Limitations -- Must have Keychain access +- macOS only (no Linux/Windows support) +- Requires Keychain access - Chrome must be installed -- Some cookies may be session-only +- Session cookies not accessible - Incognito mode not supported +- Profile must be unlocked +- Fails silently if encryption key unavailable -## Firefox +## Firefox (macOS & Linux) ### Storage Location Firefox uses SQLite for cookie storage: +macOS: + ``` ~/Library/Application Support/Firefox/Profiles//cookies.sqlite ``` +Linux: + +``` +~/.mozilla/firefox//cookies.sqlite +``` + ### Security Model -- Cookies stored in SQLite database -- No additional encryption +- SQLite database with no additional encryption +- File system permissions-based security +- Database locking mechanism for concurrent access +- Platform-specific profile paths - Direct database access required +- Handles database busy states gracefully ### Profile Support - Multiple profiles supported -- Default profile in `profiles.ini` -- Each profile is a separate directory +- Profile list in `profiles.ini` +- Each profile is separate directory - Custom profile paths supported +- Cross-platform profile handling +- Automatic profile discovery ### Limitations @@ -61,8 +95,10 @@ Firefox uses SQLite for cookie storage: - Firefox must be installed - Profile directory must be readable - Some cookies may be protected +- Database may be temporarily locked +- Fails gracefully if database is busy -## Safari +## Safari (macOS Only) ### Storage Location @@ -75,163 +111,188 @@ Safari uses a binary cookie format: ### Security Model - Custom binary format +- Container-based security +- System-level permissions - No additional encryption -- Container access required +- macOS container isolation +- Requires container access permission ### Profile Support - Single profile only +- System-wide cookie store - No multi-profile support - All cookies in one file +- Shared between instances +- No profile separation ### Limitations -- Binary format can change +- macOS only +- Binary format can change between versions - Safari must be installed - Container permissions needed +- No profile separation - Some cookies may be restricted +- Fails silently if container inaccessible -## Common Features - -### Cookie Properties - -All browsers support: - -- Name -- Value -- Domain -- Path -- Expiry -- Secure flag -- HTTPOnly flag - -### Access Requirements - -Each browser needs: - -- Read permissions -- Profile directory access -- Database/file access - -## Implementation Details +## Implementation Examples -### Chrome Strategy +### Chrome Strategy (macOS) ```typescript import { ChromeCookieQueryStrategy } from "@mherod/get-cookie"; +// Create strategy const strategy = new ChromeCookieQueryStrategy(); -const cookies = await strategy.queryCookies("auth", "example.com"); -``` - -Key features: -- Safe Storage decryption -- Profile management -- SQLite query optimization +try { + // Query cookies (macOS only) + const cookies = await strategy.queryCookies("auth", "example.com"); +} catch (error) { + if (error.message.includes("platform")) { + console.error("Chrome cookies only supported on macOS"); + } else if (error.message.includes("keychain")) { + console.error("Keychain access denied"); + } else { + console.error("Failed to query cookies:", error); + } +} +``` -### Firefox Strategy +### Firefox Strategy (Cross-Platform) ```typescript import { FirefoxCookieQueryStrategy } from "@mherod/get-cookie"; +// Create strategy const strategy = new FirefoxCookieQueryStrategy(); -const cookies = await strategy.queryCookies("auth", "example.com"); -``` - -Key features: -- SQLite direct access -- Profile discovery -- No encryption handling +try { + // Works on macOS and Linux + const cookies = await strategy.queryCookies("auth", "example.com"); +} catch (error) { + if (error.message.includes("SQLITE_BUSY")) { + console.error("Database is locked"); + } else if (error.message.includes("EACCES")) { + console.error("Permission denied"); + } else { + console.error("Failed to query cookies:", error); + } +} +``` -### Safari Strategy +### Safari Strategy (macOS) ```typescript import { SafariCookieQueryStrategy } from "@mherod/get-cookie"; +// Create strategy const strategy = new SafariCookieQueryStrategy(); -const cookies = await strategy.queryCookies("auth", "example.com"); + +try { + // macOS only + const cookies = await strategy.queryCookies("auth", "example.com"); +} catch (error) { + if (error.message.includes("container")) { + console.error("Safari container access denied"); + } else if (error.message.includes("format")) { + console.error("Invalid cookie file format"); + } else { + console.error("Failed to query cookies:", error); + } +} ``` -Key features: +## Best Practices -- Binary format parsing -- Container access -- Single profile handling +### Error Handling -## Best Practices +1. **Always use try-catch blocks** -### Chrome + ```typescript + try { + const cookies = await getCookie({ + name: "auth", + domain: "example.com", + }); + } catch (error) { + // Handle specific error types + console.error("Cookie extraction failed:", error); + } + ``` -1. **Profile Management** +2. **Check platform compatibility** - ```bash - # List profiles - get-cookie --list-profiles + ```typescript + if (process.platform !== "darwin") { + console.warn("Some features only work on macOS"); + } + ``` - # Use specific profile - get-cookie auth example.com --profile "Profile 1" +3. **Handle browser-specific errors** + ```typescript + if (error.message.includes("SQLITE_BUSY")) { + // Retry after delay + await new Promise((resolve) => setTimeout(resolve, 1000)); + } ``` -2. **Keychain Access** - - Grant permanent access - - Use system keychain - - Keep Chrome installed +### Security Considerations -### Firefox +1. **Keychain Access (Chrome)** -1. **Profile Handling** + - Request user permission for Keychain access + - Handle denied access gracefully + - Don't store Keychain passwords - ```bash - # Check profiles - ls -la ~/Library/Application\ Support/Firefox/Profiles/ +2. **Database Access (Firefox)** - # Use specific profile - export FIREFOX_PROFILE="xyz123.default" - ``` + - Check file permissions before access + - Handle locked database states + - Implement retry mechanisms -2. **Database Access** - - Close Firefox - - Check file permissions - - Verify profile path +3. **Container Access (Safari)** + - Verify container permissions + - Handle format version changes + - Don't modify cookie store directly -### Safari +## Troubleshooting -1. **Container Access** +### Platform-Specific Issues - ```bash - # Check container - ls -la ~/Library/Containers/com.apple.Safari/ +#### macOS - # Verify cookie file - file ~/Library/Containers/com.apple.Safari/Data/Library/Cookies/Cookies.binarycookies - ``` +- Check Keychain status +- Verify container access +- Monitor profile changes +- Handle encryption errors -2. **Binary Format** - - Keep Safari updated - - Check file permissions - - Monitor format changes +#### Linux (Firefox) -## Troubleshooting +- Check file permissions +- Monitor database locks +- Handle profile paths +- Verify SQLite access -### Chrome Issues +### Common Problems -- Check Keychain Access -- Verify profile exists -- Test encryption key -- Check database permissions +1. **Access Denied** -### Firefox Issues + - Check user permissions + - Verify browser installation + - Review security settings + - Check file ownership -- Verify profile exists -- Check database lock -- Test file permissions -- Monitor profile changes +2. **Browser Issues** -### Safari Issues + - Verify browser version + - Check profile status + - Monitor file locks + - Handle updates -- Check container access -- Verify binary format -- Test file permissions -- Monitor Safari updates +3. **Data Issues** + - Validate cookie format + - Check encryption status + - Monitor file integrity + - Handle corruption diff --git a/docs/guide/limitations.md b/docs/guide/limitations.md new file mode 100644 index 0000000..fbe353a --- /dev/null +++ b/docs/guide/limitations.md @@ -0,0 +1,57 @@ +# Known Limitations 🚧 + +This guide details the current limitations and known issues when using get-cookie. + +## Platform Support Limitations + +- Full functionality only available on macOS +- Firefox has experimental Linux support +- Windows support not implemented + +## Browser-Specific Limitations + +### Chrome + +- Requires macOS Keychain access +- Safe Storage password must be accessible +- Profile directories must be readable + +### Firefox + +- Database must be readable by current user +- Profile discovery may be limited +- No encryption handling needed + +### Safari + +- Requires access to container directory +- Binary cookie format parsing +- System-wide storage access needed + +## Cookie Handling Limitations + +- Some cookies may be inaccessible due to permissions +- Expired cookies are filtered by default +- Domain matching includes subdomains +- Some browser profiles may be locked/in use + +## Error Handling Considerations + +- Fails gracefully if browser data is inaccessible +- Reports decryption failures for Chrome cookies +- Skips problematic cookies while processing +- Profile access errors are handled gracefully + +## Security Constraints + +- Keychain access required for Chrome +- Container permissions needed for Safari +- Profile directory access permissions +- System Integrity Protection affects access + +## Performance Considerations + +- Large cookie stores may impact performance +- Multiple profile scanning takes time +- Decryption operations can be slow +- Database locks may cause delays diff --git a/docs/guide/platform-support.md b/docs/guide/platform-support.md new file mode 100644 index 0000000..bde54ee --- /dev/null +++ b/docs/guide/platform-support.md @@ -0,0 +1,171 @@ +# Platform Support Guide + +This guide details the current platform support status and requirements for get-cookie. + +## Support Matrix + +| Browser | macOS | Linux | Windows | +| ------- | ----- | ----- | ------- | +| Chrome | ✅ | ❌ | ❌ | +| Firefox | ✅ | ⚠️ | ❌ | +| Safari | ✅ | ❌ | ❌ | + +✅ Full Support | ⚠️ Experimental | ❌ Not Supported + +## Platform Details + +### macOS + +Primary supported platform with full functionality across all major browsers. + +#### Supported Browsers + +- **Chrome**: Full support with Keychain integration +- **Firefox**: Full support with profile management +- **Safari**: Full support with container access + +#### Requirements + +- macOS 10.15 or later recommended +- Keychain Access for Chrome +- Browser profile directory access +- Safari container permissions +- System Integrity Protection enabled + +#### Known Limitations + +- Some cookies may require specific permissions +- Browser profiles must be unlocked +- Container access may need configuration +- System updates can affect access patterns + +### Linux + +Limited support with Firefox only. + +#### Supported Browsers + +- **Firefox**: Basic support (experimental) +- **Chrome**: Not currently supported +- **Safari**: Not available on platform + +#### Requirements + +- Firefox installation +- Read access to `~/.mozilla/firefox` +- SQLite database access +- Appropriate file permissions + +#### Known Limitations + +- Firefox only +- No encryption support +- Database locking issues possible +- Profile discovery may be limited +- Experimental feature set + +### Windows + +Currently not supported. + +#### Future Plans + +- Firefox support planned +- Chrome support under consideration +- No timeline for implementation + +## Browser-Specific Notes + +### Chrome + +- **macOS**: Full support with Keychain integration + - Requires Keychain access + - Handles encrypted cookies + - Supports multiple profiles +- **Linux**: Not supported +- **Windows**: Not supported + +### Firefox + +- **macOS**: Full support + - Multiple profile support + - SQLite database access + - No encryption handling needed +- **Linux**: Experimental support + - Basic cookie access + - Profile management + - Limited feature set +- **Windows**: Not supported + +### Safari + +- **macOS**: Full support + - Container-based access + - Binary cookie format + - System-wide storage +- **Other Platforms**: Not available + +## Installation Requirements + +### macOS + +```bash +# Check system version +sw_vers + +# Verify Keychain access (for Chrome) +security find-generic-password -s "Chrome Safe Storage" + +# Check browser installations +ls -la /Applications/Google\ Chrome.app +ls -la /Applications/Firefox.app +ls -la /Applications/Safari.app +``` + +### Linux + +```bash +# Check Firefox installation +which firefox + +# Verify profile access +ls -la ~/.mozilla/firefox/ + +# Check SQLite support +sqlite3 --version +``` + +## Common Issues + +### macOS + +- Keychain access denied +- Container permissions missing +- Profile directory unreadable +- Browser not installed + +### Linux + +- Firefox not installed +- Profile directory inaccessible +- Database locked +- Permission issues + +## Future Support Plans + +1. **Windows Support** + + - Firefox implementation planned + - Chrome support under investigation + - Timeline to be determined + +2. **Linux Expansion** + + - Firefox stability improvements + - Chrome support investigation + - Better profile management + +3. **Cross-Platform** + - Unified profile handling + - Consistent error reporting + - Platform-specific optimisations diff --git a/docs/guide/security.md b/docs/guide/security.md index 9f9e91c..761da20 100644 --- a/docs/guide/security.md +++ b/docs/guide/security.md @@ -2,96 +2,174 @@ This guide covers important security and privacy considerations when using get-cookie. +## Platform-Specific Requirements + +### macOS Requirements + +- **Keychain Access**: Required for Chrome cookie decryption +- **Browser Profile Directories**: Required for all browsers +- **Safari Container Access**: Required for Safari cookies +- **System Integrity Protection**: Must be enabled for secure operation + +### Linux Requirements (Experimental) + +- **Firefox Only**: Currently only Firefox is supported +- **Profile Directory**: Requires read access to `~/.mozilla/firefox` +- **SQLite Access**: Direct database access needed +- **No Encryption Support**: Only unencrypted cookies accessible + ## System Access Requirements -get-cookie requires specific system-level access to function: +Different browsers have different security models: + +### Chrome (macOS only) + +- Requires Keychain access for Safe Storage password +- Each profile has a unique encryption key +- Database must be readable by current user +- Chrome must be installed and configured + +### Firefox (macOS & Linux) -- **macOS Keychain Access**: Required for Chrome cookie decryption -- **Browser Profile Directories**: Required to read cookie databases -- **Safari Container Access**: Required for Safari cookie access +- Direct access to profile directory required +- SQLite database must be unlocked +- No encryption handling needed +- Profile discovery varies by platform + +### Safari (macOS only) + +- Container access permissions required +- Binary cookie format parsing +- System-wide cookie storage +- No profile-specific permissions ## Data Handling ### Local Processing -- All cookie decryption happens locally on your machine -- No data is ever sent over the network -- No external services are contacted +- All cookie decryption happens locally +- No network communication +- No external services contacted +- Memory-only processing where possible ### Cookie Security -- Cookies are sensitive authentication tokens -- Treat extracted cookies as securely as passwords -- Never commit cookies to version control -- Avoid logging cookie values in CI/CD pipelines +- Treat cookies as sensitive auth tokens +- Never commit to version control +- Avoid logging in CI/CD pipelines +- Clear from memory after use ## Best Practices 1. **Access Control** - - Only run on trusted development machines - - Don't use on shared or public computers - - Keep your macOS Keychain secure + - Use only on development machines + - Avoid shared/public computers + - Maintain secure system configuration + - Regular security updates 2. **Data Storage** - - Don't store extracted cookies in plain text - - Use environment variables for temporary storage - - Clear stored cookies after use + - Use secure environment variables + - Clear after use + - Encrypt if storage needed + - Use secure memory handling 3. **Usage Guidelines** - - Only extract cookies you own/have permission to use - - Don't share extracted cookies with other users - - Be cautious with cookie automation in scripts + - Only access authorized cookies + - Respect browser security models + - Monitor for permission changes + - Regular security audits -## Common Risks +## Platform-Specific Risks -1. **System Access** +### macOS Risks - - Browser profile access may be restricted - - Keychain access may require approval - - Container permissions may need configuration +- Keychain access restrictions +- Container permission changes +- Profile corruption +- System updates affecting access -2. **Decryption Issues** +### Linux Risks (Firefox) - - Some cookies may fail to decrypt - - Chrome's encryption key may be unavailable - - Profile corruption can prevent access - -3. **Permission Errors** - - File system permission denials - - Keychain access denials - - Container access restrictions +- Profile directory permissions +- Database locking issues +- Missing browser support +- Limited functionality ## Troubleshooting -If you encounter security-related issues: +### macOS Issues 1. **Keychain Access** ```bash - # Check if Chrome has Keychain access + # Verify Chrome Keychain entry security find-generic-password -s "Chrome Safe Storage" + + # Check Keychain permissions + security list-keychains ``` 2. **Profile Access** ```bash - # Check Firefox profile permissions - ls -la ~/Library/Application\ Support/Firefox/Profiles/ - - # Check Chrome profile permissions + # Chrome profiles ls -la ~/Library/Application\ Support/Google/Chrome/ + + # Firefox profiles + ls -la ~/Library/Application\ Support/Firefox/Profiles/ ``` 3. **Safari Container** ```bash - # Check Safari container permissions + # Check container ls -la ~/Library/Containers/com.apple.Safari/ ``` +### Linux Issues (Firefox) + +1. **Profile Access** + + ```bash + # Check Firefox profiles + ls -la ~/.mozilla/firefox/ + + # Verify database + file ~/.mozilla/firefox/*/cookies.sqlite + ``` + +2. **Permissions** + ```bash + # Fix profile permissions + chmod 600 ~/.mozilla/firefox/*/cookies.sqlite + ``` + ## Security Updates -- Keep get-cookie updated to latest version -- Watch for security advisories -- Report security issues via GitHub +- Keep get-cookie updated +- Monitor security advisories +- Report issues via GitHub +- Check browser compatibility + +## Error Recovery + +1. **Permission Denied** + + - Check file ownership + - Verify user permissions + - Review security settings + - Check browser status + +2. **Encryption Failures** + + - Verify Keychain status + - Check profile integrity + - Review browser config + - Update if needed + +3. **Access Blocked** + - Check security settings + - Review permissions + - Verify browser state + - Update system config diff --git a/docs/index.md b/docs/index.md index 15f2a48..f9a948d 100644 --- a/docs/index.md +++ b/docs/index.md @@ -14,9 +14,15 @@ hero: features: - title: Multi-Browser Support - details: Query cookies from Chrome, Firefox, and Safari browsers - - title: Secure - details: Safe and secure cookie extraction with proper encryption handling + details: Query cookies from Chrome, Firefox, and Safari browsers on macOS, with experimental Firefox support on Linux + - title: Secure Cookie Handling + details: Handles encrypted Chrome cookies via Keychain, SQLite databases for Firefox, and binary formats for Safari - title: TypeScript Ready details: Built with TypeScript for excellent type safety and IDE support + - title: Platform Specific + details: Optimised for macOS with native integration for browser security features + - title: Error Resilient + details: Gracefully handles missing permissions, locked profiles, and encryption issues + - title: Profile Aware + details: Supports multiple browser profiles for Chrome and Firefox ---