[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Export cookie JSON file for Puppeteer

Version 0.3.0 View in Chrome Web Store

Last scanned: 1 day ago | force re-scan

Extension Details

Rating: 4.7 ★ (13 ratings)

Users: 10,000

Context-Aware Verdict

HIGH

Overall Risk

Trust Factors: The extension has a decent user base of 10,000 users and maintains a strong 4.7-star rating from 13 reviews, suggesting users find it functional. However, the lack of visible author information and developer details raises transparency concerns. The extension appears to serve a legitimate technical purpose for developers working with Puppeteer automation.

Concerns: The extension requests extremely broad permissions that extend far beyond what's necessary for cookie export functionality. The combination of tabs permission, cookies access, and universal host permissions (http://*/*, https://*/*) creates a powerful surveillance capability. While cookie access is expected for this tool, the tabs permission seems unnecessary for simply exporting cookie data. The broad host permissions allow the extension to access cookies from every website you visit, not just when you actively choose to export them.

The security findings correctly identify these as high-risk permissions that could enable malicious activities like session hijacking, cross-site tracking, or data theft across all browsing sessions.

Recommendations: Consider running this extension in a separate Chrome profile dedicated to development work only. Before installation, verify you actually need this functionality - many developers can export cookies through browser developer tools instead. If you must use it, regularly audit your installed extensions and remove it when not actively needed. Monitor for any unusual network activity or unexpected behavior while the extension is active.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: cookies

This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

Raw Manifest

{
  "name": "__MSG_ext_name__",
  "icons": {
    "16": "icon/icon_16.png",
    "128": "icon/icon_128.png"
  },
  "action": {
    "default_icon": {
      "19": "icon/icon_19.png",
      "38": "icon/icon_38.png"
    },
    "default_popup": "popup.html",
    "default_title": "__MSG_ext_name__"
  },
  "version": "0.3.0",
  "commands": {
    "_execute_action": {}
  },
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_ext_desc__",
  "permissions": [
    "tabs",
    "cookies"
  ],
  "default_locale": "en",
  "host_permissions": [
    "http://*/*",
    "https://*/*"
  ],
  "manifest_version": 3,
  "content_security_policy": {
    "extension_page": "script-src 'self'; object-src 'self'"
  }
}

by ✦ Astarte

Export cookie JSON file for Puppeteer

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (3 total):

Raw Manifest

Detections

Manifest Findings

http://www.w3.org/2000/svg	http://www.w3.org/1999/xlink
https://clients2.google.com/service/update2/crx