Cookie Sync

Sync cookies across browsers using GitHub Gist with E2E encryption (AES-GCM + PBKDF2-SHA256). GitHub token is also encrypted.

چۆنیەتی دابەزاندن

You will need to install an extension such as Tampermonkey, Greasemonkey or Violentmonkey to install this script.

You will need to install an extension such as Tampermonkey to install this script.

You will need to install an extension such as Tampermonkey or Violentmonkey to install this script.

You will need to install an extension such as Tampermonkey or Userscripts to install this script.

You will need to install an extension such as Tampermonkey to install this script.

You will need to install a user script manager extension to install this script.

(I already have a user script manager, let me install it!)

چۆنیەتی دابەزاندن

You will need to install an extension such as Stylus to install this style.

You will need to install an extension such as Stylus to install this style.

You will need to install an extension such as Stylus to install this style.

You will need to install a user style manager extension to install this style.

You will need to install a user style manager extension to install this style.

You will need to install a user style manager extension to install this style.

(I already have a user style manager, let me install it!)

نووسەر
hxueh
Daily installs
0
Total installs
1
Ratings
1 0 0
وەشان
0.0.19
Created
2026-01-18
Updated
2026-01-19
Size
74.5 KB
مۆڵەت
MIT
Applies to
هەموو سایتەکان

🍪 Cookie Sync

Sync cookies across browsers using GitHub Gist with end-to-end encryption.

Features

  • E2E Encryption: All data encrypted with AES-256-GCM before leaving your browser
  • GitHub Gist Storage: Uses private GitHub Gist as cloud storage
  • Multi-domain Support: Sync cookies for any website
  • Selective Sync: Choose specific cookies to sync or sync all
  • PIN Protection: Local PIN protects your encryption password
  • Privacy-focused: Even filenames are encrypted (HMAC with PBKDF2)

Security Model

Data Storage Location Encryption
Cookies GitHub Gist ✅ AES-256-GCM
Filenames GitHub Gist ✅ PBKDF2-HMAC (unidentifiable)
GitHub Token Tampermonkey Storage ✅ AES-256-GCM
Encryption Password Tampermonkey Storage ✅ AES-256-GCM (with PIN)
PIN Browser sessionStorage Plaintext (RAM only)
Gist ID Tampermonkey Storage Plaintext (public identifier)

Encryption Details

  • Algorithm: AES-256-GCM with random IV (12 bytes) and salt (16 bytes)
  • Key Derivation: PBKDF2-SHA256 with 100,000 iterations
  • Filename Privacy: Domain names are hashed using HMAC-SHA256 with a PBKDF2-derived key, output as 15-character base62 string (~89 bits entropy)

PIN Behavior

  • Stored in sessionStorage (browser RAM)
  • Cleared when browser exits
  • Per-origin: Must enter PIN once per website per session
  • Never syncs to Tampermonkey cloud or anywhere else

Installation

  1. Install Tampermonkey browser extension
  2. Install the script from Greasy Fork or manually
  3. Grant required permissions when prompted

Required Permissions

  • GM_cookie - Read/write cookies
  • GM_setValue/getValue - Store encrypted settings
  • GM_xmlhttpRequest - Connect to GitHub API

Setup

1. Create GitHub Token

  1. Go to GitHub → Settings → Developer settings → Personal access tokens → Fine-grained tokens
  2. Click "Generate new token"
  3. Set expiration as needed
  4. Under "Account permissions", grant Gists: Read and write
  5. Generate and copy the token

2. Configure Cookie Sync

  1. Click Tampermonkey icon → Cookie SyncOpen Cookie Sync
  2. Go to Settings tab
  3. Set up encryption:
    • Enter a strong Encryption Password (used for E2E encryption)
    • Enter a PIN (4+ characters, protects password locally)
    • Click Set Up Encryption
  4. Paste your GitHub token
  5. Click Save Settings

Usage

Push Cookies (Upload)

  1. Visit the website whose cookies you want to sync
  2. Open Cookie Sync panel
  3. (Optional) Go to Cookies tab to select specific cookies
  4. Click Push or use Tampermonkey menu → Push Cookies
  5. Enter PIN if prompted

Pull Cookies (Download)

  1. Visit the website on another browser/device
  2. Ensure same Gist ID and password are configured
  3. Click Pull or use Tampermonkey menu → Pull Cookies
  4. Enter PIN if prompted
  5. Cookies are applied to current browser

Quick Access

Use Tampermonkey menu for quick actions without opening the panel:

  • 🍪 Open Cookie Sync - Open full panel
  • ⬆️ Push Cookies - Quick push for current site
  • ⬇️ Pull Cookies - Quick pull for current site

Sync Another Browser

  1. Install Tampermonkey and Cookie Sync on the new browser
  2. Configure with:
    • Same encryption password
    • Same GitHub token (or create a new one)
    • Same Gist ID (copy from first browser's Settings tab)
  3. Pull cookies for desired sites

File Structure in Gist

cookie-sync-metadata.json    # Encrypted: list of synced domains
K7mXp2NqR5vLs9Y.json        # Encrypted: cookies for domain A
x9Qm4Lp8Wn2Rv7B.json        # Encrypted: cookies for domain B

Filenames are HMAC-hashed, so no one can identify which domains you're syncing.

Troubleshooting

"GitHub token not configured"

→ Enter your GitHub token in Settings and click Save

"PIN required"

→ Enter your PIN when prompted (set during initial setup)

"Failed to decrypt token - wrong password?"

→ Password mismatch. Ensure same password on all browsers

"No synced data found for [domain]"

→ Push cookies from another browser first, or check Gist ID matches

Cookies not applying

→ Some cookies (HttpOnly, Secure flags) may have browser restrictions. Check the error details in the status message.

Privacy Notice

  • Your data never touches any server except GitHub (encrypted)
  • Anthropic/developers cannot read your cookies - only you have the password
  • GitHub cannot read your cookies - all content is encrypted
  • Filenames reveal nothing - domain names are hashed

License

MIT

Author

hxueh