Cookie Sync

Sync cookies across browsers using GitHub Gist with E2E encryption (AES-GCM + PBKDF2-SHA256). GitHub token is also encrypted. Fixed Safari cookie listing.

Como instalar

Você precisará instalar uma extensão como Tampermonkey, Greasemonkey ou Violentmonkey para instalar este script.

You will need to install an extension such as Tampermonkey to install this script.

Você precisará instalar uma extensão como Tampermonkey ou Violentmonkey para instalar este script.

Você precisará instalar uma extensão como Tampermonkey ou Userscripts para instalar este script.

Você precisará instalar uma extensão como o Tampermonkey para instalar este script.

Você precisará instalar um gerenciador de scripts de usuário para instalar este script.

(Eu já tenho um gerenciador de scripts de usuário, me deixe instalá-lo!)

Como instalar

Você precisará instalar uma extensão como o Stylus para instalar este estilo.

Você precisará instalar uma extensão como o Stylus para instalar este estilo.

Você precisará instalar uma extensão como o Stylus para instalar este estilo.

Você precisará instalar um gerenciador de estilos de usuário para instalar este estilo.

Você precisará instalar um gerenciador de estilos de usuário para instalar este estilo.

Você precisará instalar um gerenciador de estilos de usuário para instalar este estilo.

(Eu já possuo um gerenciador de estilos de usuário, me deixar fazer a instalação!)

Autor
hxueh
Instalações hoje
0
Total de instalações
1
Avaliações
1 0 0
Versão
0.0.20
Criado
18/01/2026
Atualizado
20/01/2026
Tamanho
76,3 KB
Licença
MIT
Aplicável a
Todos os sites

🍪 Cookie Sync

Sync cookies across browsers using GitHub Gist with end-to-end encryption.

Features

  • E2E Encryption: All data encrypted with AES-256-GCM before leaving your browser
  • GitHub Gist Storage: Uses private GitHub Gist as cloud storage
  • Multi-domain Support: Sync cookies for any website
  • Selective Sync: Choose specific cookies to sync or sync all
  • PIN Protection: Local PIN protects your encryption password
  • Privacy-focused: Even filenames are encrypted (HMAC with PBKDF2)

Security Model

Data Storage Location Encryption
Cookies GitHub Gist ✅ AES-256-GCM
Filenames GitHub Gist ✅ PBKDF2-HMAC (unidentifiable)
GitHub Token Tampermonkey Storage ✅ AES-256-GCM
Encryption Password Tampermonkey Storage ✅ AES-256-GCM (with PIN)
PIN Browser sessionStorage Plaintext (RAM only)
Gist ID Tampermonkey Storage Plaintext (public identifier)

Encryption Details

  • Algorithm: AES-256-GCM with random IV (12 bytes) and salt (16 bytes)
  • Key Derivation: PBKDF2-SHA256 with 100,000 iterations
  • Filename Privacy: Domain names are hashed using HMAC-SHA256 with a PBKDF2-derived key, output as 15-character base62 string (~89 bits entropy)

PIN Behavior

  • Stored in sessionStorage (browser RAM)
  • Cleared when browser exits
  • Per-origin: Must enter PIN once per website per session
  • Never syncs to Tampermonkey cloud or anywhere else

Installation

  1. Install Tampermonkey browser extension
  2. Install the script from Greasy Fork or manually
  3. Grant required permissions when prompted

Required Permissions

  • GM_cookie - Read/write cookies
  • GM_setValue/getValue - Store encrypted settings
  • GM_xmlhttpRequest - Connect to GitHub API

Setup

1. Create GitHub Token

  1. Go to GitHub → Settings → Developer settings → Personal access tokens → Fine-grained tokens
  2. Click "Generate new token"
  3. Set expiration as needed
  4. Under "Account permissions", grant Gists: Read and write
  5. Generate and copy the token

2. Configure Cookie Sync

  1. Click Tampermonkey icon → Cookie SyncOpen Cookie Sync
  2. Go to Settings tab
  3. Set up encryption:
    • Enter a strong Encryption Password (used for E2E encryption)
    • Enter a PIN (4+ characters, protects password locally)
    • Click Set Up Encryption
  4. Paste your GitHub token
  5. Click Save Settings

Usage

Push Cookies (Upload)

  1. Visit the website whose cookies you want to sync
  2. Open Cookie Sync panel
  3. (Optional) Go to Cookies tab to select specific cookies
  4. Click Push or use Tampermonkey menu → Push Cookies
  5. Enter PIN if prompted

Pull Cookies (Download)

  1. Visit the website on another browser/device
  2. Ensure same Gist ID and password are configured
  3. Click Pull or use Tampermonkey menu → Pull Cookies
  4. Enter PIN if prompted
  5. Cookies are applied to current browser

Quick Access

Use Tampermonkey menu for quick actions without opening the panel:

  • 🍪 Open Cookie Sync - Open full panel
  • ⬆️ Push Cookies - Quick push for current site
  • ⬇️ Pull Cookies - Quick pull for current site

Sync Another Browser

  1. Install Tampermonkey and Cookie Sync on the new browser
  2. Configure with:
    • Same encryption password
    • Same GitHub token (or create a new one)
    • Same Gist ID (copy from first browser's Settings tab)
  3. Pull cookies for desired sites

File Structure in Gist

cookie-sync-metadata.json    # Encrypted: list of synced domains
K7mXp2NqR5vLs9Y.json        # Encrypted: cookies for domain A
x9Qm4Lp8Wn2Rv7B.json        # Encrypted: cookies for domain B

Filenames are HMAC-hashed, so no one can identify which domains you're syncing.

Troubleshooting

"GitHub token not configured"

→ Enter your GitHub token in Settings and click Save

"PIN required"

→ Enter your PIN when prompted (set during initial setup)

"Failed to decrypt token - wrong password?"

→ Password mismatch. Ensure same password on all browsers

"No synced data found for [domain]"

→ Push cookies from another browser first, or check Gist ID matches

Cookies not applying

→ Some cookies (HttpOnly, Secure flags) may have browser restrictions. Check the error details in the status message.

Privacy Notice

  • Your data never touches any server except GitHub (encrypted)
  • Anthropic/developers cannot read your cookies - only you have the password
  • GitHub cannot read your cookies - all content is encrypted
  • Filenames reveal nothing - domain names are hashed

License

MIT

Author

hxueh