Cookie Sync

Sync cookies across browsers using GitHub Gist with E2E encryption (AES-GCM + PBKDF2-SHA256). GitHub token is also encrypted.

如何安裝

您需要先安裝使用者腳本管理器擴展,如 TampermonkeyGreasemonkeyViolentmonkey 之後才能安裝該腳本。

You will need to install an extension such as Tampermonkey to install this script.

您需要先安裝使用者腳本管理器擴充功能,如 TampermonkeyViolentmonkey 後才能安裝該腳本。

您需要先安裝使用者腳本管理器擴充功能,如 TampermonkeyUserscripts 後才能安裝該腳本。

你需要先安裝一款使用者腳本管理器擴展,比如 Tampermonkey,才能安裝此腳本

您需要先安裝使用者腳本管理器擴充功能後才能安裝該腳本。

(我已經安裝了使用者腳本管理器,讓我安裝!)

如何安裝

你需要先安裝一款使用者樣式管理器擴展,比如 Stylus,才能安裝此樣式

你需要先安裝一款使用者樣式管理器擴展,比如 Stylus,才能安裝此樣式

你需要先安裝一款使用者樣式管理器擴展,比如 Stylus,才能安裝此樣式

你需要先安裝一款使用者樣式管理器擴展後才能安裝此樣式

你需要先安裝一款使用者樣式管理器擴展後才能安裝此樣式

你需要先安裝一款使用者樣式管理器擴展後才能安裝此樣式

(我已經安裝了使用者樣式管理器,讓我安裝!)

作者
hxueh
今日安裝
1
安裝總數
1
評價
1 0 0
版本
0.0.19
建立日期
2026-01-18
更新日期
2026-01-19
尺寸
74.5 KB
授權條款
MIT
腳本執行於
所有網站

🍪 Cookie Sync

Sync cookies across browsers using GitHub Gist with end-to-end encryption.

Features

  • E2E Encryption: All data encrypted with AES-256-GCM before leaving your browser
  • GitHub Gist Storage: Uses private GitHub Gist as cloud storage
  • Multi-domain Support: Sync cookies for any website
  • Selective Sync: Choose specific cookies to sync or sync all
  • PIN Protection: Local PIN protects your encryption password
  • Privacy-focused: Even filenames are encrypted (HMAC with PBKDF2)

Security Model

Data Storage Location Encryption
Cookies GitHub Gist ✅ AES-256-GCM
Filenames GitHub Gist ✅ PBKDF2-HMAC (unidentifiable)
GitHub Token Tampermonkey Storage ✅ AES-256-GCM
Encryption Password Tampermonkey Storage ✅ AES-256-GCM (with PIN)
PIN Browser sessionStorage Plaintext (RAM only)
Gist ID Tampermonkey Storage Plaintext (public identifier)

Encryption Details

  • Algorithm: AES-256-GCM with random IV (12 bytes) and salt (16 bytes)
  • Key Derivation: PBKDF2-SHA256 with 100,000 iterations
  • Filename Privacy: Domain names are hashed using HMAC-SHA256 with a PBKDF2-derived key, output as 15-character base62 string (~89 bits entropy)

PIN Behavior

  • Stored in sessionStorage (browser RAM)
  • Cleared when browser exits
  • Per-origin: Must enter PIN once per website per session
  • Never syncs to Tampermonkey cloud or anywhere else

Installation

  1. Install Tampermonkey browser extension
  2. Install the script from Greasy Fork or manually
  3. Grant required permissions when prompted

Required Permissions

  • GM_cookie - Read/write cookies
  • GM_setValue/getValue - Store encrypted settings
  • GM_xmlhttpRequest - Connect to GitHub API

Setup

1. Create GitHub Token

  1. Go to GitHub → Settings → Developer settings → Personal access tokens → Fine-grained tokens
  2. Click "Generate new token"
  3. Set expiration as needed
  4. Under "Account permissions", grant Gists: Read and write
  5. Generate and copy the token

2. Configure Cookie Sync

  1. Click Tampermonkey icon → Cookie SyncOpen Cookie Sync
  2. Go to Settings tab
  3. Set up encryption:
    • Enter a strong Encryption Password (used for E2E encryption)
    • Enter a PIN (4+ characters, protects password locally)
    • Click Set Up Encryption
  4. Paste your GitHub token
  5. Click Save Settings

Usage

Push Cookies (Upload)

  1. Visit the website whose cookies you want to sync
  2. Open Cookie Sync panel
  3. (Optional) Go to Cookies tab to select specific cookies
  4. Click Push or use Tampermonkey menu → Push Cookies
  5. Enter PIN if prompted

Pull Cookies (Download)

  1. Visit the website on another browser/device
  2. Ensure same Gist ID and password are configured
  3. Click Pull or use Tampermonkey menu → Pull Cookies
  4. Enter PIN if prompted
  5. Cookies are applied to current browser

Quick Access

Use Tampermonkey menu for quick actions without opening the panel:

  • 🍪 Open Cookie Sync - Open full panel
  • ⬆️ Push Cookies - Quick push for current site
  • ⬇️ Pull Cookies - Quick pull for current site

Sync Another Browser

  1. Install Tampermonkey and Cookie Sync on the new browser
  2. Configure with:
    • Same encryption password
    • Same GitHub token (or create a new one)
    • Same Gist ID (copy from first browser's Settings tab)
  3. Pull cookies for desired sites

File Structure in Gist

cookie-sync-metadata.json    # Encrypted: list of synced domains
K7mXp2NqR5vLs9Y.json        # Encrypted: cookies for domain A
x9Qm4Lp8Wn2Rv7B.json        # Encrypted: cookies for domain B

Filenames are HMAC-hashed, so no one can identify which domains you're syncing.

Troubleshooting

"GitHub token not configured"

→ Enter your GitHub token in Settings and click Save

"PIN required"

→ Enter your PIN when prompted (set during initial setup)

"Failed to decrypt token - wrong password?"

→ Password mismatch. Ensure same password on all browsers

"No synced data found for [domain]"

→ Push cookies from another browser first, or check Gist ID matches

Cookies not applying

→ Some cookies (HttpOnly, Secure flags) may have browser restrictions. Check the error details in the status message.

Privacy Notice

  • Your data never touches any server except GitHub (encrypted)
  • Anthropic/developers cannot read your cookies - only you have the password
  • GitHub cannot read your cookies - all content is encrypted
  • Filenames reveal nothing - domain names are hashed

License

MIT

Author

hxueh