Read browser storage data (cookies, passwords, credit cards, LocalStorage) directly from disk after a BotBrowser session.
ENT Tier1 profiles enable plaintext storage mode, allowing direct programmatic access to browser data without decryption. This is useful for:
- Extracting session cookies for API replay
- Migrating credentials across machines
- Debugging authentication flows
- Auditing stored payment methods
| Data Type | File Path | Format |
|---|---|---|
| Cookies | User Data/Default/Cookies |
SQLite |
| Passwords | User Data/Default/Login Data |
SQLite |
| Credit Cards | User Data/Default/Web Data |
SQLite |
| LocalStorage | User Data/Default/Local Storage/leveldb/ |
LevelDB |
| IndexedDB | User Data/Default/IndexedDB/ |
LevelDB |
| File | Description |
|---|---|
| read_cookies.js | Extract cookies with domain filtering |
| read_passwords.js | Read saved login credentials |
| read_credit_cards.js | Access stored payment methods |
| read_localstorage.js | Parse LocalStorage LevelDB data |
npm install better-sqlite3 level# Read all cookies
node read_cookies.js "/path/to/User Data"
# Filter by domain
node read_cookies.js "/path/to/User Data" ".example.com"
# Read passwords
node read_passwords.js "/path/to/User Data"
# Read credit cards
node read_credit_cards.js "/path/to/User Data"
# Read LocalStorage for a specific origin
node read_localstorage.js "/path/to/User Data" "https://example.com"Cookies are stored with a v00 prefix followed by the plaintext value:
v00<cookie_value>
The example scripts automatically strip this prefix.
Similarly stored with v00 prefix. The scripts handle the prefix removal automatically.
These use LevelDB format and are stored as plaintext by default in Chromium. No special prefix handling needed.
- Store credentials securely
- Do not commit extracted data to version control
- Use for authorized testing and debugging only
- Delete extracted data when no longer needed
Combine with Puppeteer to automate cookie extraction:
const puppeteer = require('puppeteer-core');
const { readCookies } = require('./read_cookies');
async function extractSessionCookies() {
const userDataDir = '/tmp/botbrowser-session';
const browser = await puppeteer.launch({
executablePath: process.env.BOTBROWSER_EXEC_PATH,
args: [
`--bot-profile=${process.env.BOT_PROFILE_PATH}`,
`--user-data-dir=${userDataDir}`
]
});
const page = await browser.newPage();
await page.goto('https://example.com/login');
// ... perform login
await browser.close();
// Extract cookies after browser closes
const cookies = readCookies(userDataDir, '.example.com');
console.log('Session cookies:', cookies);
}Legal Disclaimer & Terms of Use • Responsible Use Guidelines. BotBrowser is for authorized fingerprint protection and privacy research only.