How to Export Chrome Cookies 2026 🧠 — Step-by-Step Practical Guide
Short intro: Exporting Chrome cookies can help with debugging, session migration, or forensic timelines. Do it carefully — cookies contain sensitive session tokens. This guide gives practical, copy-paste steps for Windows and macOS, plus safe handling and simple restore options.
---
H2: What this guide covers 👋
- Why and when to export cookies.
- Exact file paths and how to copy the cookies SQLite file.
- Convert cookies DB to readable CSV (Windows/macOS commands and Python script).
- Export single-site cookies via DevTools (safer for most cases).
- How to restore or reuse cookies (limited; security caveats).
- Troubleshooting, quick commands, and real-world notes.
Target: users in the US, Canada, Australia, UK who need a reliable cookie export workflow for debugging, migration, or research.
Personal aside: I once needed a single session cookie to reproduce a bug — exported only that site’s cookie via DevTools and saved 3 hours of guessing.
---
H2: Quick reality check — be careful
- Cookies often include login/session tokens. Treat exported data as sensitive.
- Don’t upload cookie files to public cloud or share over email. Encrypt or store in a secure location.
- Some cookies are marked HttpOnly and cannot be read via JavaScript in the page console — you’ll need the SQLite file or DevTools export.
Short rule: export only what you need. Prefer single-site DevTools export over full-file copy.
---
H2: One-line plan
Copy Chrome Cookies SQLite DB → convert to CSV with script OR use DevTools to export cookies for one origin → secure/delete after use.
---
H2: Where Chrome stores cookies (exact paths) — copy/paste ready
Windows (Default profile):
C:\Users\<YourUser>\AppData\Local\Google\Chrome\User Data\Default\Cookies
macOS (Default profile):
/Users/<YourUser>/Library/Application Support/Google/Chrome/Default/Cookies
Linux (reference):
/home/<youruser>/.config/google-chrome/Default/Cookies
Note: Replace <YourUser> with your username. For non-default profiles, use Profile 1, Profile 2, etc.
---
H2: Method A — Export a single site’s cookies via DevTools (recommended for most)
Why: Surgical, safe-ish, and doesn’t expose all your sessions. Best for debugging or migrating one login.
Steps (copy/paste ready):
1] Open Chrome and load the target site.
2] Open DevTools: F12 or Ctrl+Shift+I (Cmd+Option+I on Mac).
3] Go to the Application tab → Cookies → click the origin (e.g., https://example.com).
4] Right-click the table of cookies → Choose "Export" (saves cookies as cookies.json or cookies.txt depending on Chrome version and extensions).
- If “Export” is missing, you can copy rows manually or use the Console to export (below).
5] Save to a secure folder, e.g., Desktop/cookies-example-2026.json, then move it to an encrypted container.
Console export (if GUI export not present) — copy/paste into DevTools Console:
`javascript
copy(JSON.stringify(document.cookie.split('; ').map(c=>{
const p=c.split('=');
return {name:p.shift(), value:p.join('=')};
})));
`
- This captures non-HttpOnly cookies only (in-page accessible cookies). For HttpOnly cookies use the SQLite method below.
Note: DevTools export preserves cookie name, value, domain, path, expires, httpOnly, secure flags in many builds.
Human tip: For web automation tools (like Puppeteer or Playwright) you can import this JSON directly for a headless session.
---
H2: Method B — Copy Cookies SQLite and convert to CSV (full profile cookies, advanced)
Why: Needed when you must get HttpOnly cookies or analyze many sites. More invasive and sensitive.
Step 1 — Copy the Cookies file (must close Chrome for consistency)
1] Quit Chrome completely (Task Manager → End chrome.exe on Windows; Chrome → Quit on macOS).
2] Copy the Cookies file from the profile folder:
Windows example:
C:\Users\Gryh\AppData\Local\Google\Chrome\User Data\Default\Cookies
Copy to:
C:\Temp\chrome-cookies\Cookies-copy
macOS example:
cp "/Users/Gryh/Library/Application Support/Google/Chrome/Default/Cookies" ~/Temp/chrome-cookies/Cookies-copy
Step 2 — Convert SQLite to CSV with Python (script below)
1] Ensure Python 3 is installed.
2] Save this script as cookiestocsv.py
`python
cookiestocsv.py
import sqlite3, csv, sys, os, datetime
src = sys.argv[1] # path to copied Cookies file
out = sys.argv[2] # output CSV path
conn = sqlite3.connect(src)
cur = conn.cursor()
cookies table columns: creationutc,hostkey,name,value,path,expiresutc,issecure,ishttponly,lastaccessutc,hasexpires,ispersistent,priority,encryptedvalue
query = '''
SELECT hostkey, name, value, path, expiresutc, issecure, ishttponly, lastaccessutc
FROM cookies;
'''
cur.execute(query)
rows = cur.fetchall()
def chrometimetoiso(webkitts):
if webkitts is None or webkitts==0:
return ''
epoch_start = datetime.datetime(1601,1,1)
return (epochstart + datetime.timedelta(microseconds=webkitts)).isoformat()
os.makedirs(os.path.dirname(out), exist_ok=True)
with open(out, 'w', newline='', encoding='utf-8') as f:
w = csv.writer(f)
w.writerow(['host','name','value','path','expiresiso','issecure','ishttponly','lastaccess_iso'])
for r in rows:
w.writerow([r[0], r[1], r[2], r[3], chrometimetoiso(r[4]), r[5], r[6], chrometimetoiso(r[7])])
conn.close()
print("Wrote", out)
`
3] Run conversion:
Windows:
python C:\Temp\chrome-cookies\cookiestocsv.py C:\Temp\chrome-cookies\Cookies-copy C:\Temp\chrome-cookies\chrome-cookies-2026.csv
macOS:
python3 ~/Temp/chrome-cookies/cookiestocsv.py ~/Temp/chrome-cookies/Cookies-copy ~/Temp/chrome-cookies/chrome-cookies-2026.csv
Result: CSV with cookie names, values, flags, and readable timestamps.
Caveat: In many Chrome installs cookie values are stored encrypted (encryptedvalue column), and the plain text value column may be empty or placeholder. On Windows, the encryptedvalue is DPAPI-encrypted; on macOS it uses Keychain. Decrypting requires OS-level secrets (advanced).
If cookie values are encrypted, see Decryption note below.
---
H2: Decrypting encrypted cookie values (advanced, Windows example)
Warning: decrypting uses your OS user credentials. Do this only on your machine and never on untrusted systems.
Windows PowerShell + Python approach (high-level):
- On Windows, DPAPI can be used to decrypt encrypted_value bytes using Python packages (pywin32 or cryptography + win32crypt). Example gist exists in community repos (search "chrome cookies decrypt dpapi python").
Simple PowerShell example (concept, not full script):
- Extract encrypted_value column as base64, call CryptUnprotectData via Win32 API to decrypt — requires code, not a one-liner here.
macOS: cookies encrypted via Keychain; you'd need access to the Keychain item and user login password to decrypt.
Because this is advanced and risky, prefer DevTools export for single-site needs or use automation tools that accept imported cookies via JSON.
---
H2: Method C — Use browser automation / Puppeteer / Playwright (practical for session migration)
Why: If you plan to reuse a session in automated tests, export cookies via DevTools or via the automation API.
Example (Puppeteer snippet):
`javascript
// save cookies
const cookies = await page.cookies();
const fs = require('fs');
fs.writeFileSync('cookies.json', JSON.stringify(cookies, null, 2));
// restore cookies later
const saved = JSON.parse(fs.readFileSync('cookies.json'));
await page.setCookie(...saved);
`
This handles HttpOnly cookies if obtained from the browser context and is cross-platform without DB tinkering.
Human note: I use this for headless testing — export once, reuse many times. Simpler than decrypting SQLite.
---
H2: How to restore cookies (limited and risky)
- Importing cookies into a live profile is tricky because of HttpOnly and encryption. DevTools/automation imports (Puppeteer/Playwright) are simplest for headless sessions.
- For manual restore into desktop Chrome, an extension that writes cookies via Chrome Cookies API or using a developer extension can set cookies, but this usually won’t set HttpOnly cookies.
- Full profile cookie restoration is possible by replacing the Cookies SQLite file and ensuring OS-level keys match (same user account and OS). That’s why copying Cookies file only works reliably on the same user account and OS.
Restore quick steps (automation):
1] Use Puppeteer/Playwright to setCookie from saved JSON.
2] Start a controlled browser instance (not your primary profile) for safety.
3] Verify session works, then proceed.
Restore via file replace (same machine/user only):
1] Close Chrome.
2] Replace profile Cookies file with your backup copy.
3] Start Chrome.
Risk: If Chrome’s encryption keys or OS user differ, cookies may be unreadable.
---
H2: Troubleshooting — common issues and fixes
Problem: Empty value column after converting DB
- Fix: Values are encrypted. You must decrypt using DPAPI/Keychain or use DevTools/automation to capture live values.
Problem: Exported cookie doesn't log me in after restoring
- Fix: Many sessions are tied to additional checks (IP, UA, secure flags) or token rotation. Cookies alone may not be enough. Also check SameSite and secure flags.
Problem: DevTools export missing HttpOnly cookies
- Fix: HttpOnly cookies are not accessible from document.cookie; use the Application tab or the cookies SQLite method while Chrome is closed to capture them.
Problem: Cannot open Cookies SQLite due to locked file
- Fix: Close Chrome completely. Use Task Manager to ensure no chrome.exe processes remain.
Problem: Restored cookies get replaced by sync
- Fix: Disable Chrome Sync for Cookies (Chrome sync doesn’t sync cookies, but profile sync states can cause conflict). Use a fresh profile when testing imports.
---
H2: Comparisons (no table) — Which export method to use
DevTools single-site export
- Pros: Simple, safe, avoids exposing whole profile.
- Cons: May miss HttpOnly cookies; captures only current origin.
Cookies SQLite copy + convert
- Pros: Full cookie set, includes HttpOnly, suitable for analysis.
- Cons: Sensitive, may require decryption, must close Chrome.
Automation (Puppeteer/Playwright)
- Pros: Handles HttpOnly when run in browser context, easy import/export JSON.
- Cons: Requires scripting knowledge.
My pick: For one-off session reuse or debugging — DevTools or automation. For audits or bulk analysis — copy DB + convert, but encrypt the output.
---
H2: Quick commands and file paths summary
- Cookies DB (Windows): C:\Users\<YourUser>\AppData\Local\Google\Chrome\User Data\Default\Cookies
- Cookies DB (macOS): /Users/<YourUser>/Library/Application Support/Google/Chrome/Default/Cookies
- DevTools: F12 → Application → Cookies → right-click → Export
- Python convert script: cookiestocsv.py (see above)
- Puppeteer save/load: page.cookies() and page.setCookie(...)
---
H2: FAQs — short practical answers
Q: Can I export cookies while Chrome is running?
A: DevTools export and automation capture live cookies. Copying the Cookies SQLite requires Chrome to be closed for consistent results.
Q: Are exported cookies portable between machines?
A: Not reliably for encrypted cookie values — session cookies may not work across IPs or different OS users. Use automation to import where possible.
Q: Will exported cookies include HttpOnly cookies?
A: DevTools GUI may show them in Application → Cookies; document.cookie won’t. The SQLite DB stores them; you’ll need the DB or automation to capture them.
Q: Is it legal to export cookies?
A: On your own accounts yes; exporting others’ cookies without consent is unethical and may be illegal. Don’t do it.
---
H2: What you can take away 📝
- Prefer DevTools export or automation (Puppeteer/Playwright) for single-site exports and session reuse.
- Use Cookies SQLite copy + conversion for full audits, but be ready to deal with encryption.
- Always secure exported cookie files (encrypt and delete when done).
- Restores often fail because of server-side protections — cookies aren’t always a magic key.
- When in doubt: export only the minimal cookie set you need.
Personal line: I rarely copy the whole Cookies file anymore — a quick DevTools export or Puppeteer dump does 90% of my needs and keeps my life simpler.
---
H2: Sources and further reading
- Chrome DevTools — Application panel: https://developer.chrome.com/docs/devtools/storage/cookies/
- Chromium cookie storage notes and schema (community): https://chromium.googlesource.com/chromium/src/+/main/components/content/browser/
- Puppeteer cookies docs: https://pptr.dev/#?product=Puppeteer&version=v13.0.0&show=api-pagecookies
- Security notes on DPAPI and Keychain: https://learn.microsoft.com/windows/win32/api/dpapi/ and https://developer.apple.com/security/
Related: "How to Export Chrome Passwords 2026" and "Automatically Backup Chrome Bookmarks 2026" — good companion reads.
---
H2: Why this matters in 2026 — final wrap
Cookies are tiny but powerful. Exporting them helps debugging and testing, but mishandling them leaks sessions. Use DevTools or automation when possible, secure any file copies, and treat cookie exports like passwords — short-lived and encrypted. Do it once, do it safely.
إرسال تعليق