Back to Blog

Sync Your Local Chrome Cookies to OpenClaw Cloud Browser

Two commands: login, then push local Chrome cookies into the OpenClaw cloud browser.

DV

Dzianis Vashchuk

4 min read

Bypassing Chrome's App-Bound Encryption to Sync Cookies via CDP

Chrome v127+ introduced App-Bound Encryption, breaking traditional tools that extract cookies by decrypting the local SQLite database.

chrome-sync v0.6.0 solves this by extracting session state directly from Chrome's memory via the Chrome DevTools Protocol (CDP). It copies your local authenticated sessions into your OpenClaw cloud browser so AI agents can act on your behalf.

No browser extensions. No disabled security flags. No password sharing.

Usage

Authenticate your CLI once:

npx -y @vibetechnologies/chrome-sync login

With Chrome running locally, push your current session state:

npx -y @vibetechnologies/chrome-sync push

Output:

Extracting cookies for: ALL
  Found 3394 cookies
  Pushing to cloud browser...
✓ Injected 3394 cookies into cloud browser

How the CDP Extraction Works

Instead of fighting OS-level decryption (macOS Keychain, Linux libsecret, Windows DPAPI), we ask the browser for the data directly.

  1. Auto-Discovery: chrome-sync defaults to --autoConnect. It reads Chrome's DevToolsActivePort file (e.g., ~/Library/Application Support/Google/Chrome/DevToolsActivePort on macOS) to find the active WebSocket port and browser target ID without requiring a browser restart.
  2. Memory Extraction: It connects to the browser-level CDP WebSocket and executes Storage.getCookies (falling back to Network.getAllCookies if needed). This yields the plaintext cookies directly from Chrome's active memory network stack.
  3. Cloud Injection: The CLI securely POSTs the JSON payload over HTTPS to your OpenClaw tenant. The cloud infrastructure then injects the cookies into the remote Chromium instance using Network.setCookies.

Troubleshooting

  • Could not connect to Chrome via CDP: Ensure Chrome has remote debugging enabled. For most dev setups, it's on. Otherwise, launch Chrome with --remote-debugging-port=9222.
  • Found 0 cookies: You aren't signed into the requested domain on the active Chrome profile.
  • Session rejected: Some highly secure sites bind sessions to device fingerprints or IPs, requiring re-auth even with valid cookies.