// the find
easychen/CookieCloud
CookieCloud是一个和自架服务器同步浏览器Cookie和LocalStorage的小工具,支持端对端加密,可设定同步时间间隔。本仓库包含了插件和服务器端源码。CookieCloud is a small tool for synchronizing browser cookies and LocalStorage with a self-hosted server. It supports end-to-end encryption and allows for setting the synchronization interval. This repository contains both the plugin and the server-side source code
CookieCloud is a browser extension + self-hosted server combo that syncs cookies and localStorage across devices with end-to-end encryption. It's aimed at power users who need authenticated browser sessions available in headless automation tools like Playwright, or who want cookies synced to a second machine without relying on browser sync.
The headless automation use case is genuinely practical — feeding live authenticated cookies into Playwright is a real problem and this solves it cleanly. Self-hosting is straightforward via a single Docker image. The project ships decryption reference implementations in Go, Python, Deno, Java, and PHP, which matters when you're integrating with existing tooling. The wxt-based rewrite in the ext/ directory shows the extension is being maintained against current Manifest V3 requirements.
The encryption scheme is weak: the key is the first 16 characters of MD5(uuid+password), which gives you AES-128 with a low-entropy key derived from a trivially fast hash. Anyone who can sniff or intercept the sync traffic and has a rough idea of the password has a short bruteforce job ahead of them. Sync is strictly one-way (one uploader, many downloaders), which means it can't replace browser sync for bidirectional use. There's no authentication on the server's /get/:uuid endpoint — anyone who knows your UUID can download your encrypted blob. The repo has two parallel extension directories (extension/ referenced in the README, and ext/ with the actual wxt rewrite) with no clear indication of which one ships, which creates confusion for contributors.