Extract browser cookies and write them as a Netscape-format cookie jar file, compatible with curl -b, wget --load-cookies, and other tools that speak the Netscape cookie file format.
Uses @steipete/sweet-cookie under the hood to read cookies from Chrome, Edge, Firefox, and Safari.
npm install -g @kieranhunt/crulOr run directly without installing:
npx --yes @kieranhunt/crul --url https://example.com# Extract all cookies for a URL, print to stdout
npx --yes @kieranhunt/crul --url https://example.com
# Write to a file (created with 0600 permissions)
npx --yes @kieranhunt/crul --url https://example.com --output cookies.txt
# Use a specific browser
npx --yes @kieranhunt/crul --url https://example.com --browsers chrome
# Filter to specific cookie names
npx --yes @kieranhunt/crul --url https://example.com --names session --names csrf
# Multiple origins (useful for SSO/OAuth flows)
npx --yes @kieranhunt/crul --url https://app.example.com \
--origins https://login.example.com \
--origins https://accounts.example.com
# Pipe directly into curl
curl -b <(npx --yes @kieranhunt/crul --url https://example.com) https://example.com/apiFetch your list of GitHub repos:
curl -s -b <(npx --yes @kieranhunt/crul --browsers firefox --url https://github.com) \
https://github.com/repos \
| htmlq 'script[data-target="react-app.embeddedData"]' -t \
| jq -r '.payload.reposFinderPageRoute.repositories[].name'
# kieran.casa
# cdk-search
# aws-sdk-waiters
# ddb-ttl
# ...Fetch the titles of all Reddit posts you've commented on:
curl -s \
-A "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:148.0) Gecko/20100101 Firefox/148.0" \
-b <(npx --yes @kieranhunt/crul --browsers firefox --url https://www.reddit.com) \
https://www.reddit.com/user/kieran_hunt/comments/ \
| htmlq 'a[aria-label]' -a aria-label \
| grep 'comment on' \
| sed 's/.*comment on //'
# Do you know where this is?
# BoxMac Q&A Live Stream - 2-28-16
# Web developers of South Africa, what hosting site would you recommend?
# BoxMac Episode 28: Texas Box 1 - H.E.B. Macs
# ...Fetch the title of all Hacker News posts you've upvoted:
curl \
-b <(npx --yes @kieranhunt/crul --browsers firefox --url "https://news.ycombinator.com") \
--silent \
"https://news.ycombinator.com/upvoted?id=kieranhunt" \
| htmlq '.titleline > a' --text
# Show HN: C++ AWS MSK IAM Auth Implementation – Goodbye Kafka Passwords
# Two Starkly Similar Novels and the Puzzle of Plagiarism
# Browning Fever: A story of fandom, literary societies, and impenetrable verse
# Alphabet’s Sidewalk Labs seeks share of property taxes for Toronto smart city
# ...All option names mirror the GetCookiesOptions API from sweet-cookie.
| Option | Description |
|---|---|
--url <url> |
(required) URL to extract cookies for |
--output <path> |
Output file path. Omit to write to stdout |
--browsers <browsers...> |
Browser backends: chrome, edge, firefox, safari |
--names <names...> |
Filter to specific cookie names |
--origins <urls...> |
Additional origins to include |
--profile <profile> |
Alias for --chrome-profile |
--chrome-profile <profile> |
Chrome profile name, directory, or Cookies DB path |
--edge-profile <profile> |
Edge profile name, directory, or Cookies DB path |
--firefox-profile <profile> |
Firefox profile name or directory path |
--safari-cookies-file <path> |
Override path to Safari Cookies.binarycookies |
--chromium-browser <browser> |
macOS Chromium target: chrome, brave, arc, chromium |
--mode <mode> |
merge (default) or first |
--include-expired |
Include expired cookies |
--timeout-ms <ms> |
Timeout for OS helper calls (keychain/keyring/DPAPI) |
--inline-cookies-file <path> |
Read inline cookie payload from file |
--inline-cookies-json <json> |
Inline cookie payload as JSON string |
--inline-cookies-base64 <b64> |
Inline cookie payload as base64-encoded JSON |
--debug |
Print extra warnings to stderr |
The output follows the Netscape cookie file format -- one cookie per line, TAB-delimited:
# Netscape HTTP Cookie File
# https://curl.se/docs/http-cookies.html
# This file was generated by crul.
# Edit at your own risk.
#HttpOnly_.example.com TRUE / TRUE 1735689600 session abc123
example.com FALSE / FALSE 0 csrf xyz
Fields: domain, subdomain flag, path, secure, expires (unix seconds, 0 = session), name, value.
Cookies with httpOnly set get the #HttpOnly_ prefix on the domain (recognized by curl, Firefox, etc).
MIT