Session/Login Extractor automates complex login workflows and captures authenticated session data in a reliable and repeatable way. It solves the challenge of programmatically accessing protected applications by reproducing real user behavior, including multi-factor authentication. This project is ideal for developers and teams that need stable session extraction from authenticated environments.
Created by Bitbash, built to showcase our approach to Scraping and Automation!
If you are looking for session-login-extractor you've just found your team — Let’s Chat. 👆👆
This project automates sign-in flows and extracts authenticated session artifacts such as cookies, localStorage, and sessionStorage. It removes the need for manual logins when dealing with protected web applications. It is designed for developers, QA engineers, and automation specialists who require repeatable authenticated access.
- Reproduces real user interactions like typing, clicking, waiting, and submitting forms
- Supports multi-step login flows including optional and conditional steps
- Handles two-factor authentication using time-based one-time passwords
- Captures complete session state after successful authentication
- Provides visual debugging through automatic screenshots
| Feature | Description |
|---|---|
| Login Flow Automation | Executes configurable login steps that mimic real user behavior. |
| Session Data Capture | Extracts cookies, localStorage, and sessionStorage after authentication. |
| TOTP Authentication | Generates and submits time-based one-time passwords for MFA flows. |
| Smart Element Selection | Handles multiple matching elements using index, first, or last logic. |
| Optional Steps Handling | Continues execution even if non-critical elements are missing. |
| Debug Screenshots | Saves screenshots before each interaction to simplify troubleshooting. |
| Custom User Agent | Allows full control over the browser identification string. |
| Multi-Domain Sessions | Collects session cookies across multiple related domains. |
| Field Name | Field Description |
|---|---|
| cookies | Authenticated cookies grouped by domain with full attributes. |
| localStorage | Key-value data stored in the browser’s local storage. |
| sessionStorage | Temporary session-level storage values. |
| domain | Domain associated with each extracted cookie. |
| expires | Expiration timestamp for session cookies. |
| secure | Indicates whether cookies are restricted to secure contexts. |
{
"cookies": {
"example.com": [
{
"name": "sessionId",
"value": "abc123",
"domain": "example.com",
"path": "/",
"expires": 1234567890,
"httpOnly": true,
"secure": true
}
]
},
"localStorage": {
"theme": "dark",
"user": "{\"id\":123,\"name\":\"John\"}"
},
"sessionStorage": {
"lastPage": "/dashboard"
}
}
Session/Login Extractor/
├── src/
│ ├── index.ts
│ ├── browser/
│ │ ├── launcher.ts
│ │ └── context.ts
│ ├── actions/
│ │ ├── click.ts
│ │ ├── type.ts
│ │ ├── sleep.ts
│ │ └── totp.ts
│ ├── session/
│ │ ├── cookies.ts
│ │ ├── localStorage.ts
│ │ └── sessionStorage.ts
│ ├── utils/
│ │ ├── selectors.ts
│ │ └── screenshots.ts
│ └── config/
│ └── defaults.json
├── data/
│ └── sample-output.json
├── package.json
├── tsconfig.json
└── README.md
- Automation engineers use it to capture authenticated sessions, so they can reuse them in downstream workflows.
- QA teams use it to automate secure application testing, so they can validate protected features without manual logins.
- Backend developers use it to retrieve session cookies, so they can interact with private APIs safely.
- Security researchers use it to reproduce authenticated states, so they can analyze access-controlled systems.
- Integration teams use it to bridge legacy login flows, so they can enable automated system interactions.
Does this support multi-step authentication flows? Yes. The workflow supports unlimited steps, conditional actions, waits, and multi-factor authentication using TOTP.
Can it handle optional popups or consent banners? Yes. Steps can be marked optional so execution continues even if an element is not found.
Is session data limited to a single domain? No. You can specify multiple domains to extract cookies from a complete authentication flow.
How is debugging handled if a login fails? Screenshots are automatically captured before each interaction, making it easy to diagnose failures.
Primary Metric: Average end-to-end login execution completes within 6–10 seconds for standard workflows.
Reliability Metric: Successfully reproduces authentication flows with a success rate above 97% in stable environments.
Efficiency Metric: Executes lightweight browser sessions with minimal memory overhead during short-lived runs.
Quality Metric: Captures full session state with consistent cookie and storage completeness across runs.
"Bitbash is a top-tier automation partner, innovative, reliable, and dedicated to delivering real results every time." Nathan Pennington
|
"Bitbash delivers outstanding quality, speed, and professionalism, truly a team you can rely on." Eliza
|
"Exceptional results, clear communication, and flawless delivery. Syed
|