Decloak Session Capture автор Stephen Gray
Capture your logged-in session (cookies + storage) so Decloak can run an authenticated scan, including passkey/WebAuthn logins.
Деякі функції можуть потребувати оплатиДеякі функції можуть потребувати оплати
Метадані розширення
Знімки екрана
Про це розширення
Decloak is an automated web security scanner. Paste any URL and get a free, instant report in about 15 seconds - no login required - covering HTTP/TLS posture, JavaScript vulnerabilities, third-party scripts and tag managers, and more.
Decloak's paid Enterprise tier goes further: an AI agent crawls your whole site, investigates what it finds, and produces audit-ready reports for teams tracking SOC2 or ISO 27001 compliance.
This extension is a companion for the Enterprise tier's authenticated scans - it does nothing on its own and requires a Decloak account already open to a "New scan" dialog.
Enterprise's authenticated scan mode crawls your site as a logged-in user, which means it needs your session. For most sites that's easy to script. For sites using passkeys or WebAuthn (Hanko, Face ID/Touch ID sign-in, security keys), there's no credential to script — the only way in is a session that already exists in your browser. This extension captures that session so Decloak can use it.
How it works
What it captures
Cookies, localStorage, and sessionStorage for the one site you're currently on. Nothing else — no browsing history, no other tabs, no data from sites you haven't explicitly clicked "capture" on.
What it doesn't do
Why this needs the cookies permission
The entire purpose of this extension is capturing a session for your own authenticated security scan, scoped to the one site you click on. There's no other way to read cookies for a site from an extension. We don't request broad host permissions at install time - you grant access per-site, per-use, from the popup.
Full privacy policy: https://decloak.dev/privacy - see the "Browser extension (Session Capture)" section for exactly what's read, when it's transmitted, and how long anything is retained.
Decloak's paid Enterprise tier goes further: an AI agent crawls your whole site, investigates what it finds, and produces audit-ready reports for teams tracking SOC2 or ISO 27001 compliance.
This extension is a companion for the Enterprise tier's authenticated scans - it does nothing on its own and requires a Decloak account already open to a "New scan" dialog.
Enterprise's authenticated scan mode crawls your site as a logged-in user, which means it needs your session. For most sites that's easy to script. For sites using passkeys or WebAuthn (Hanko, Face ID/Touch ID sign-in, security keys), there's no credential to script — the only way in is a session that already exists in your browser. This extension captures that session so Decloak can use it.
How it works
- Start a new Enterprise scan in your Decloak dashboard, choose "Authenticate as a logged-in user," and click "Get a capture code."
- Open the site you want scanned in a tab, log in normally, then click this extension's icon.
- Click "Capture session for Decloak" — it asks for permission on just that tab's site, nothing else.
- Paste the capture code from the dashboard and click "Send to Decloak."
What it captures
Cookies, localStorage, and sessionStorage for the one site you're currently on. Nothing else — no browsing history, no other tabs, no data from sites you haven't explicitly clicked "capture" on.
What it doesn't do
- No install-time permissions. It asks for site access only when you click, only for that site.
- No account or API key lives in the extension. The one-time capture code from your Decloak dashboard is the only credential involved, and it expires in 15 minutes whether you use it or not.
- Nothing is stored by the extension itself. Closing the popup clears the capture. There's no storage permission in the manifest because there's nothing to persist.
- The capture is single-use. Once Decloak's scan consumes it, the code is dead.
Why this needs the cookies permission
The entire purpose of this extension is capturing a session for your own authenticated security scan, scoped to the one site you click on. There's no other way to read cookies for a site from an extension. We don't request broad host permissions at install time - you grant access per-site, per-use, from the popup.
Full privacy policy: https://decloak.dev/privacy - see the "Browser extension (Session Capture)" section for exactly what's read, when it's transmitted, and how long anything is retained.
Rated 0 by 0 reviewers
Permissions and data
Більше інформації
- Версія
- 0.1.0
- Розмір
- 21,07 КБ
- Востаннє оновлено
- 3 дні тому (14 лип 2026 р.)
- Пов'язані категорії
- Ліцензія
- Усі права захищені
- Політика приватності
- Ознайомитись з політикою приватності для цього додатка
- Історія версій
- Додати до збірки