Chrome Extension

Capture authenticated browser cookies and pass them to AlterLab to scrape behind logins—no password sharing required.

Coming Soon

The AlterLab Chrome extension is currently in development and will be available on the Chrome Web Store soon. To request early access or be notified at launch, reach out to [email protected].

Overview

Many valuable data sources sit behind authentication walls— internal dashboards, subscription content, account-specific pricing, personalised feeds. The standard scraping approach breaks down here because reproducing a login flow programmatically is fragile and often blocked.

The AlterLab Chrome extension solves this with BYOS (Bring Your Own Session). You log into the target site once in your own browser, click a button in the extension, and your live session cookies are securely uploaded to AlterLab. From that point, any scrape request that references your session ID will be executed with those cookies— appearing to the server as your authenticated browser.

No Password Sharing

Credentials never leave your browser. Only cookies are transmitted.

One-Click Capture

Capture all domain cookies in a single click—no dev tools required.

Manifest V3

Built on the latest Chrome extension standard. Minimal permissions footprint.

How It Works

Getting from a logged-in browser tab to a working session in your scraper takes six steps.

1
Install the extension
Download the AlterLab extension from the Chrome Web Store and pin it to your toolbar for easy access.
2
Navigate to the target site
Open the site you want to scrape and log in as you normally would. Make sure you can see the authenticated content.
3
Click the AlterLab icon
Click the extension icon in the Chrome toolbar. The popup shows the current domain and the number of cookies detected.
4
Enter your API key (first time only)
Paste your AlterLab API key into the settings field. The key is stored in Chrome’s encrypted local storage and never needs to be entered again.
5
Click "Save to AlterLab"
The extension reads all cookies for the current domain (including parent domains), deduplicates them, and uploads them to AlterLab over HTTPS. You’ll see a confirmation with the generated session ID.
6
Use the session ID in your API calls
Pass the session ID as the session_id parameter in any scrape request. AlterLab injects the cookies automatically on every request in that session.

Features

The extension is designed to be minimal, transparent, and secure by default.

Full domain cookie capture — Reads all cookies matching the current domain and its parent domain (e.g. capturing both app.example.com and example.com cookies for maximum session coverage).
Automatic deduplication — Cookies with the same name, domain, and path are deduplicated before upload so you always get a clean, minimal set.
Cookie values never shown in the UI — The popup displays cookie names and counts for transparency but never renders the raw values, preventing shoulder-surfing leaks.
Custom API URL support — Point the extension at your own self-hosted AlterLab instance by setting a custom base URL in the settings panel.
Dark theme — Matches the AlterLab design system so the popup feels native alongside the dashboard.

Using Sessions in API Calls

After the extension saves your session, you receive a session_id (also visible in the AlterLab dashboard under Sessions). Pass this ID on any scrape request to have AlterLab inject your captured cookies automatically.

Sessions are tied to your API key. Only your account can use a session you created. Cookie values are encrypted at rest and are never returned in API responses.

Python

from alterlab import AlterLab

client = AlterLab(api_key="sk_live_your_key")

# Use a captured browser session to scrape authenticated content
result = client.scrape(
    url="https://example.com/dashboard",
    session_id="your-session-id",
)

print(result.content)

Session expiry

Browser sessions expire when the underlying site cookies expire or when you log out. If you start seeing authentication errors in your scrape results, recapture the session from the extension and update the session ID in your code.

Security

The BYOS model requires careful handling of sensitive data. Here is exactly how the extension and AlterLab protect your session information.

API key storage

Your AlterLab API key is stored using Chrome’s encrypted chrome.storage.local API, which is sandboxed to the extension and never accessible by page scripts.

AES-256-GCM encryption at rest

Cookie values are encrypted with AES-256-GCM before being written to the database. The encryption key is derived per-account and never stored alongside the data.

Cookie values never returned in responses

No AlterLab API endpoint ever returns raw cookie values. The session ID is a reference; the values remain server-side only.

HTTPS-only transmission

Cookies are transmitted exclusively over HTTPS to your configured AlterLab instance. Plaintext upload is rejected.

API key format validation

The extension validates the sk_live_… key format locally before attempting any network request, preventing accidental submissions of incorrect data.

Permissions

The extension requests the minimum set of Chrome permissions needed to function. No broad host access, no background page, no remote code execution.

Permission	Why it's needed
`cookies`	Read cookies for the active domain so they can be captured and uploaded to AlterLab.
`activeTab`	Access the URL of the current tab to determine which domain's cookies to capture. Access is granted only while the popup is open.
`storage`	Persist your API key and optional custom API URL in Chrome's local encrypted storage so they survive browser restarts.

No broad host permissions

Unlike many extensions, the AlterLab extension does not request <all_urls> or any wildcard host access. It only reads cookies from the tab you are actively viewing when the popup is open.

n8n Node

Last updated: March 2026