Firefox 瀏覽器附加元件
  • 擴充套件
  • 佈景主題
    • 用於 Firefox
    • 字典與語言套件
    • 其他瀏覽器網站
    • Android 版的附加元件
登入
Decloak Session Capture 預覽

Decloak Session Capture 作者: Stephen Gray

Capture your logged-in session (cookies + storage) so Decloak can run an authenticated scan, including passkey/WebAuthn logins.

某些功能可能需要付款後才能使用某些功能可能需要付款後才能使用
0(0 筆評分)0(0 筆評分)
下載 Firefox 並安裝擴充套件
下載檔案

擴充套件後設資料

畫面擷圖
關於此擴充套件
Decloak is an automated web security scanner. Paste any URL and get a free, instant report in about 15 seconds - no login required - covering HTTP/TLS posture, JavaScript vulnerabilities, third-party scripts and tag managers, and more.

Decloak's paid Enterprise tier goes further: an AI agent crawls your whole site, investigates what it finds, and produces audit-ready reports for teams tracking SOC2 or ISO 27001 compliance.

This extension is a companion for the Enterprise tier's authenticated scans - it does nothing on its own and requires a Decloak account already open to a "New scan" dialog.

Enterprise's authenticated scan mode crawls your site as a logged-in user, which means it needs your session. For most sites that's easy to script. For sites using passkeys or WebAuthn (Hanko, Face ID/Touch ID sign-in, security keys), there's no credential to script — the only way in is a session that already exists in your browser. This extension captures that session so Decloak can use it.

How it works
  1. Start a new Enterprise scan in your Decloak dashboard, choose "Authenticate as a logged-in user," and click "Get a capture code."
  2. Open the site you want scanned in a tab, log in normally, then click this extension's icon.
  3. Click "Capture session for Decloak" — it asks for permission on just that tab's site, nothing else.
  4. Paste the capture code from the dashboard and click "Send to Decloak."

What it captures

Cookies, localStorage, and sessionStorage for the one site you're currently on. Nothing else — no browsing history, no other tabs, no data from sites you haven't explicitly clicked "capture" on.

What it doesn't do
  • No install-time permissions. It asks for site access only when you click, only for that site.
  • No account or API key lives in the extension. The one-time capture code from your Decloak dashboard is the only credential involved, and it expires in 15 minutes whether you use it or not.
  • Nothing is stored by the extension itself. Closing the popup clears the capture. There's no storage permission in the manifest because there's nothing to persist.
  • The capture is single-use. Once Decloak's scan consumes it, the code is dead.

Why this needs the cookies permission

The entire purpose of this extension is capturing a session for your own authenticated security scan, scoped to the one site you click on. There's no other way to read cookies for a site from an extension. We don't request broad host permissions at install time - you grant access per-site, per-use, from the popup.

Full privacy policy: https://decloak.dev/privacy - see the "Browser extension (Session Capture)" section for exactly what's read, when it's transmitted, and how long anything is retained.
由 1 位評論者給出 0 分
登入後即可幫此擴充套件評分
目前沒有評分

已儲存星等

5
0
4
0
3
0
2
0
1
0
還沒有評論
權限與資料

開發者聲稱必須收集下列資料:

  • 驗證資訊
了解更多
更多資訊
附加元件網址
  • 首頁
  • 技術支援網站
  • 技術支援信箱
  • 複製附加元件 ID
版本
0.1.0
大小
21.07 KB
最近更新
4 天前 (2026年7月14日)
相關分類
  • 網頁開發
  • 隱私權與安全性
授權條款
保留所有權利
隱私權保護政策
閱讀此附加元件的隱私權保護政策
版本紀錄
  • 瀏覽所有版本
標籤
  • privacy
  • security
新增至收藏集
檢舉此附加元件
前往 Mozilla 官網

附加元件

  • 關於
  • Firefox 附加元件部落格
  • 擴充套件工作坊
  • 開發者交流中心
  • 開發者政策
  • 社群部落格
  • 討論區
  • 回報 Bug
  • 評論撰寫指南

下載

  • Download Firefox
  • Windows
  • macOS
  • iOS
  • Android
  • Linux
  • All

最新編譯版本

  • Nightly
  • Beta

Firefox for Business

  • Enterprise

社群

  • Connect
  • Contribute
  • Developer

追蹤

  • Instagram
  • YouTube
  • TikTok
  • Bluesky
  • Podcast
  • 隱私權
  • Cookie
  • 法律資訊

除另有註明外,本站內容皆採用創用 CC 姓名標示—相同方式分享條款 3.0 或更新版本授權大眾使用。