Chrome extension generates cookies, without a visible HTTP request?

Question

I installed some chrome extension that pop ups a modal box when I'm on a certain domain.

If I click the button in that box, I see in the Network tab of chrome developer tools, that the extension makes an HTTP Post request to the website.

The request contains some request cookies from the domain: A,B,C,D. And response cookies from the domain: A,B,C - without D.

When the request is done (and the extension finished doing its "magic"), I discovered that the value of cookie D has changed, even though D was not in the response cookies. I tested it several times.

How is this possible? Can the extension make something in the background that is hidden from the network tab, that will cause the cookie D from the domain to change?

I want to be able to capture and document this Cookie D generation behavior, and don't know how to do that.

Answer 1

Using the chrome.cookies API, a Chrome extension can manipulate the cookies that are stored in the browser without the need to perform an HTTP request. The extension will need the cookies permission to access this API.

You will not be able to capture, or intercept, the extension's calls to the chrome.cookies API.

In addition, through the chrome.webRequest API, a chrome extension can modify the request headers, including cookies, which are sent or received without directly changing the cookies which are stored in the browser. The extension will need the webRequest and webRequestBlocking permissions to make such changes.