Skip to content

Instantly share code, notes, and snippets.

@secdev02

secdev02/Get-PortalAuthFromCookies.ps1

Last active December 14, 2025 20:15
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save secdev02/a426d8b9c457a6507d9ef9b8b96190ab to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save secdev02/a426d8b9c457a6507d9ef9b8b96190ab to your computer and use it in GitHub Desktop.
Download ZIP
Get-PortalAuthFromCookies
Raw
Get-PortalAuthFromCookies.ps1
# BARK Cookie to Refresh Token Extractor
# This extracts portal auth tokens from cookies to use with BARK's existing functions
Function Get-PortalAuthTokensFromCookies {
<#
.SYNOPSIS
Extracts Portal Auth Refresh Token and Portal ID from browser cookies.
Author: Custom addition for BARK
License: GPLv3
Required Dependencies: None
.DESCRIPTION
This function extracts the x-ms-portal-auth-refresh-token and x-ms-portal-id cookies
which can be used directly with BARK's Get-MSGraphTokenWithPortalAuthRefreshToken function.
.PARAMETER JSONPath
Path to JSON file containing exported cookies from portal.azure.com
.EXAMPLE
$Tokens = Get-PortalAuthTokensFromCookies -JSONPath ".\cookies.json"
# Then use with BARK:
$MSGraphToken = Get-MSGraphTokenWithPortalAuthRefreshToken `
-PortalAuthRefreshToken $Tokens.PortalAuthRefreshToken `
-TenantID "contoso.onmicrosoft.com" `
-PortalID $Tokens.PortalID
#>
[cmdletbinding()]
param(
[Parameter(Mandatory = $True)]
[string]
$JSONPath
)
try {
# Check if file exists
if (-not (Test-Path $JSONPath)) {
Write-Error ("Cookie JSON file not found: {0}" -f $JSONPath)
return $null
}
# Read and parse JSON
Write-Host ("[*] Reading cookie file: {0}" -f $JSONPath) -ForegroundColor Cyan
$JSONContent = Get-Content -Path $JSONPath -Raw
$Cookies = $JSONContent | ConvertFrom-Json
# Initialize return object
$Result = @{
PortalAuthRefreshToken = $null
AltPortalAuthRefreshToken = $null
PortalID = $null
}
# Handle different JSON formats
$CookieList = $null
if ($Cookies -is [Array]) {
Write-Host "[*] Detected array format" -ForegroundColor Cyan
$CookieList = $Cookies
}
elseif ($Cookies.cookies) {
Write-Host "[*] Detected object format with 'cookies' property" -ForegroundColor Cyan
$CookieList = $Cookies.cookies
}
if ($CookieList) {
# Extract portal auth refresh token
$PortalAuthCookie = $CookieList | Where-Object {
($_.name -eq "x-ms-portal-auth-refresh-token") -or
($_.Name -eq "x-ms-portal-auth-refresh-token")
}
if ($PortalAuthCookie) {
$Result.PortalAuthRefreshToken = if ($PortalAuthCookie.value) {
[string]$PortalAuthCookie.value
} else {
[string]$PortalAuthCookie.Value
}
Write-Host "[+] Found x-ms-portal-auth-refresh-token" -ForegroundColor Green
}
# Extract alt portal auth refresh token (if present)
$AltPortalAuthCookie = $CookieList | Where-Object {
($_.name -eq "x-ms-alt-portal-auth-refresh-token") -or
($_.Name -eq "x-ms-alt-portal-auth-refresh-token")
}
if ($AltPortalAuthCookie) {
$Result.AltPortalAuthRefreshToken = if ($AltPortalAuthCookie.value) {
[string]$AltPortalAuthCookie.value
} else {
[string]$AltPortalAuthCookie.Value
}
Write-Host "[+] Found x-ms-alt-portal-auth-refresh-token" -ForegroundColor Green
}
# Extract portal ID
$PortalIDCookie = $CookieList | Where-Object {
($_.name -eq "x-ms-portal-id") -or
($_.Name -eq "x-ms-portal-id")
}
if ($PortalIDCookie) {
$Result.PortalID = if ($PortalIDCookie.value) {
[string]$PortalIDCookie.value
} else {
[string]$PortalIDCookie.Value
}
Write-Host "[+] Found x-ms-portal-id" -ForegroundColor Green
}
}
# Check if we got what we need
if ($Result.PortalAuthRefreshToken -and $Result.PortalID) {
Write-Host "[+] Successfully extracted portal tokens!" -ForegroundColor Green
Write-Host ""
Write-Host "Use with BARK like this:" -ForegroundColor Cyan
Write-Host ('$MSGraphToken = Get-MSGraphTokenWithPortalAuthRefreshToken `') -ForegroundColor Yellow
Write-Host (' -PortalAuthRefreshToken "{0}..." `' -f $Result.PortalAuthRefreshToken.Substring(0, [Math]::Min(20, $Result.PortalAuthRefreshToken.Length))) -ForegroundColor Yellow
Write-Host (' -TenantID "YOUR_TENANT_ID" `') -ForegroundColor Yellow
Write-Host (' -PortalID "{0}"' -f $Result.PortalID) -ForegroundColor Yellow
return $Result
}
else {
Write-Error "Missing required cookies"
Write-Host "[*] Available cookies in file:" -ForegroundColor Yellow
$CookieList | ForEach-Object {
$name = if ($_.name) { $_.name } else { $_.Name }
$domain = if ($_.domain) { $_.domain } else { $_.Domain }
if ($name) { Write-Host (" - {0} (domain: {1})" -f $name, $domain) }
}
Write-Host ""
Write-Host "[!] Make sure you exported cookies from portal.azure.com, not login.microsoftonline.com" -ForegroundColor Yellow
return $null
}
}
catch {
Write-Error ("Error extracting tokens: {0}" -f $_.Exception.Message)
return $null
}
}
Function Get-PortalAuthTokensManual {
<#
.SYNOPSIS
Interactive helper to manually enter Portal Auth tokens.
.DESCRIPTION
Guides you through manually extracting the portal auth tokens from browser cookies.
.EXAMPLE
$Tokens = Get-PortalAuthTokensManual
#>
[cmdletbinding()]
param()
Write-Host "`n=== Manual Portal Auth Token Extraction ===" -ForegroundColor Cyan
Write-Host ""
Write-Host "1. Open portal.azure.com in your browser and login" -ForegroundColor Green
Write-Host "2. Press F12 to open Developer Tools" -ForegroundColor Green
Write-Host "3. Go to Application (Chrome/Edge) or Storage (Firefox)" -ForegroundColor Green
Write-Host "4. Click Cookies > https://portal.azure.com" -ForegroundColor Green
Write-Host ""
Write-Host "5. Find and copy the following cookie values:" -ForegroundColor Yellow
Write-Host " - x-ms-portal-auth-refresh-token" -ForegroundColor Yellow
Write-Host " - x-ms-portal-id" -ForegroundColor Yellow
Write-Host ""
$PortalAuthRefreshToken = Read-Host "Enter x-ms-portal-auth-refresh-token value"
$PortalID = Read-Host "Enter x-ms-portal-id value"
if ($PortalAuthRefreshToken -and $PortalID) {
$Result = @{
PortalAuthRefreshToken = [string]$PortalAuthRefreshToken.Trim()
PortalID = [string]$PortalID.Trim()
}
Write-Host ""
Write-Host "[+] Tokens captured!" -ForegroundColor Green
Write-Host "Use with BARK like this:" -ForegroundColor Cyan
Write-Host ('$MSGraphToken = Get-MSGraphTokenWithPortalAuthRefreshToken `') -ForegroundColor Yellow
Write-Host (' -PortalAuthRefreshToken $Tokens.PortalAuthRefreshToken `') -ForegroundColor Yellow
Write-Host (' -TenantID "YOUR_TENANT_ID" `') -ForegroundColor Yellow
Write-Host (' -PortalID $Tokens.PortalID') -ForegroundColor Yellow
return $Result
}
else {
Write-Error "Missing required values"
return $null
}
}
# Usage examples
Write-Host "`n=== BARK Portal Auth Token Extractor ===" -ForegroundColor Cyan
Write-Host ""
Write-Host "This is SIMPLER than the full cookie import!" -ForegroundColor Green
Write-Host "Extract portal auth tokens and use BARK's existing functions." -ForegroundColor Green
Write-Host ""
Write-Host "Method 1: From JSON export (EASIEST):" -ForegroundColor Cyan
Write-Host " 1. Export cookies from portal.azure.com to JSON"
Write-Host " 2. Run:" -ForegroundColor Yellow
Write-Host ' $Tokens = Get-PortalAuthTokensFromCookies -JSONPath ".\cookies.json"'
Write-Host " 3. Use with BARK:" -ForegroundColor Yellow
Write-Host ' $MSGraphToken = Get-MSGraphTokenWithPortalAuthRefreshToken \'
Write-Host ' -PortalAuthRefreshToken $Tokens.PortalAuthRefreshToken \'
Write-Host ' -TenantID "tenant.onmicrosoft.com" \'
Write-Host ' -PortalID $Tokens.PortalID'
Write-Host ""
Write-Host "Method 2: Manual entry:" -ForegroundColor Cyan
Write-Host " 1. Run:" -ForegroundColor Yellow
Write-Host ' $Tokens = Get-PortalAuthTokensManual'
Write-Host " 2. Follow the prompts to enter cookie values"
Write-Host ""
Write-Host "Other BARK functions you can use:" -ForegroundColor Cyan
Write-Host " - Get-AzureRMTokenWithPortalAuthRefreshToken" -ForegroundColor Yellow
Write-Host " - Get-AzurePortalTokenWithRefreshToken" -ForegroundColor Yellow
Write-Host ""
Raw
Import-BarkCookie.ps1
Function Test-CookieValue {
<#
.SYNOPSIS
Validates a cookie value before attempting to import it.
.DESCRIPTION
Checks if a cookie value appears to be in the correct format for ESTSAUTH cookies.
.PARAMETER CookieValue
The cookie value to test.
.EXAMPLE
Test-CookieValue -CookieValue "0.AS8A..."
#>
[cmdletbinding()]
param(
[Parameter(Mandatory = $True)]
$CookieValue
)
Write-Host "[*] Testing cookie value..." -ForegroundColor Cyan
# Check type
Write-Host (" - Type: {0}" -f $CookieValue.GetType().FullName)
# Try to convert to string
try {
$StringValue = [string]$CookieValue
Write-Host (" - Length: {0}" -f $StringValue.Length)
Write-Host (" - First 20 chars: {0}..." -f $StringValue.Substring(0, [Math]::Min(20, $StringValue.Length)))
# Check if it looks like an ESTSAUTH cookie
if ($StringValue.StartsWith("0.")) {
Write-Host " - Format: Appears to be valid ESTSAUTH format" -ForegroundColor Green
return $true
}
else {
Write-Host " - Format: Does not appear to be ESTSAUTH format (should start with '0.')" -ForegroundColor Yellow
return $false
}
}
catch {
Write-Host (" - Error converting to string: {0}" -f $_.Exception.Message) -ForegroundColor Red
return $false
}
}
Function Import-EntraCookie {
<#
.SYNOPSIS
Imports browser cookies to obtain Entra ID tokens for use with BARK.
Author: Custom addition for BARK
License: GPLv3
Required Dependencies: None
.DESCRIPTION
This function imports browser cookies (particularly ESTSAUTH or ESTSAUTHPERSISTENT cookies)
and uses them to obtain access tokens that can be used with BARK functions.
.PARAMETER CookieValue
The value of the ESTSAUTH or ESTSAUTHPERSISTENT cookie from your browser.
.PARAMETER TenantID
The Entra ID tenant ID.
.PARAMETER Resource
The resource to request a token for. Defaults to MS Graph.
Common values:
- "https://graph.microsoft.com" (MS Graph)
- "https://management.azure.com" (Azure Resource Manager)
.PARAMETER ClientID
The client ID to use. Defaults to Azure PowerShell client ID.
.EXAMPLE
$Token = Import-EntraCookie -CookieValue "0.AS..." -TenantID "contoso.onmicrosoft.com"
Description
-----------
Import a cookie and obtain an MS Graph token
.EXAMPLE
$Token = Import-EntraCookie -CookieValue "0.AS..." -TenantID "197394d9-7065-43d2-8dc8-c63c1349abb0" -Resource "https://management.azure.com"
Description
-----------
Import a cookie and obtain an Azure Resource Manager token
#>
[cmdletbinding()]
param(
[Parameter(Mandatory = $True)]
[string]
$CookieValue,
[Parameter(Mandatory = $True)]
[string]
$TenantID,
[Parameter(Mandatory = $False)]
[string]
$Resource = "https://graph.microsoft.com",
[Parameter(Mandatory = $False)]
[string]
$ClientID = "1950a258-227b-4e31-a9cf-717495945fc2"
)
try {
# Ensure cookie value is a string
$CookieValue = [string]$CookieValue
$TenantID = [string]$TenantID
$Resource = [string]$Resource
$ClientID = [string]$ClientID
Write-Verbose ("Cookie value length: {0}" -f $CookieValue.Length)
Write-Verbose ("Tenant ID: {0}" -f $TenantID)
# Construct the session
$Session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
# Create cookie container
$Cookie = New-Object System.Net.Cookie
$Cookie.Name = [string]"ESTSAUTH"
$Cookie.Value = [string]$CookieValue.Trim()
$Cookie.Domain = [string]".login.microsoftonline.com"
$Cookie.Path = [string]"/"
$Session.Cookies.Add($Cookie)
# Build the authorization URL
$AuthUrl = "https://login.microsoftonline.com/{0}/oauth2/authorize?resource={1}&client_id={2}&response_type=code&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient&prompt=none" -f $TenantID, $Resource, $ClientID
Write-Verbose ("Authorization URL: {0}" -f $AuthUrl)
# Make the request
try {
$Response = Invoke-WebRequest -Uri $AuthUrl -WebSession $Session -MaximumRedirection 0 -ErrorAction SilentlyContinue
}
catch {
# We expect a redirect, so capture it
if ($_.Exception.Response) {
$Response = $_.Exception.Response
}
else {
Write-Error ("Web request failed: {0}" -f $_.Exception.Message)
return $null
}
}
# Extract the authorization code from the redirect
$Location = $null
# Handle different response types
if ($Response.Headers -and $Response.Headers.Location) {
$Location = [string]$Response.Headers.Location
}
elseif ($Response.Headers -and $Response.Headers["Location"]) {
$Location = [string]$Response.Headers["Location"]
}
if ($Location) {
Write-Verbose ("Redirect location: {0}" -f $Location)
if ($Location -match "code=([^&]+)") {
$AuthCode = [string]$Matches[1]
Write-Verbose ("Authorization code extracted: {0}..." -f $AuthCode.Substring(0, [Math]::Min(10, $AuthCode.Length)))
# Exchange the code for a token
$TokenBody = @{
grant_type = [string]"authorization_code"
client_id = [string]$ClientID
code = [string]$AuthCode
redirect_uri = [string]"https://login.microsoftonline.com/common/oauth2/nativeclient"
resource = [string]$Resource
}
$TokenUrl = "https://login.microsoftonline.com/{0}/oauth2/token" -f $TenantID
Write-Verbose ("Token URL: {0}" -f $TokenUrl)
$TokenResponse = Invoke-RestMethod -Uri $TokenUrl -Method POST -Body $TokenBody
return $TokenResponse
}
else {
Write-Error "Failed to extract authorization code from redirect"
Write-Error ("Redirect URL: {0}" -f $Location)
return $null
}
}
else {
Write-Error "No redirect received. Cookie may be invalid or expired."
Write-Error ("Response status: {0}" -f $Response.StatusCode)
return $null
}
}
catch {
Write-Error ("Error importing cookie: {0}" -f $_.Exception.Message)
Write-Error ("Error type: {0}" -f $_.Exception.GetType().FullName)
if ($_.Exception.InnerException) {
Write-Error ("Inner exception: {0}" -f $_.Exception.InnerException.Message)
}
return $null
}
}
Function Import-EntraCookieFromJSON {
<#
.SYNOPSIS
Imports ESTSAUTH cookie from a JSON export file and obtains tokens.
Author: Custom addition for BARK
License: GPLv3
Required Dependencies: None
.DESCRIPTION
This function reads a JSON file containing exported cookies (such as from browser extensions
like EditThisCookie or Cookie-Editor) and extracts the ESTSAUTH or ESTSAUTHPERSISTENT cookie
to obtain access tokens.
.PARAMETER JSONPath
Path to the JSON file containing exported cookies.
.PARAMETER TenantID
The Entra ID tenant ID.
.PARAMETER Resource
The resource to request a token for. Defaults to MS Graph.
.PARAMETER CookieName
The name of the cookie to extract. Defaults to "ESTSAUTH" but can be "ESTSAUTHPERSISTENT".
.EXAMPLE
$Token = Import-EntraCookieFromJSON -JSONPath ".\cookies.json" -TenantID "contoso.onmicrosoft.com"
Description
-----------
Import cookies from a JSON file and obtain an MS Graph token
.EXAMPLE
$Token = Import-EntraCookieFromJSON -JSONPath ".\cookies.json" -TenantID "contoso.onmicrosoft.com" -CookieName "ESTSAUTHPERSISTENT"
Description
-----------
Import the persistent cookie variant from a JSON file
#>
[cmdletbinding()]
param(
[Parameter(Mandatory = $True)]
[string]
$JSONPath,
[Parameter(Mandatory = $True)]
[string]
$TenantID,
[Parameter(Mandatory = $False)]
[string]
$Resource = "https://graph.microsoft.com",
[Parameter(Mandatory = $False)]
[string]
$CookieName = "ESTSAUTH"
)
try {
# Check if file exists
if (-not (Test-Path $JSONPath)) {
Write-Error ("Cookie JSON file not found: {0}" -f $JSONPath)
return $null
}
# Read and parse JSON
Write-Host ("[*] Reading cookie file: {0}" -f $JSONPath) -ForegroundColor Cyan
$JSONContent = Get-Content -Path $JSONPath -Raw
$Cookies = $JSONContent | ConvertFrom-Json
# Handle different JSON formats
$CookieValue = $null
# Format 1: Array of cookie objects
if ($Cookies -is [Array]) {
Write-Host "[*] Detected array format (EditThisCookie/Cookie-Editor style)" -ForegroundColor Cyan
$TargetCookie = $Cookies | Where-Object { $_.name -eq $CookieName -or $_.Name -eq $CookieName }
if ($TargetCookie) {
$CookieValue = if ($TargetCookie.value) { $TargetCookie.value } else { $TargetCookie.Value }
}
}
# Format 2: Object with cookies property
elseif ($Cookies.cookies) {
Write-Host "[*] Detected object format with 'cookies' property" -ForegroundColor Cyan
$TargetCookie = $Cookies.cookies | Where-Object { $_.name -eq $CookieName -or $_.Name -eq $CookieName }
if ($TargetCookie) {
$CookieValue = if ($TargetCookie.value) { $TargetCookie.value } else { $TargetCookie.Value }
}
}
# Format 3: Direct object properties
else {
Write-Host "[*] Detected direct object format" -ForegroundColor Cyan
$CookieValue = $Cookies.$CookieName
}
if ($CookieValue) {
Write-Host ("[+] Found {0} cookie" -f $CookieName) -ForegroundColor Green
# Ensure it's a string
$CookieValueString = [string]$CookieValue
Write-Host ("[*] Cookie value starts with: {0}..." -f $CookieValueString.Substring(0, [Math]::Min(20, $CookieValueString.Length))) -ForegroundColor Cyan
Write-Host ("[*] Cookie value length: {0}" -f $CookieValueString.Length) -ForegroundColor Cyan
# Test the cookie first
$IsValid = Test-CookieValue -CookieValue $CookieValueString
if (-not $IsValid) {
Write-Host "[!] Cookie format may not be valid, but attempting import anyway..." -ForegroundColor Yellow
}
Write-Host "[*] Attempting to import cookie..." -ForegroundColor Cyan
# Import the cookie
$Token = Import-EntraCookie -CookieValue $CookieValueString -TenantID $TenantID -Resource $Resource
if ($Token) {
Write-Host "[+] Successfully obtained token!" -ForegroundColor Green
return $Token
}
else {
Write-Error "Failed to obtain token from cookie"
return $null
}
}
else {
Write-Error ("{0} cookie not found in JSON file" -f $CookieName)
Write-Host "[*] Available cookies in file:" -ForegroundColor Yellow
if ($Cookies -is [Array]) {
$Cookies | ForEach-Object {
$name = if ($_.name) { $_.name } else { $_.Name }
if ($name) { Write-Host (" - {0}" -f $name) }
}
}
elseif ($Cookies.cookies) {
$Cookies.cookies | ForEach-Object {
$name = if ($_.name) { $_.name } else { $_.Name }
if ($name) { Write-Host (" - {0}" -f $name) }
}
}
else {
$Cookies.PSObject.Properties | ForEach-Object { Write-Host (" - {0}" -f $_.Name) }
}
return $null
}
}
catch {
Write-Error ("Error parsing JSON file: {0}" -f $_.Exception.Message)
return $null
}
}
Function Import-EntraCookieFromBrowser {
<#
.SYNOPSIS
Extracts ESTSAUTH cookie from browser storage and imports it to obtain tokens.
Author: Custom addition for BARK
License: GPLv3
Required Dependencies: None
.DESCRIPTION
This function helps extract cookies from local browser storage.
Supports Chrome, Edge, and Firefox on Windows.
.PARAMETER Browser
The browser to extract cookies from. Options: Chrome, Edge, Firefox
.PARAMETER TenantID
The Entra ID tenant ID.
.PARAMETER Resource
The resource to request a token for. Defaults to MS Graph.
.EXAMPLE
$Token = Import-EntraCookieFromBrowser -Browser Chrome -TenantID "contoso.onmicrosoft.com"
Description
-----------
Extract cookie from Chrome and obtain an MS Graph token
#>
[cmdletbinding()]
param(
[Parameter(Mandatory = $True)]
[ValidateSet("Chrome", "Edge", "Firefox")]
[string]
$Browser,
[Parameter(Mandatory = $True)]
[string]
$TenantID,
[Parameter(Mandatory = $False)]
[string]
$Resource = "https://graph.microsoft.com"
)
Write-Host "[*] Note: Browser must be closed for cookie extraction to work reliably" -ForegroundColor Yellow
Write-Host "[*] This function requires additional dependencies (like SQLite) to read browser databases" -ForegroundColor Yellow
Write-Host "[!] For manual extraction, open your browser's Developer Tools (F12)" -ForegroundColor Cyan
Write-Host "[!] Go to Application/Storage > Cookies > https://login.microsoftonline.com" -ForegroundColor Cyan
Write-Host "[!] Copy the value of 'ESTSAUTH' or 'ESTSAUTHPERSISTENT' cookie" -ForegroundColor Cyan
Write-Host "[!] Then use: Import-EntraCookie -CookieValue '<paste here>' -TenantID '$TenantID'" -ForegroundColor Cyan
Write-Host ""
# Browser cookie locations
$CookiePaths = @{
Chrome = "{0}\Google\Chrome\User Data\Default\Network\Cookies" -f $env:LOCALAPPDATA
Edge = "{0}\Microsoft\Edge\User Data\Default\Network\Cookies" -f $env:LOCALAPPDATA
Firefox = "{0}\Mozilla\Firefox\Profiles\*.default-release\cookies.sqlite" -f $env:APPDATA
}
$CookiePath = $CookiePaths[$Browser]
if (Test-Path $CookiePath) {
Write-Host ("[+] Found {0} cookie database at: {1}" -f $Browser, $CookiePath) -ForegroundColor Green
Write-Host "[!] Automated extraction requires additional implementation" -ForegroundColor Yellow
Write-Host "[!] Please manually extract the cookie using the instructions above" -ForegroundColor Yellow
}
else {
Write-Host ("[-] {0} cookie database not found at: {1}" -f $Browser, $CookiePath) -ForegroundColor Red
}
}
# Usage examples:
Write-Host "`n=== BARK Cookie Import Functions ===" -ForegroundColor Cyan
Write-Host "`nMethod 1: Import from JSON export (RECOMMENDED):" -ForegroundColor Green
Write-Host ' 1. Install a cookie export extension (EditThisCookie, Cookie-Editor, etc.)'
Write-Host ' 2. Navigate to portal.azure.com and login'
Write-Host ' 3. Export cookies for login.microsoftonline.com to a JSON file'
Write-Host ' 4. Run: $Token = Import-EntraCookieFromJSON -JSONPath ".\cookies.json" -TenantID "YOUR_TENANT"'
Write-Host "`nMethod 2: Import cookie manually:" -ForegroundColor Green
Write-Host ' 1. Open browser, login to portal.azure.com'
Write-Host ' 2. Press F12, go to Application > Cookies > login.microsoftonline.com'
Write-Host ' 3. Copy the ESTSAUTH or ESTSAUTHPERSISTENT cookie value'
Write-Host ' 4. Run: $Token = Import-EntraCookie -CookieValue "YOUR_COOKIE" -TenantID "YOUR_TENANT"'
Write-Host "`nMethod 3: Get browser extraction help:" -ForegroundColor Green
Write-Host ' Import-EntraCookieFromBrowser -Browser Chrome -TenantID "YOUR_TENANT"'
Write-Host "`nTroubleshooting:" -ForegroundColor Yellow
Write-Host ' If you get errors, first test your cookie value:'
Write-Host ' Test-CookieValue -CookieValue "YOUR_COOKIE"'
Write-Host ' '
Write-Host ' Run with verbose output for more details:'
Write-Host ' $Token = Import-EntraCookie -CookieValue "YOUR_COOKIE" -TenantID "YOUR_TENANT" -Verbose'
Write-Host ""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment