GitHub RadarRed team tool

phishingclub/session-sushi

Zero dependency browser extension for handling import of cookies, Microsoft 365 OAuth tokens, and Graph API interactions. Primary language: JavaScript. 30 stars.

JavaScript30 stars4 forkspushed Jun 5, 2026NOASSERTION

Project links:Open GitHub project Back to radar

README Preview

Fetched from GitHub

<img src="icons/icon48.png" alt="Session Sushi" width="42" align="top"> Session Sushi

![License: AGPL v3](https://www.gnu.org/licenses/agpl-3.0)

Session Sushi is a zero dependency browser extension for handling cookies, Microsoft 365 OAuth tokens, and Graph API interactions. Build for security professionals.

Image: Session Sushi

Features

Cookie Management

View all cookies in browser
Import/export cookies as JSON
Search and filter cookies
Clear all cookies
Incognito session support

Microsoft 365 Sessions

Acquire OAuth tokens
Store multiple M365 refresh tokens as sessions
Manual and automatic token refresh
Session import/export

M365 Data Browsers

Graph, User, Directory, Mailbox, Calendar, OneDrive, SharePoint and Teams.

Usage

Use this extension in a isolated browser that does not interfer with your normal session. Preferly open a incognito/private window to fully isolate the sessions.

Installation

Browser Extension Stores

Download for Edge

Download for Chrome

Manual Installation

The most secure way you can use an extension is by sideloading it manually, this way it does not auto update.

Option 1: Clone with Git

git clone https://github.com/phishingclub/session-sushi.git

Option 2: Download ZIP

Go to https://github.com/phishingclub/session-sushi
Click the "Code" button
Select "Download ZIP"
Extract the ZIP file to a location of your choice

Load in Chrome/Edge:

Navigate to chrome://extensions/ or edge://extensions/
Enable "Developer mode"
Click "Load unpacked"
Select the session-sushi directory (or the extracted folder if you downloaded the ZIP)

Development

git clone https://github.com/phishingclub/session-sushi.git
cd session-sushi

Load the extension in developer mode and make changes. Reload extension after modifications.

Contributing

No dependencies allowed - vanilla JavaScript only
Feature / Bug fixes in bug- or feature- branches
Rebase branch to a single commit when it is ready to review / merge
Ensure the last commit is performed signed to agree with CLA.

License Agreement

Important: All contributors must agree to our Contributor License Agreement (CLA).

By contributing to Phishing Club, you agree that your contributions will be licensed under the same dual license terms (AGPL-3.0 and commercial). You confirm that:

You have the right to contribute the code
Your contributions are your original work or properly attributed
You grant Phishing Club the right to license your contributions under both AGPL-3.0 and commercial licenses

License

GNU Affero General Public License v3.0 (AGPL-3.0). See LICENSE.

Support

Community: Phishing Club Discord

Related Projects

Phishing Club - Phishing simulation platform