How to get unlimited access to medium articles

Medium is home for some of the best blogs in the world.You can find anything you want to read.As they say get smarter about what matters to you. Be it cyber security, programming, digital marketing etc. There are really great writers who break down complex stuff and make them easy to understand . That’s all good until you run out of free articles for the month,then you’ll have to wait for the next month to get access to 3 paid blog posts or upgrade your account. I am a big fun of reading medium posts and i get really frustrated when i bump into You’ve read all your free stories this month” .

The frustration and eagerness to learn led me to write a simple browser extension in Javascript. The extension makes it possible to get unlimited access to Premium Articles without spending a dime. The extension takes advantage of Cookies and Incognito mode.


Have you ever wondered how do websites recognize me?Why is it that i don’t need to log into Medium every time you check your feed. When you are posting some article in Medium, how does medium know it’s me without having to ask me for my password again?

Once you log in to a website, the browser that you are using stores your session cookies for that website, and sends it along automatically every time you communicate with the site.

For example, after you log into Medium, Medium issues a session cookie for your account. That session cookie authenticates you to the website. The browser that you are using receives the session cookie, stores it, and sends it along with every request to Medium. This allows you to access confidential information only available to you, and perform actions that only you should be able to do like reply to your comments and changing your account information.

Thus when you post an article out into the world: your browser sends a request to Medium with your session cookie, proving your identity, thus verifying that you are authorized to send the article as your username.

Incognito Mode

Browser Extension

Below are the steps i took in making the extension:

Getting started

{ "manifest_version" : 2 ,
"name" : "Unlimited Access" ,
"description" : "Get unlimited access to medium paid posts",
"version" : "0.1",

"background" : {"scripts" : ["background.js"],"persistent" : false},
"permissions" : [ "tabs","cookies", "*"],
"browser_action": { },
"content_scripts" : [{"matches": ["https://*/*"],
"js" : ["content.js"]}]

Manifest version specifies the version of the manifest file format your package requires. Name is a desired name to identify the extension. Version as the name suggests identifies the extension’s version.

The background field is used to include a background script. Background scripts are loaded as soon as the extension is loaded and they persist until the extension is disabled or uninstalled .We can prevent that by setting “persistent” to false.

Permissions field to determine the extension’s ability to access websites and chrome APIs. “Tabs” enable the extension to interact with the browser tab system. “Cookies” enables the extension to use the Cookie API to query and modify cookies in the browser. “*” is a host permission that identifies a group of URLs for which the extension is requesting extra privileges.

Browser action field is used to put icons in the main Google Chrome toolbar , to the right of the address bar.

Content scripts field contain files that run in the context of web pages. They are able to read details of the web pages the browser visits, make changes to them and pass information to their parent extension.

Since content scripts run in the context of a web page and not the extension, they often need some way of communicating with the rest of the extension. Communication between an extension and it’s content script is made possible by Message Passing. Either side can listen for messages sent from the other end, and respond on the same channel.

Content File

function(request, sender, sendResponse){
var url = window.location.toString()
sendResponse({url : url});

The above code listens for a message from the background script.On receiving the message it will get the URL of the current tab and send it to the background script.

Background Script

Create a background.js file and add the following code:

chrome.tabs.sendMessage(, {message:"Send me the url "), function(response){
var storedUrl = response.url;{url: storedUrl, incognito: true});{populate: true}, function(window_list){
for (let window of window_list){
incognitocs = cs[1].id;
setTimeout(() => chrome.cookies.remove(
{storeId :incognitoCs,
name : 'uid',
url : storedUrl},function(IncognitoCookies){
console.log("Cookie removed")
})}, 3000);)})}}

The above code listens for a click event on the extension’s icon. It then sends a message to the content script to trigger the listener which will in turn get the URL and send it back to the background script.

With the received URL the code will open an incognito window.

Next step is to get all the opened windows. Populate being set to true means that each window opened has a list of all its opened tabs.

It then loops through the list of the opened windows checking for an incognito window and then retrieves all the Cookie Stores as an array.

From the array it gets Incognito Window cookie ID.

With the cookie ID the code removed cookies from the Incognito Window alone. If it deleted cookies from both the incognito and normal window you’d be logged out every time you clicked in the extension’s icon.

Incognito Window stores session cookies only that they are cleared when you close the window. Due to this fact, the extension deletes cookies after every 3 seconds when an Incognito Window is open.

You can find the the Extension’s source code on my github repo.

from confusion to clarity, not insanity.