How to get unlimited access to medium articles

Hassan Zaid
6 min readSep 16, 2020

--

Medium is home for some of the best blogs in the world.You can find anything you want to read.As they say get smarter about what matters to you. Be it cyber security, programming, digital marketing etc. There are really great writers who break down complex stuff and make them easy to understand . That’s all good until you run out of free articles for the month,then you’ll have to wait for the next month to get access to 3 paid blog posts or upgrade your account. I am a big fun of reading medium posts and i get really frustrated when i bump into You’ve read all your free stories this month” .

The frustration and eagerness to learn led me to write a simple browser extension in Javascript. The extension makes it possible to get unlimited access to Premium Articles without spending a dime. The extension takes advantage of Cookies and Incognito mode.

Cookies

I can most certainly tell you they’re not what you might find in your snack stash when you’re craving some sugary sweets. In fact cookies are small files which are located on a user’s computer. They are designed to hold a generous amount of data specific to a client and a website, and they can be accessed either by the web server or the client computer. The reason behind this is to allow the server to deliver a page tailored to a particular user, or the page itself can contain some script which knows of the data in the cookie, and therefore it is able to carry information from one visit to the website to the next.

Have you ever wondered how do websites recognize me?Why is it that i don’t need to log into Medium every time you check your feed. When you are posting some article in Medium, how does medium know it’s me without having to ask me for my password again?

Once you log in to a website, the browser that you are using stores your session cookies for that website, and sends it along automatically every time you communicate with the site.

For example, after you log into Medium, Medium issues a session cookie for your account. That session cookie authenticates you to the website. The browser that you are using receives the session cookie, stores it, and sends it along with every request to Medium. This allows you to access confidential information only available to you, and perform actions that only you should be able to do like reply to your comments and changing your account information.

Thus when you post an article out into the world: your browser sends a request to Medium with your session cookie, proving your identity, thus verifying that you are authorized to send the article as your username.

Incognito Mode

Incognito mode is private browsing that doesn’t leave as many tracks. It can erase temporary data that is captured by the PC or device you’re using. Most people think that whilst using incognito their online privacy is protected, however, they are fundamentally wrong. Your search history may be erased from your own device, but your Internet Service Provider (ISP), the websites you’ve visited, the government, and other third parties can still track you with your IP address.

Browser Extension

A browser extension is a small software module for customizing a web browser. Browsers typically allow a variety of extensions, including user interface modifications, ad blocking, and cookie management.

Below are the steps i took in making the extension:

Getting started

Create an empty directory to store the required files .Create a manifest.json file. JSON is a lightweight data-interchange format. The file tells the browser about the extension and how it should behave when installed on the user’s Desktop or Mobile Device. Add the following code to the file

{ "manifest_version" : 2 ,
"name" : "Unlimited Access" ,
"description" : "Get unlimited access to medium paid posts",
"version" : "0.1",

}
"background" : {"scripts" : ["background.js"],"persistent" : false},
"permissions" : [ "tabs","cookies", "medium.com/*"],
"browser_action": { },
"content_scripts" : [{"matches": ["https://*/*"],
"js" : ["content.js"]}]

Manifest version specifies the version of the manifest file format your package requires. Name is a desired name to identify the extension. Version as the name suggests identifies the extension’s version.

The background field is used to include a background script. Background scripts are loaded as soon as the extension is loaded and they persist until the extension is disabled or uninstalled .We can prevent that by setting “persistent” to false.

Permissions field to determine the extension’s ability to access websites and chrome APIs. “Tabs” enable the extension to interact with the browser tab system. “Cookies” enables the extension to use the Cookie API to query and modify cookies in the browser. “Medium.com/*” is a host permission that identifies a group of URLs for which the extension is requesting extra privileges.

Browser action field is used to put icons in the main Google Chrome toolbar , to the right of the address bar.

Content scripts field contain files that run in the context of web pages. They are able to read details of the web pages the browser visits, make changes to them and pass information to their parent extension.

Since content scripts run in the context of a web page and not the extension, they often need some way of communicating with the rest of the extension. Communication between an extension and it’s content script is made possible by Message Passing. Either side can listen for messages sent from the other end, and respond on the same channel.

Content File

Create a file called content.js and add the following code :

chrome.runtime.onMessage.addListener(
function(request, sender, sendResponse){
var url = window.location.toString()
sendResponse({url : url});
});

The above code listens for a message from the background script.On receiving the message it will get the URL of the current tab and send it to the background script.

Background Script

Background script is used to monitor events for the extension. Events are browser triggers, such as navigating to a new page,clicking an icon,removing a bookmark, or closing a tab. In layman terms, whenever the chrome browser is opened, the background scripts listens for events and responds to these events. Our extension will be listening to the click event on the extension’s icon.

Create a background.js file and add the following code:

Chrome.browserAction.onClicked.addListener(function(tab){
chrome.tabs.sendMessage(tab.id, {message:"Send me the url "), function(response){
var storedUrl = response.url;
chrome.windows.create({url: storedUrl, incognito: true});
chrome.windows.getAll({populate: true}, function(window_list){
for (let window of window_list){
if(window.incognito){
chrome.cookies.getAllCookieStores(
function(cs){
incognitocs = cs[1].id;
setTimeout(() => chrome.cookies.remove(
{storeId :incognitoCs,
name : 'uid',
url : storedUrl},function(IncognitoCookies){
console.log("Cookie removed")
})}, 3000);)})}}
})
}})

The above code listens for a click event on the extension’s icon. It then sends a message to the content script to trigger the listener which will in turn get the URL and send it back to the background script.

With the received URL the code will open an incognito window.

Next step is to get all the opened windows. Populate being set to true means that each window opened has a list of all its opened tabs.

It then loops through the list of the opened windows checking for an incognito window and then retrieves all the Cookie Stores as an array.

From the array it gets Incognito Window cookie ID.

With the cookie ID the code removed cookies from the Incognito Window alone. If it deleted cookies from both the incognito and normal window you’d be logged out every time you clicked in the extension’s icon.

Incognito Window stores session cookies only that they are cleared when you close the window. Due to this fact, the extension deletes cookies after every 3 seconds when an Incognito Window is open.

You can find the the Extension’s source code on my github repo.

--

--