All it is doing is opening a new tab when the user clicks a button, then closing that tab. The JavaScript that replaces the cookie comes from the site itself. I'm sure there's an API call that happens inside the extension to look up the affiliate link to load, but that's probably it.

They wrap all their magic behind that single click, but to be fair, that's exactly how the traditional coupon code sites (e.g. retailmenot) have always worked. Honey just wrapped it into a browser extension and promoted the hell out of it.