Skip to content

Instantly share code, notes, and snippets.

@NotMedic

NotMedic/Instructions.md

Created November 7, 2019 20:10
Show Gist options
  • Star 21 You must be signed in to star a gist
  • Fork 8 You must be signed in to fork a gist
  • Save NotMedic/b1ab7809eea94cc05513905b26964663 to your computer and use it in GitHub Desktop.
Save NotMedic/b1ab7809eea94cc05513905b26964663 to your computer and use it in GitHub Desktop.
Download ZIP
Headless Remote Chrome Debugging - Ichabod Chrome :)
Raw
Instructions.md

Target

Start Chrome with the following flags:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

--remote-debugging-port=9222

--remote-debugging-address=0.0.0.0

--user-data-dir=C:\Temp\remote.profile

--headless

Where dat dir and port are completely arbitrary. Think scheduled task or modifiy shorcuts etc...

For Red Teams, this is basically the equivalent of Cobalt Strike Broswer Pivot.

https://www.cobaltstrike.com/help-browser-pivoting

Also you can route your beacon / implant out a local chrome process.

Source

Browse to chrome://inspect

Add remote target

Win.

refereces https://blog.chromium.org/2011/05/remote-debugging-with-chrome-developer.html

Risk, from the Source you can access systems on the target that leverage single-sign-on etc.... Also explore, Port-Forwarding, etc...

Its just an interesting way to remote control a browser. Probably useful. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment