Chrome Remote Debugger Pentesting
Last modified: 2024-12-24
Chrome Remote Debugger is a tool that debugs web applications.
Investigation
/usr/bin/google-chrome --remote-debugging-port=12345
If the target system is running Google Chrome Debugger with specific port, we can port forward and may be able to retrieve sensitive data in browser debugging mode.
Exploitation
1. Port Forwarding
First off, start port forwarding in local machine.
ssh -L 12345:127.0.0.1:12345 remote-user@example.com
2. Configure Network Targets in Chrome
Assume the chrome debugger is running on port 12345.
Open Chrome browser and input the following string in URL bar at the top of the window.
chrome://inspect/#devices
Then click “Configure…” at the right of “Discover network targets”. The modal window opens.
In the modal window, enter “localhost:12345” then click “Done”.
Now we should see the remote host appears at the bottom of the “Remote Target”.
Click “inspect” then new browser open. We can browse the website.
(Option) Find Credentials
If the login page found when inspecting, we may see a credential in the developer tool at the right pane. Go to Network and click the target page such as login.php then go to the Payload tab. We can find credentials.