Chrome Remote DevTools
The Chrome DevTools protocol for Remote Debugging
When google-chrome
is launched with remote debugging enabled, this is usually on port 9222. But it can be changed with the --remote-debugging-port=
argument when it is started.
When this port is accessible, you can connect to it with the DevTools HTTP Protocol in order to make the browser do certain things. You can debug the currently viewed site, meaning reading any data, like HTML, cookies, or other stored data, and execute JavaScript in the console. As well as being able to browse to and read arbitrary files on the system.
Get a list of sessions by requesting /json
endpoint:
You can then visit the devtoolsFrontendUrl
in your browser to get a regular GUI that you would get debugging any site. Here you can do anything normal DevTools would be able to, like executing JavaScript, reading stored data, and viewing the site.
In the background, this will send various messages through the webSocketDebuggerUrl
, which you can also directly access to have more control, and not be limited by the GUI. One interesting way of abusing this is to first navigate to a file://
URL (Page.navigate
), and then request the HTML content of the page using JavaScript (Runtime.evaluate
) to read arbitrary files. You can simply connect to the websocket in Python like so:
Reference for this code was the Chrome Debugger metasploit module
Last updated