InSecure Chrome

The Problem

As a security engineer, I often had to test our sites for Cross Site Scripting vulnerabilities. Specially after a dynamic scanner "found" an XSS. The problem is that most modern browsers provide some baseline protection to the user. So simple <script>alert(1)</script> type of testing doesn't always work.

A simple test like:

will result in something like

The truth is, the page is vulnerable against XSS, and even Chrome can be fooled and their XSS auditor can be bypassed. But when trying to secure a site, I really don't want to spend my time working around my tool.

It used to be that you could use --disable-web-security. But at somepoint that broke, and required other flags, and even with those flags, its - not - always working - as expected! 

joubin /Users/joubin/Desktop  
→ killall "Google Chrome"

joubin /Users/joubin/Desktop  
→ open -na Google\ Chrome --args --disable-web-security --user-data-dir="/tmp/chrome_dev"

So, taking a pointer off the great work Eloston did with Ungoogled Chromium, I have created a fork where I disable XSS-Auditor and Security. So far I only have tested the Mac Version, but I don't see any reason other builds would break.

You can find the code on my Github and follow the ungoogled_chromium build instructions!


December 08 2018