### Target

Start Chrome with the following flags:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 

--remote-debugging-port=9222 

--remote-debugging-address=0.0.0.0 

--user-data-dir=C:\Temp\remote.profile 

--headless

Where dat dir and port are completely arbitrary. Think scheduled task or modifiy shorcuts etc...

For Red Teams, this is basically the equivalent of Cobalt Strike Broswer Pivot.

https://www.cobaltstrike.com/help-browser-pivoting

Also you can route your beacon / implant out a local chrome process.



### Source

Browse to chrome://inspect

Add remote target

Win.


refereces
https://blog.chromium.org/2011/05/remote-debugging-with-chrome-developer.html

Risk, from the Source you can access systems on the target that leverage single-sign-on etc....
Also explore, Port-Forwarding, etc...

Its just an interesting way to remote control a browser.  Probably useful. :)