Skip to content

Latest commit

 

History

History
44 lines (25 loc) · 1.58 KB

README.md

File metadata and controls

44 lines (25 loc) · 1.58 KB

Google Chrome cache attack

This proof of concept project is an example for the Google Chrome cache attack. It can inject custom code into web pages by modifying the browser cache files. The demo app doesn't require root privileges to run. The browser won't notice that the web page (retrieved from the cache) was infected, for HTTPS content it'll display that the connection is secure and the certificate is valid. Also it's possible to set a different cache expiration time (1 day, month or even 1 year).

Disclaimer: This tool is only intended for security research. Users are responsible for all legal and related liabilities resulting from the use of this tool. The original author does not assume any legal responsibility.

The demo app will inject this html file for all page urls listed in main.go:

demo.mp4

Tested browser version: 124.0.6367.62 and older.

Supported platforms:

  • macOS
  • Linux

NOTE: For Windows, Google Chrome uses a different cache format. It's possible to run this attack on this platform, but it requires to implement the block file caching.

Build

Build the project:

go mod download

CGO_ENABLED=1 go build -o chrome-poc

Using Docker:

# build a Linux executable
docker build --platform=linux/amd64 -t chrome-poc-linux:latest -f Dockerfile.linux .
# cross-compile a macOS executable via osxcross
docker build --platform=linux/amd64 -t chrome-poc-osxcross:latest -f Dockerfile.osxcross .