Post

Meet PwnFox For Chromium

The backstory

So… I’ve been in the field of Web PT for over 4 years so far, and I’ve always been frustrated with testing in Chrome compared to Firefox. You can bootstrap a fresh Firefox to work with BurpSuite (certificates, extensions, etc.) in the blink of an eye. Yes, the BurpSuite embedded browser does exist, but it’s barebones!

What is even more critical for me is that Firefox has a killer feature: multi-account containers, which one can use to test under multiple application session contexts simultaneously (!) using separate browser tabs.

Seriously, if you haven’t used it before, check out the Pwnfox extension. It makes your life so much easier.

Anyway, there are times when you have to use Chrome because it’s the only browser supported. Looking at the Google results, there has always been some demand for the PwnFox-like extension for Chrome.

Meet PwnFox For Chromium!

Demo

This is a set of BurpSuite and browser extensions that back-port support of PwnFox features for Chrome/Chromium browsers. All this stuff gets hot-loaded at the launch of the Chrome executable, allowing you to reuse already installed browsers. More importantly, it does not influence your regular browser data by any means!

The extension also boasts these features:

  • Directly launch instrumented Chromium tabs from within the Burp
  • 8 separate user profiles that can be used simultaneously (just like PwnFox)
  • Color-coded traffic in the Proxy tab based on the user profile
  • Only has to be configured once
  • Works on MacOS, Windows and Linux
  • You can keep separate profile data directories for each project
  • You can use both the original PwnFox and Chromium version simultaneously

I’ll be delighted if this extension helps you in your day-to-day work, so if you have any interesting proposals for new features, feel free to add them on GitHub!

This post is licensed under CC BY 4.0 by the author.