Investigation

/usr/bin/google-chrome --remote-debugging-port=12345

If the target system is running Google Chrome Debugger with specific port, we can port forward and may be able to retrieve sensitive data in browser debugging mode.

Exploitation

1. Port Forwarding

First off, start port forwarding in local machine.

ssh -L 12345:127.0.0.1:12345 remote-user@example.com

2. Configure Network Targets in Chrome

Assume the chrome debugger is running on port 12345.
Open Chrome browser and input the following string in URL bar at the top of the window.

chrome://inspect/#devices

Then click “Configure…” at the right of “Discover network targets”. The modal window opens.
In the modal window, enter “localhost:12345” then click “Done”.
Now we should see the remote host appears at the bottom of the “Remote Target”.
Click “inspect” then new browser open. We can browse the website.