{"id":300,"date":"2020-11-02T23:43:00","date_gmt":"2020-11-02T23:43:00","guid":{"rendered":"https:\/\/freezion.com\/?p=300"},"modified":"2023-02-18T02:23:19","modified_gmt":"2023-02-18T02:23:19","slug":"chrome-browser-crypto-bypass","status":"publish","type":"post","link":"https:\/\/freezion.com\/?p=300","title":{"rendered":"Chrome Browser Crypto Bypass"},"content":{"rendered":"\n<p>If you\u2019ve ever done any testing using Chrome (or other browsers, but I\u2019m looking at Chrome specifically for this post), it\u2019s likely you\u2019ve run into issues with encrypted communications (HTTPS).<\/p>\n\n\n\n<p>In the past, when Chrome runs into something it considers unsafe (for example, a mismatched name on the certificate, or cipher suites it doesn\u2019t like), you\u2019d get an error message with a button on it that you could click. After clicking the button, you would see an explanation of why Chrome thinks things are wonky and unsafe, but there would be a link that would allow you to continue on to the site if you really wanted to.<\/p>\n\n\n\n<p>That behavior has recently changed. Now, when Google thinks the connection is unsafe, it just flat out refuses to let you proceed. I think the theory behind this is that preventing unaware folks from putting themselves into danger seems like a good idea. The problem is, there is now no way for folks that know what they are doing to access content that they may wish to (as shown in the screenshot below).<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/web.archive.org\/web\/20221130042840im_\/https:\/\/i0.wp.com\/freezion.com\/wp-content\/uploads\/2020\/11\/El0fngrX0AIBIBk.jpeg?resize=940%2C835&amp;ssl=1\" alt=\"\" class=\"wp-image-350\"\/><\/figure>\n\n\n\n<p>I\u2019m a big fan of allowing free choice (philosophically, politically, and certainly technically). As such, I hate it when I am not given a choice to do something I want to do, because somewhere someone decided they knew better.<\/p>\n\n\n\n<p>This particular problem comes up frequently in app dev and pen testing. Often, in either of these scenarios, accessing a site that does not have the ideal security set is desired (for example, when intercepting traffic between the browser and the server to debug a problem, or to perform security testing).<\/p>\n\n\n\n<p>It turns out, there\u2019s a (very un-obvious) way to get around this error message. Here\u2019s how to do it:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open the browser, and go to the URL you\u2019re trying to access<\/li>\n\n\n\n<li>When you get the error message, simply click in the page body somewhere<\/li>\n\n\n\n<li>Type the following:&nbsp;<code>thisisunsafe<\/code><\/li>\n\n\n\n<li>The page will now load<\/li>\n<\/ol>\n\n\n\n<p>This has been a lifesaver for me, while testing, so I figured I\u2019d share (and document it) here.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you\u2019ve ever done any testing using Chrome (or other browsers, but I\u2019m looking at Chrome specifically for this&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[22,64],"class_list":["post-300","post","type-post","status-publish","format-standard","hentry","category-hacking","tag-howto","tag-tech"],"_links":{"self":[{"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/posts\/300","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=300"}],"version-history":[{"count":1,"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/posts\/300\/revisions"}],"predecessor-version":[{"id":301,"href":"https:\/\/freezion.com\/index.php?rest_route=\/wp\/v2\/posts\/300\/revisions\/301"}],"wp:attachment":[{"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/freezion.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}