chrome and chromium command line parameters for web app security testing

If you want to do web app security testing using either Chrome or Chromium, you may want to disable a few security options so you can actually go through your test cases. You can use the same command line parameters for both of them:

/usr/bin/chromium –disable-web-security –disable-xss-auditor –ignore-certificate-errors –user-data-dir=/pentesting/web/temp/data –proxy-server=

This works for both Linux and Windows. (For Windows you just need to change the path to the executable and the location of the user data directory).

All your requests are going to be sent to a proxy server (like Burp or ZAP).

Enjoy 🙂