Skip to content

S-PScripts/incognito-v123

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
README.md
README.md
 
 

Repository files navigation

incognito-v123

The incognito exploit is back on v123!

History:

-> This was found by https://github.com/s0urce-c0de from https://crbug.com/341245382.
-> https://github.com/s0urce-c0de wrote a writeup on it on 3kh0's repo but it didn't contain all the information.
-> I (https://github.com/S-PScripts) created a new writeup.

Requirements:

-> Access to chrome://flags
-> Be on chromeOS v123 - v127 (but you can still use 'incognito' on v128+)

Instructions:

IF YOU ARE ON chromeOS v126-v127, GO TO THE v126-v127 SECTION!

IF YOU ARE ON chromeOS v128+, GO TO THE v128+ SECTION!

  1. Go to chrome://flags/#captive-portal-popup-window.
    -> If you're on v126-v127, go to the v126-v127 section.
    -> If you're on v128+, you need to downgrade to v123-v127 or use the v128+ 'incognito' method.
  2. Enable it.
  3. Restart.
  4. If the flag didn’t reset, you can continue. Else you cannot.

Now, follow one of the two methods:

Option 1:

  1. Go to Settings.
  2. Click Wifi in the Network section.
  3. Click your wifi.
  4. Click Network.
  5. Set Name servers to Custom name servers.
  6. Set the first box to detectportal.firefox.com OR captive.apple.com OR 150.136.163.0 (yes you can use the v105 dns)
  7. A sign in pop up should appear from your wifi. Click Sign in.
  8. Do CTRL+T and you're now in Incognito mode!
    -> You can also right click the top of the tab then click "Show as tab" to open Incognito.
  9. Set Name servers back to what it was before. You will also need to disconnect and reconnect to your wifi.

Option 2:

  1. If you have access to EE Wifi in the UK, connect to it.
  2. A sign in pop up should appear from your WiFi. Click Sign in.
  3. Do CTRL+T and you're now in Incognito mode!
  4. Reconnect to your normal Wifi.
    -> You can also right click the top of the tab then click "Show as tab" to open Incognito.

Instructions (v127-v128):

  1. Go to chrome://flags#temporary-unexpire-flags-m124 if you are on v126 chrome://flags/#temporary-unexpire-flags-m125 if you are on v127 (or v126)
  2. Enable it.
  3. Restart.
  4. Follow the rest of the original instructions.

Instructions (v128+):

Please go to https://s-pscripts.github.io/incognito-rises/

Notes:

-> Extensions can't block you!
-> No search history!

You can use CAUB to allow changing DNS/Name servers if policies like:

{ "NetworkConfigurations": [ { "GUID": "{}", "Name": "", "ProxySettings": { "Type": "Direct" }, "Type": "WiFi", "WiFi": { "AutoConnect": true, "HiddenSSID": false, "Passphrase": "", "SSID": "", "Security": "WPA-PSK" } } ] }

Credits:

https://crbug.com/341245382 for the original post
https://github.com/s0urce-c0de for finding the post, writing the original writeup on 3kh0's repo and adding CAUB to my writeup
https://github.com/S-PScripts (me) for finding a DNS that opens a captive portal window and writing this writeup
https://github.com/Brandon421-ops for reminding me that the temporary unexpire flags exist.
https://github.com/jee1mr/captive-portal because that's where I found the DNS

About

the writeup for the incognito exploit for v123 to v127

s-pscripts.github.io/incognito-v123/

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published