I like using Chrome to research web application security. Using profiles simplifies a number of tests. However, there is a problem: Chrome does not allow you to set proxy and relies on system settings.

It remains either to use third-party extensions or third-party software.

So I decided to write my own trivial extension, which turned out to be more convenient than the ones available.

Documentation. Those who are not familiar with the development of extensions must proceed through steps listed below:

  1. Create a folder containing the manifest and extension files
  2. Еnable developer mode in your browser settings
  3. Load the unpacked extension and allow it to be used in incognito mode

This extension contains several files:

  • icon.png
  • manifest.json
  • popup.html
  • popup.js

The main goal is performed by the code in the ‘popup.js’:

var proxyConfig = {
  mode: "fixed_servers",
  rules: {
    singleProxy: {
      host: "127.0.0.1",
      port: 8080
    },
    bypassList: []
  }
};

chrome.proxy.settings.set(
{
  value: proxyConfig, scope: 'incognito_session_only'
}, function() {});

Unlike the extensions available in public, this simple code allows you to set the scope of the proxy: ‘incognito_session_only’.

Those who need to proxy traffic when conducting pentests will appreciate the usability of this approach.

The project is available in my github repository.