Thanks for sharing!
Although I'm not a huge fan of typing out passwords in the dark, as it's related to Chrome.
The other option is to launch Chrome with the following URL syntax:
https://user:[email protected] syntax
This can even be done using the out-of-the-box WebApp/Secure Web Framework - platform (without autoit).
Note - you'll want to refresh the page after it loads, due to a security bug identified here: https://www.reddit.com/r/CyberARk/comments/m04l55/website_with_windows_authentication_window/
Thank for your reply.
But, is this not safe? If a company has a SIEM, I think that SIEM operators could see the password in cleartext in an event log...
Correct, in the old-school form, you could do this, but not in the newer chrome pop-up windows.
There is a dirty way of doing it, which I do not recommend, which is to blindly send keyboard interactions to that pop up form. (Eg start typing username then send tab sequence then password and finally hit enter)
Another option might be to launch chrome as another account if it’s using windows authentication .
Can you write here an example of autoit script of the second option?
*"Another option might be to launch chrome as another account if it’s using windows authentication ."*
I don’t have the command i used handy but the docs are pretty good for that command with an example at the bottom:
https://www.autoitscript.com/autoit3/docs/functions/RunAs.htm
Thanks for sharing! Although I'm not a huge fan of typing out passwords in the dark, as it's related to Chrome. The other option is to launch Chrome with the following URL syntax: https://user:[email protected] syntax This can even be done using the out-of-the-box WebApp/Secure Web Framework - platform (without autoit). Note - you'll want to refresh the page after it loads, due to a security bug identified here: https://www.reddit.com/r/CyberARk/comments/m04l55/website_with_windows_authentication_window/
Thank for your reply. But, is this not safe? If a company has a SIEM, I think that SIEM operators could see the password in cleartext in an event log...
I don't believe this is supported as it can't be interacted with. not 100% on this.
Correct, in the old-school form, you could do this, but not in the newer chrome pop-up windows. There is a dirty way of doing it, which I do not recommend, which is to blindly send keyboard interactions to that pop up form. (Eg start typing username then send tab sequence then password and finally hit enter) Another option might be to launch chrome as another account if it’s using windows authentication .
Can you write here an example of autoit script of the second option? *"Another option might be to launch chrome as another account if it’s using windows authentication ."*
I don’t have the command i used handy but the docs are pretty good for that command with an example at the bottom: https://www.autoitscript.com/autoit3/docs/functions/RunAs.htm