How to disable XSS auditor in chrome v60 (09/2017)?

Question

I was reading about PHP_SELF XSS vulnerability and I wanted to test it in chrome v60, I tried to disable the XSS auditor with :

$ chrome.exe --args --disable-web-security  
$ chrome.exe --disable-web-security  
$ chrome.exe --disable-xss-auditor  
$ chrome.exe --disable-xss-auditor --enable-devtools-experiments --disable-features=enable-automatic-password-saving

but nothing worked, can you tell me how to properly disable it ?

same here, I couldn't get it to work, however I found a workaround using curl https://security.stackexchange.com/a/230222/196025 — 8ctopus, Apr 21 '20 at 08:05

score 7 · Answer 1 · answered Oct 27 '17 at 19:53

7

This one (that you already tried) should work:

chrome.exe --disable-xss-auditor

You just need to make sure that all instances of Chrome have been killed before you run that command.

answered Oct 27 '17 at 19:53

Brandon S

1,543
1
13
13

+1000 for the hint on killing all instances first. Thanks! – werner Jul 03 '18 at 13:15
Work like charm awesome – Ryan Chou Dec 06 '18 at 09:15

score 1 · Accepted Answer · answered Oct 11 '17 at 15:06

1

I haven't still tried that out because Firefox works best for me while testing for XSS. In case you really need to bypass the chrome auditor, here is a great article you should check and hope that helps you.:)

Brutelogic chrome XSS bypass

answered Oct 11 '17 at 15:06

john400

392
4
10
20

How to disable XSS auditor in chrome v60 (09/2017)?

2 Answers2