VM-Packages icon indicating copy to clipboard operation
VM-Packages copied to clipboard

Published 20 hours ago verified publisher icon mandiant

Remove Chrome dependency in cyberchef.vm thank to new changes

Open Ana06 opened this issue 9 months ago • 3 comments

Details

I think with the changes in https://github.com/mandiant/VM-Packages/pull/1016 we could now remove the Chrome dependency in Cyberchef and the code to open it with chrome and set the icon (simplifying the installer code). I think we would keep the current behavior if both cyberchef.vm and googlechrome.vm are installed and remove the chrome dependency would allow to have a different browser as default (and to open cyberchef) if only cyberchef.vm is installed. This would need to add googlechrome.vm explicitly in flare-vm.

@emtuls what do you think?

Ana06 avatar Apr 30 '24 09:04 Ana06

@Ana06 Looking at this some more, I can't get a .html to open up with the specified browser using the VM-Set-Open-With-Association unfortunately. This runs into the same issue we had previously where it requires modification of a few specific registry keys that can't be changed unless the proper hash is generated and placed in the right location (along with a few other tweaks). In this case, it shows that it wants to open the file using Google Chrome, but then still displays the popup of if we want to always associated .html with this browser still, which can be seen in the screenshots below, which I'm not sure if this is preferred.

To bypass this, we can attempt to use the tool we discussed here, called SetDefaultBrowser, but I'll leave that up to you to determine if that's acceptable. :)

image

image

emtuls avatar May 23 '24 18:05 emtuls

VM-Set-Open-With-Association $exePath ".html" changes the icon but not the default icon, right? I think this is confusing, we should change the icon of html + default browser or remove the icon association. Let's discuss in https://github.com/mandiant/VM-Packages/issues/822 if we can change the default browser.

Ana06 avatar May 27 '24 09:05 Ana06

I may have a semi-working solution for this. It makes the popup not be displayed anymore, which means opening a .html just "works" (by this, I mean it opens up in chrome without a popup stopping you), but it still does not set the default browser for Windows.

I still need to test how this would work if chrome was not installed, but at least for the chrome case... After using VM-Set-Open-With-Association $exePath ".html", we just need to create the following registry key and then restart explorer.exe:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer]
“NoNewAppAlert”=dword:00000001

NOTE: This does not make chrome the default browser still, which also makes the popup asking to make chrome the default browser still appear. ~I can look into seeing if I can bypass that as well, without actually setting the default browser, but it may not be possible.~ I have now also found a way to bypass the popup in chrome for this to not be displayed anymore as well. 😊 Need to add "default_browser_infobar_declined_count":1 to the Local State under browser and "default_browser_infobar_last_declined":"1" to Preferences under browser as well.

emtuls avatar Jul 27 '24 03:07 emtuls