Chasm: Your Web Browser Based Disposable Environment

Chasm: Your Web Browser Based Disposable Environment

Need a secure way to click potentially risky links? Or a clean, disposable Linux environment for testing code? Perhaps a streamlined remote access solution for your team? Chasm might be the answer. This open-source project allows you to spin up disposable environments accessible directly through your web browser.

What is Chasm?

Chasm is an open-source project built upon other open-source technologies like Apache Guacamole, VNC, and SSH. It packages these tools into a user-friendly web interface, simplifying the process of creating and managing isolated environments.

With Chasm you can quickly launch:

• Linux sessions
• Windows sessions
• Specific applications like Chrome, Edge, or Firefox

These sessions are temporary, automatically deleting themselves after a set period (customizable when self-hosted).

Getting Started

Chasm can be installed on AMD64 and ARM architectures. While it may run on lower-powered devices like a Raspberry Pi, performance may be limited. Minimum requirements include two cores, 4GB of RAM, and a 50GB SSD (recommended for faster spin-up times).

The installation process involves a simple curl command to download the installation file, followed by extracting the archive and running the install script:

curl <CHASM_DOWNLOAD_URL> -o install.tar.gz
tar -xzvf install.tar.gz
sudo bash chasm-release/install.sh <YOUR_ADMIN_PASSWORD>

Note: If you don't set the password, it will be automatically generated.

After installation, Chasm sets up a self-signed certificate on port 443, accessible via HTTPS. You can then log in using the default credentials (admin@chasm.local) and the password you specified during installation.

Configuration and Usage

Upon logging in, you'll be directed to the admin page. It is highly recommended to create a new administrator account and remove the default admin account for security reasons. Workspaces, which are pre-configured environments, can be added from the registry with a single click. These include various browsers and Linux distributions.

Each workspace can be customized, allowing you to adjust:

• CPU cores
• Memory allocation
• Session duration
• File and storage mappings
• Egress settings

Use Cases

Chasm offers a variety of practical applications:

• Safe browsing: Open suspicious links in a sandboxed browser environment to prevent potential malware infections.
• Web development testing: Quickly spin up clean browser instances to test website compatibility without cache interference.
• Security analysis: Analyze potentially malicious files or code in a disposable Linux environment like Kali Linux.
• Remote access: Provide secure and streamlined remote access to internal resources for your team.
• Training: Share desktops with other users for collaborative learning and training purposes.

Enhanced Security with Egress and VPNs

Chasm provides options for routing container traffic through a VPN.

• Egress Provider: By using a custom egress provider (OpenVPN, WireGuard, or custom), Chasm can connect to a VPN and all traffic from that container will go through the VPN.
• Ubuntu Focal VPN: Load a premade container that already has OpenVPN, Tailscale or Wireguard installed and configured, and then funnel network traffic through those services.
• Firewall Configuration: Alternatively, configure your firewall to force all traffic from the Chasm server through a VPN.

Security Considerations

While Chasm provides a high degree of isolation, it's crucial to understand the limitations. While the risk of malware escaping the container is low, it's not zero. For an attacker to compromise the host system, they would need to exploit both a browser vulnerability and a container escape. Evaluate your threat model and network placement of the Chasm server accordingly.

Is Chasm a useful tool for you? Does the ability to quickly spin up a clean, disposable browser or desktop environment solve a real problem you are facing?

Comments are closed.