GoGuardian is a well-known educational technology company that provides services such as classroom management and Chrome device management, among others.
The GoGuardian services are commonly used to monitor student activity on Chromebooks.
However, GoGuardian can easily be exploited, and that too with relative ease. If you want to know how you can bypass GoGuardian, keep reading this article.
What Is This Exploit?
GoGuardian is a buggy piece of software. It has been bypassed numerous times in the past, but all of those bypasses have led up to this. A fully functional GoGuardian bypass that runs entirely on the client. (Of course, CORS is a thing, so it’s not perfect, which is why the website in this repo has a compatibility mode checkbox that uses Google Translate.)
- This bypass is only a proof-of-concept, demonstrating how flawed GoGuardian is.
- It’s possibly the most inept piece of paid software I’ve ever seen. It can not only be bypassed with a few lines of code but it can also be completely prevented from sending data to teachers to track what you’re doing by using AdGuard DNS (18.104.22.168).
- This is a proof of concept demonstrating how flawed GoGuardian is for the price, and how other, much less expensive, if not free, options are far superior.
How Does This Exploit Work?
iframes. Or, for the less technically inclined, embedding one website within another. GoGuardian, you see, can block websites but not embedded ones (big brain move from the devs).
The code is as follows:
<!DOCTYPE html> <html> <body> <iframe src='YOUR URL'></iframe> </body> </html>
Only a few lines of code, and you’ll bypass GoGuardian like a piece of cake.
How Can This Exploit Be Fixed?
It would be irresponsible of us to simply provide the exploit without explaining how it can be fixed. Keep reading further to understand how this exploit can be fixed.
- According to a recent Reddit report, students are bypassing the GoGuardian services by using an exploit that works with bookmarks.
- As a result, teachers are being inconvenienced because students are using this exploit to play games during school hours.
- In addition, the OP stated that GoGuardian is aware of the problem and is working on a solution.
- However, it is unclear whether the problem has been resolved or not because no official announcements have been made on the subject thus far.
- It appears that disabling the bookmark manager and bookmarks bar on Chromebooks can prevent the aforementioned exploit.
- Furthermore, according to another user report, the exploit has been around for quite some time and has not been addressed by GoGuardian.
So there it is. In this article, we have provided both the method to apply the exploit, as well as how this exploit can be countered. If you’re a student, be responsible, and if you’re a teacher, you will surely find this information useful.
However, it does raise some questions regarding the reliability of GoGuardian, since we just saw how it can be broken by a few lines of code. Hopefully, the folks at GoGuardian will look into this.
If you have any queries, please leave them in the comments down below.