The original post: /r/cybersecurity by /u/ShadowSlayer1441 on 2024-11-03 21:46:51.
Unfortunately Microsoft Defender Application Guard is depreciated and will be removed at some point in the future. Even worse, I have been unable to find any guide for other forms of lightweight virtualized fully local browsing. With research I was able to find out how to do this, so I am creating this post to help others like me.
Step 1) Install docker
https://docs.docker.com/engine/install/
Step 2) install these docker containers with the following commands in your CLI:
docker run --detach --name watchtower --volume /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower //keeps firefox container up to date
docker run --name Firefox -p 127.0.0.1:8080:5800 -e DARK_MODE=1 -e WEB_AUTHENTICATION=1 -e SECURE_CONNECTION=1 -e WEB_AUTHENTICATION_USERNAME=CHOSE -e WEB_AUTHENTICATION_PASSWORD=PASSWORD jlesage/firefox
When you do this, replace CHOSE and PASSWORD with your own choices, which are just used to locally encrypt the connection between your browser and the container.
Step 3) Start the container:
docker start Firefox
Note you’ll need to do this after a reboot, shutdown, logout etc.
Step 4) Accessing the GUI:
Open your web browser of choice and open https://127.0.0.1:8080/#, consider making it a bookmark. Note that it will warn you unless you add jlesage as a trusted authority, just go to advanced and connect anyway.
Step 5) Optional:
Login in with a firefox account to ensure your bookmarks, history, etc persist after watchtower reinstalls the docker container. Note you’ll need to relogin every time watchtower update your firefox container.
Enjoy!
Tips
Use password manager client on host PC, NOT an extension inside the client or firefox’s built in password manager. Otherwise in theory you could expose all of your credentials if the container is compromised.
If you believe your container is compromised just delete it (docker rm Firefox), and create it with the command above with your chosen password and username embedded.
Click the three dots on the left to configure the container internally and access the container clipboard.
Note: this is not like a VPN, you are still accessing the internet via your host machine.