CSP B Gone ์ ์์: Hacks and Hops
Check the CSP of the current website against a list of known bypasses.
์ด ํ์ฅ ๊ธฐ๋ฅ์ ์ฌ์ฉํ๋ ค๋ฉด Firefox๊ฐ ํ์ํจ
ํ์ฅ ๋ฉํ ๋ฐ์ดํฐ
์คํฌ๋ฆฐ์ท
์ ๋ณด
Code
This addon is free and open-source software (FOSS) all code can be found here: https://github.com/ACK-J/CSP-B-Gone
Please report your bugs or feature requests in a GitHub issue instead of in a review.
Test if it works!
https://apple.com/
This addon checks the CSP of the current website against a list of known bypasses. You can also use the search bar to check if a specific domain has a known CSP bypass.
How Does a CSP Bypass Work?
The most common way to bypass CSP is by finding a JSONP endpoint on a trusted domain within the CSP. JSONP takes advantage of the fact that the same-origin policy does not prevent execution of external <script> tags. Usually, a <script src="some/js/file.js"> tag represents a static script file. But you can just as well create a dynamic API endpoint, say /userdata. jsonp, and have it behave as a script by accepting a query parameter (such as ?callback=CALLBACK).
JSONP endpoints used to bypass CSP are discovered by querying the archive.org database on a monthly basis for URLs with a common feature set. Each suspected URL is injected into a script src element inside a headless browser with the alert() function hooked. If an alert box fires then the URL is a confirmed JSONP endpoint and added to the GitHub list HERE.
When would I need a CSP Bypass?
A Content Security Policy (CSP) bypass may be necessary in specific scenarios, typically related to web security testing or development. CSP is a security feature that helps prevent a range of attacks like Cross-Site Scripting (XSS), data injection attacks, and clickjacking by controlling which resources the browser is allowed to load and execute.
Donations
This addon is free and open-source software (FOSS) all code can be found here: https://github.com/ACK-J/CSP-B-Gone
Please report your bugs or feature requests in a GitHub issue instead of in a review.
Test if it works!
https://apple.com/
This addon checks the CSP of the current website against a list of known bypasses. You can also use the search bar to check if a specific domain has a known CSP bypass.
How Does a CSP Bypass Work?
The most common way to bypass CSP is by finding a JSONP endpoint on a trusted domain within the CSP. JSONP takes advantage of the fact that the same-origin policy does not prevent execution of external <script> tags. Usually, a <script src="some/js/file.js"> tag represents a static script file. But you can just as well create a dynamic API endpoint, say /userdata. jsonp, and have it behave as a script by accepting a query parameter (such as ?callback=CALLBACK).
JSONP endpoints used to bypass CSP are discovered by querying the archive.org database on a monthly basis for URLs with a common feature set. Each suspected URL is injected into a script src element inside a headless browser with the alert() function hooked. If an alert box fires then the URL is a confirmed JSONP endpoint and added to the GitHub list HERE.
When would I need a CSP Bypass?
A Content Security Policy (CSP) bypass may be necessary in specific scenarios, typically related to web security testing or development. CSP is a security feature that helps prevent a range of attacks like Cross-Site Scripting (XSS), data injection attacks, and clickjacking by controlling which resources the browser is allowed to load and execute.
Donations
- Monero Address: 89jYJvX3CaFNv1T6mhg69wK5dMQJSF3aG2AYRNU1ZSo6WbccGtJN7TNMAf39vrmKNR6zXUKxJVABggR4a8cZDGST11Q4yS8
ํ๊ฐ
๊ถํ๋ ์์๋ณด๊ธฐ
๋ค์ ๊ถํ ํ์:
- ๋ธ๋ผ์ฐ์ ํญ์ ์ ๊ทผ
- ๋ชจ๋ ์น์ฌ์ดํธ์์ ์ฌ์ฉ์์ ๋ฐ์ดํฐ์ ์ ๊ทผ
์ถ๊ฐ ์ ๋ณด
- ๋ถ๊ฐ ๊ธฐ๋ฅ ๋งํฌ
- ๋ฒ์
- 1.0
- ํฌ๊ธฐ
- 28.6 KB
- ๋ง์ง๋ง ์ ๋ฐ์ดํธ
- 5๋ฌ ์ (2024๋ 12์ 17์ผ)
- ๊ด๋ จ ์นดํ ๊ณ ๋ฆฌ
- ๋ผ์ด์ ์ค
- GNU General Public License v3.0 only
- ๋ฒ์ ๋ชฉ๋ก
- ํ๊ทธ
๋ชจ์์ง์ ์ถ๊ฐ
Hacks and Hops ๋์ ๋ค๋ฅธ ํ์ฅ ๊ธฐ๋ฅ
์์ง ํ์ ์ด ์์ต๋๋ค- ์์ง ํ์ ์ด ์์ต๋๋ค
- ์์ง ํ์ ์ด ์์ต๋๋ค
- ์์ง ํ์ ์ด ์์ต๋๋ค
- ์์ง ํ์ ์ด ์์ต๋๋ค
- ์์ง ํ์ ์ด ์์ต๋๋ค