Pengaya Peramban Firefox
  • Ekstensi
  • Tema
    • untuk Firefox
    • Kamus & Paket Bahasa
    • Situs Peramban Lainnya
    • Pengaya untuk Android
Masuk
Pratinjau dari CSP B Gone

CSP B Gone oleh Hacks and Hops

Check the CSP of the current website against a list of known bypasses.

0 (0 reviews)0 (0 reviews)
16 Users16 Users
Anda memerlukan Firefox untuk menggunakan ekstensi ini
Unduh Firefox dan dapatkan ekstensinya
Unduh berkas

Metadata Ekstensi

Tangkapan Layar
CSP Bypass Popup
Tentang ekstensi ini
Code
This addon is free and open-source software (FOSS) all code can be found here: https://github.com/ACK-J/CSP-B-Gone
Please report your bugs or feature requests in a GitHub issue instead of in a review.

Test if it works!
https://apple.com/

This addon checks the CSP of the current website against a list of known bypasses. You can also use the search bar to check if a specific domain has a known CSP bypass.

How Does a CSP Bypass Work?
The most common way to bypass CSP is by finding a JSONP endpoint on a trusted domain within the CSP. JSONP takes advantage of the fact that the same-origin policy does not prevent execution of external <script> tags. Usually, a <script src="some/js/file.js"> tag represents a static script file. But you can just as well create a dynamic API endpoint, say /userdata. jsonp, and have it behave as a script by accepting a query parameter (such as ?callback=CALLBACK).

JSONP endpoints used to bypass CSP are discovered by querying the archive.org database on a monthly basis for URLs with a common feature set. Each suspected URL is injected into a script src element inside a headless browser with the alert() function hooked. If an alert box fires then the URL is a confirmed JSONP endpoint and added to the GitHub list HERE.

When would I need a CSP Bypass?
A Content Security Policy (CSP) bypass may be necessary in specific scenarios, typically related to web security testing or development. CSP is a security feature that helps prevent a range of attacks like Cross-Site Scripting (XSS), data injection attacks, and clickjacking by controlling which resources the browser is allowed to load and execute.

Donations
  • Monero Address: 89jYJvX3CaFNv1T6mhg69wK5dMQJSF3aG2AYRNU1ZSo6WbccGtJN7TNMAf39vrmKNR6zXUKxJVABggR4a8cZDGST11Q4yS8
Rated 0 by 0 reviewers
Masuk untuk menilai ekstensi ini
Belum ada peringkat

Peringkat bintang tersimpan

5
0
4
0
3
0
2
0
1
0
Belum ada ulasan
Permissions and dataPelajari lebih lanjut

Required permissions:

  • Mengakses tab peramban
  • Mengakses data Anda pada semua situs
Informasi lebih lanjut
Tautan Pengaya
  • Situs dukungan
Versi
1.0
Ukuran
28,6 KB
Terakhir dimutakhirkan
8 bulan yang lalu (17 Des 2024)
Kategori Terkait
  • Pengembangan Web
  • Keamanan dan Privasi
Lisensi
Hanya GNU General Public License v3.0
Riwayat Versi
  • Lihat semua versi
Tag
  • ad blocker
  • content blocker
  • privacy
  • search
  • security
  • user scripts
  • wayback machine
Tambahkan ke koleksi
Laporkan pengaya ini
Ekstensi lain dari Hacks and Hops
  • Belum ada peringkat

  • Belum ada peringkat

  • Belum ada peringkat

  • Belum ada peringkat

  • Belum ada peringkat

  • Belum ada peringkat

Ke beranda Mozilla

Pengaya

  • Tentang
  • Blog Pengaya Firefox
  • Lokakarya Ekstensi
  • Pusat Pengembang
  • Kebijakan Pengembang
  • Blog Komunitas
  • Forum
  • Laporkan kutu
  • Panduan Ulasan

Peramban

  • Desktop
  • Mobile
  • Enterprise

Produk

  • Browsers
  • VPN
  • Relay
  • Monitor
  • Pocket
  • Bluesky (@firefox.com)
  • Instagram (Firefox)
  • YouTube (firefoxchannel)
  • Privasi
  • Kuki
  • Legal

Terkecuali saat dicatat berbeda, konten dalam situs ini dilisensikan di bawah Creative Commons Attribution Share-Alike License v3.0 atau versi lain yang lebih baru.