Skip to content

Commit 83bf07f

Browse files
javascript-2020javascript-2020
committed
save file
1 parent f5c256f commit 83bf07f

File tree

1 file changed

+139
-4
lines changed

1 file changed

+139
-4
lines changed

blog/25-12-04/bypass-csp/bypass-csp.html

Lines changed: 139 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -130,7 +130,7 @@
130130

131131

132132
initdom(document.body);
133-
133+
134134

135135
}//init
136136

@@ -193,13 +193,14 @@
193193
{margin:1.5rem auto;padding:1.25rem 1.75rem;background-color:#fcfcfc;/*#f9f9f9*/font-family:system-ui, sans-serif;font-size:1rem;line-height:2;
194194
color:#333;text-align:justify;border-radius:4px}
195195
.blog-text h2,.blog-text h3
196-
{margin-top:1.5rem;margin-bottom:0.75rem;font-weight:600;color:#222;}
196+
{margin-top:1.5rem;margin-bottom:0.75rem;font-weight:600;color:#222;display:flex}
197197
.blog-text p
198198
{margin:0 0 1rem 0;}
199199

200200

201201

202-
202+
.spc
203+
{flex:1}
203204

204205

205206

@@ -380,7 +381,7 @@ <h3>
380381
bypassing content-security policy with a mitm proxy
381382
</h3>
382383
<p>
383-
so we can bypass the content-security-protocol header with a mitm proxy and remove the header before sending it to the
384+
so, we can bypass the content-security-protocol header with a mitm proxy and remove the header before sending it to the
384385
browser<br>
385386
<div class=br></div>
386387
for chrome, i believe chrome can be started with flags
@@ -389,6 +390,16 @@ <h3>
389390
</code>
390391
<div class=br></div>
391392
for firefox, you set a proxy by going to Settings → General → Network Settings → Settings…, then choosing Manual proxy configuration and entering your proxy details
393+
<div class=br></div>
394+
this mitm proxy requires a x.509 key and certificate, they can be generated
395+
<br>
396+
<a href='utils/x509/generate-https-certificate/generate-https-certificate.html'>
397+
Generate HTTPS Certificate
398+
<span class=link-domain>
399+
ext-code.com
400+
</span>
401+
</a>
402+
<br>
392403
</p>
393404

394405
<snippet-editor id=proxy src='proxy/mitm-proxy.js' mode=js fullsize component></snippet-editor>
@@ -398,6 +409,8 @@ <h3>
398409
<section class=blog-text>
399410
<h3>
400411
checking the input / output of the mitm proxy
412+
<div class=spc></div>
413+
<input value='download test-server' type=button>
401414
</h3>
402415
<p>
403416
by connecting onto the server below we can check the actual input and output of the mitm proxy, should you wish to adapt
@@ -439,7 +452,11 @@ <h3>
439452

440453

441454
<script>
455+
442456

457+
var btn = {};
458+
btn.download = {};
459+
443460

444461
function initdom(){
445462

@@ -461,10 +478,128 @@ <h3>
461478
ex['ext-js-popup-html'].initdom();
462479
ex['ext-js-popup-js'].initdom();
463480

481+
482+
$('[value="download test-server"]').onclick = btn.download['test-server'];
483+
484+
464485

465486
}//initdom
466487

467488

489+
//:
490+
491+
492+
btn.download['test-server'] = function(){
493+
494+
download('test-server','server/test-server.js');
495+
496+
}//test-server
497+
498+
499+
//:
500+
501+
502+
var jszip;
503+
504+
async function load_jszip(){
505+
506+
if(!jszip){
507+
var err;
508+
try{
509+
510+
jszip = await import('https://cdn.jsdelivr.net/npm/jszip/+esm');
511+
512+
}//try
513+
catch(err2){
514+
515+
err = err2;
516+
517+
}//catcg
518+
if(err){
519+
var error = err.toString();
520+
log.red(`failed to load zip module : ${error}`);
521+
return {error};
522+
}
523+
524+
jszip = jszip.default;
525+
}
526+
527+
}//load_jszip
528+
529+
530+
async function download(root,...files){
531+
532+
if(!jszip){
533+
var {error} = await load_jszip();
534+
if(error)return;
535+
}
536+
537+
var zip = new jszip();
538+
zip.folder(root);
539+
540+
var err;
541+
await Promise.all(
542+
file.map(async file=>{
543+
544+
var fn = file.split('/').at(-1);
545+
var {blob,error} = await get(file);
546+
if(error){
547+
548+
return;
549+
}
550+
zip.file(`${root}/${fn}`,blob);
551+
552+
})
553+
).catch(err2=>err=err2);
554+
555+
if(err){
556+
return;
557+
}
558+
559+
var blob = await zip.generateAsync({type:'blob'});
560+
var url = window.URL.createObjectURL(blob);
561+
var a = document.createElement('a');
562+
a.download = `${root}.zip`;
563+
a.href = url;
564+
a.click();
565+
566+
567+
async function get(path){
568+
569+
//var url = `https://raw.githubusercontent.com/javascript-2020/${repo}/main/${path}`;
570+
var url = path;
571+
572+
var err;
573+
try{
574+
575+
var res = await fetch(url);
576+
577+
}//try
578+
catch(err2){
579+
580+
err = err2;
581+
582+
}//catcg
583+
if(err){
584+
var error = err.toString();
585+
log.red(error);
586+
return {error};
587+
}
588+
if(!res.ok){
589+
var txt = await res.text();
590+
var error = res.status+' '+res.statusText;
591+
log.red(error);
592+
return {error};
593+
}
594+
595+
var blob = await res.blob();
596+
return {blob};
597+
598+
}//get
599+
600+
}//download
601+
602+
468603

469604
</script>
470605

0 commit comments

Comments
 (0)