Skip to content

Commit d4890e8

Browse files
save file
1 parent 276a6b2 commit d4890e8

File tree

1 file changed

+40
-3
lines changed

1 file changed

+40
-3
lines changed

blog/25-12-04/bypass-csp/bypass-csp.html

Lines changed: 40 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,17 @@
9595
ex['test'] = mod['test'];
9696
ex['test'].initmod({ext,$,menu,menumod,ace});
9797

98+
ex['ext-js-manifest'] = mod['ext-js-manifest'];
99+
ex['ext-js-manifest'].initmod({ext,$,menu,menumod,ace});
100+
ex['ext-js-extension'] = mod['ext-js-extension'];
101+
ex['ext-js-extension'].initmod({ext,$,menu,menumod,ace});
102+
ex['ext-js-cs'] = mod['ext-js-cs'];
103+
ex['ext-js-cs'].initmod({ext,$,menu,menumod,ace});
104+
ex['ext-js-popup-html'] = mod['ext-js-popup-html'];
105+
ex['ext-js-popup-html'].initmod({ext,$,menu,menumod,ace});
106+
ex['ext-js-popup-js'] = mod['ext-js-popup-js'];
107+
ex['ext-js-popup-js'].initmod({ext,$,menu,menumod,ace});
108+
98109

99110

100111
await Promise.all([
@@ -109,6 +120,11 @@
109120
ex['ws-client'].init(),
110121
ex['proxy'].init(),
111122
ex['test'].init(),
123+
ex['ext-js-manifest'].init(),
124+
ex['ext-js-extension'].init(),
125+
ex['ext-js-cs'].init(),
126+
ex['ext-js-popup-html'].init(),
127+
ex['ext-js-popup-js'].init(),
112128

113129
]);
114130

@@ -365,7 +381,14 @@ <h3>
365381
</h3>
366382
<p>
367383
so we can bypass the content-security-protocol header with a mitm proxy and remove the header before sending it to the
368-
browser
384+
browser<br>
385+
<div class=br></div>
386+
for chrome, i believe chrome can be started with flags
387+
<code>
388+
chrome --proxy-server="http://127.0.0.1:8080"
389+
</code>
390+
<div class=br></div>
391+
for firefox, you set a proxy by going to Settings → General → Network Settings → Settings…, then choosing Manual proxy configuration and entering your proxy details
369392
</p>
370393

371394
<snippet-editor id=proxy src='proxy/mitm-proxy.js' mode=js fullsize component></snippet-editor>
@@ -395,8 +418,17 @@ <h3>
395418
so i thought i'd create a little extension that allows code to be easily run in a webpage<br>
396419
</p>
397420

398-
<snippet-editor></snippet-editor>
421+
<img src='ext-js/js.png'>
422+
423+
<snippet-editor id=ext-js-manifest src='ext-js/manifest.json' mode=json fullsize component></snippet-editor>
399424

425+
<snippet-editor id=ext-js-extension src='ext-js/extension.js' mode=js fullsize component></snippet-editor>
426+
427+
<snippet-editor id=ext-js-cs src='ext-js/content-script.js' mode=js fullsize component></snippet-editor>
428+
429+
<snippet-editor id=ext-js-popup-html src='ext-js/popup/popup.html' mode=html fullsize component></snippet-editor>
430+
431+
<snippet-editor id=ext-js-popup-js src='ext-js/popup/popup.js' mode=js fullsize component></snippet-editor>
400432
</section>
401433

402434

@@ -423,7 +455,12 @@ <h3>
423455
ex['ws-client'].initdom();
424456
ex['proxy'].initdom();
425457
ex['test'].initdom();
426-
458+
ex['ext-js-manifest'].initdom();
459+
ex['ext-js-extension'].initdom();
460+
ex['ext-js-cs'].initdom();
461+
ex['ext-js-popup-html'].initdom();
462+
ex['ext-js-popup-js'].initdom();
463+
427464

428465
}//initdom
429466

0 commit comments

Comments
 (0)