A waiting to make use of JSONP
The software used to be offered throughout HackIT 2020 in Kiev. The presentation may also be discovered right here (now not certain why structure of the slides is screwed :D):
in an automatic approach. JSONBee takes an enter of a url identify (i.e. https://www.fb.com), parses the CSP (Content-Security-Policy), and mechanically counsel the that may bypass the CSP. It principally makes a speciality of JSONP endpoints amassed throughout my computer virus bounty looking actions, and may well be used to circumvent the CSP.
JSONBee depends on 3 the right way to collect the JSONP endpoints:
- The repository inside of this challenge;
- Google dorks;
- Internet archive (archive.org).
The software isn’t but totally finished as I’m nonetheless including some validations and contours too. However, the repository might be hosted right here so that anybody can use it until the software is waiting.
The repo accommodates ready-to-use payloads that may bypass CSP for Facebook.com, Google.com and extra.
Bypasing Facebook.com Content-Security coverage:
If you got here throughout a website online that trusts any of the domain names in jsonp.txt report in its script-src directive, then pickup a payload that fits the area and feature a laugh 🙂
How are you able to lend a hand?
You are all welcome to give a contribution by means of including hyperlinks to websites that makes use of JSONP endpoins/callbacks to make the repo larger and extra usefull for computer virus hunters, pentesters, and safety researchers.