CSP and Bypasses

This blog post aims to demonstrate what CSP is and why CSP is implemented. And how attackers can bypass CSP. In this article, I will include how you can bypass some directives to achieve XSS on the target application.

Content Security Policy Bypass - Deteact - continuous information security services

XSS CSP Bypass - BugPoC Challenge

VolgaCTF 2018 - Neatly bypassing CSP

GitHub - buffermet/CSP-bypass: Bypass Content-Security-Policy to phish data.

Defending against XSS with CSP

Learn & bypass Content Security Policy HTTP Response Header - Requestly

How to use Google's CSP Evaluator to bypass CSP - Web Security Blog

DVWA - CSP Bypass - Braincoke

ExploitWareLabs - HTTP's Content Security Policy (CSP)

Chrome CSP bypass zero-day vulnerability – Update your browsers