Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Content Security Policies (CSP) are a secondary line of defense for XSS bugs in the browser. So, as an attacker, having ways to circumvent the CSP is important for a full exploit chain.

The case for form hijacking is when you have an HTML injection vulnerability but can't escalate it to XSS because of the CSP. By adding a form to the page it may be possible to extract sensitive data, especially from over-eager password managers.

In the case of Mastadon, this worked to steal passwords with Chrome and a single user click. In this Gareth made the inputs have an opacity of zero to make it invisible.

The form-action was created as a directive in CSPv2. However, default-src doesn't cover form actions for some reasons. Overall, an interesting CSP bypass that will probably exist for a while.