-
Notifications
You must be signed in to change notification settings - Fork 47
/
cspt.json
55 lines (55 loc) · 2.21 KB
/
cspt.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
{
"hooks": {
"CSPT": {
"attribute": [
"set:HTMLScriptElement.prototype.src"
],
"function": [
"fetch",
"XMLHttpRequest.prototype.open",
"navigator.sendBeacon"
]
}
},
"config": {
"*": {
"!match": [
"facebook",
"metamask",
"wappalyzer",
"google_tag_manager",
"googletagmanager",
"bitwarden",
"messenger_awaiter",
"grecaptcha",
"hcaptcha"
],
"!matchTrace": [
"facebook",
"metamask",
"wappalyzer",
"google_tag_manager",
"googletagmanager",
"bitwarden",
"messenger_awaiter",
"grecaptcha",
"hcaptcha"
]
},
"CSPT": {
"match": [
"exec:if (args instanceof Request) { url = args.url; } else if (target === 'fetch') { url = args[0]; } else if (target === 'XMLHttpRequest.prototype.open') { url = args[1]; } else if (target === 'navigator.sendBeacon') { url = args[0]; } else if (target === 'HTMLScriptElement.prototype.src') { url = args; } else { return /NOOOOOOOOP/; }; if (typeof url !== 'string') { return /NOOOOOOOOP/; }; url = url.startsWith('http') ? url : `${location.origin}/${url.replace(/^(\\/)+/, '')}`; t_path = new URL(url).pathname.toLowerCase(); check = (p) => { p = p.toLowerCase(); if (p !== '' && p.length > 2 && !(domlogger.globals.CSPTBlacklist.includes(p)) && t_path.includes(p)) { return true; }; return false; }; words = []; words = words.concat(location.pathname.split('/')); words = words.concat(location.hash.slice(1).split('/')); words = words.concat([...(new URLSearchParams(location.hash.slice(1))).values()]); words = words.concat([...(new URLSearchParams(location.search)).values()]); words = [...new Set(words)]; reg = /NOOOOOOOOP/; found = []; for (const w of words) { if (check(w)) { found.push(w.toLowerCase()); } }; if (found.length > 0) { console.info(`[CSPT] ${target} || ${url} || ${found.join(', ')}`); return /.*/; }; return reg"
],
"alert": {
"notification": true
}
}
},
"globals": {
"CSPTBlacklist": [ "api" ]
},
"removeHeaders": [
"content-security-policy",
"x-frame-options"
]
}