Bypassing CSP by Abusing JSONP Endpoints


What is CSP?

What is JSONP?

The Attack

JavaScript Magic

What to Do?

Developers That are Responsible for JSONP endpoints

Penetration Testers

Blue Teams




Thoughts of a hacker

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Adding components and creating a store

How to build your chat UI

A new project with TypeScript and Angular

How to use MariaDB to store text containing emojis in a Node.js environment

Basic Sorting Algorithms

Using Chart.js’s legendCallback and generateLegend() with React hooks

EASILY Create Onboarding Feature Tours with GuideChimp (Tutorial)

React: Make a Basic CRUD App

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mazin Ahmed

Mazin Ahmed

Thoughts of a hacker

More from Medium

Squarespace jQuery Code Injection

Fix EEXIST error during npm install

Web Development: Things to Consider When Engaging a Company for a New Project

SQL Injection VS Prepared Statement