Created
December 6, 2024 22:37
-
-
Save ACK-J/d1954f90b3a4faee75af5f4c2610da8a to your computer and use it in GitHub Desktop.
Quick and Easy Python Server that Returns a Vulnerable CSP via Meta HTML Tag
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import http.server | |
| import socketserver | |
| import ssl | |
| # Run: openssl req -new -x509 -days 365 -nodes -out server.crt -keyout server.key | |
| PORT = 8000 | |
| class MyRequestHandler(http.server.SimpleHTTPRequestHandler): | |
| def do_GET(self): | |
| # Set the response code and headers | |
| self.send_response(200) | |
| self.send_header("Content-Type", "text/html") | |
| self.end_headers() | |
| # Send a simple HTML response with a CSP meta tag | |
| html_content = """ | |
| <html> | |
| <head> | |
| <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.google.com"> | |
| <title>CSP Example</title> | |
| </head> | |
| <body> | |
| <h1>Hello, World!</h1> | |
| <p>This page has a CSP defined in a meta tag.</p> | |
| </body> | |
| </html> | |
| """ | |
| self.wfile.write(html_content.encode('utf-8')) | |
| # Set up the server | |
| httpd = socketserver.TCPServer(("", PORT), MyRequestHandler) | |
| # Wrap the server socket with SSL | |
| httpd.socket = ssl.wrap_socket(httpd.socket, | |
| certfile='server.crt', | |
| keyfile='server.key', | |
| server_side=True) | |
| print(f"Serving on https://localhost:{PORT}") | |
| httpd.serve_forever() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment