Member-only story
Content Security Policy Tryhackme Writeup
Room link: https://tryhackme.com/room/csp
Note: This room is for Premium Members Only. who purchased THM premium membership.
Topic’s
- Content Security Policy Fundamentals
- Bypass Content Security Policy
Task 1 Introduction
Welcome to the CSP room! In this room, you’ll learn what CSP is, what it’s used for, and how to exploit flaws in a flawed CSP configuration. If you don’t know what XSS (Cross-site scripting) is, I would recommend checking out the XSS room, as you’ll need to have some experience with XSS.
What is CSP?
Content Security Policy, or CSP, is a policy usually sent via an HTTP response header from the webserver to your browser when requesting a page that describes which sources of content the browser should allow to be loaded in, and which ones should be blocked. In case an XSS or data injection vulnerability is found in a website, CSP is designed to prevent this vulnerability from being exploited until it’s properly patched, and should serve as an extra layer of protection, not as your only line of defense.
A CSP policy can also be included within the page’s HTML source code, using the tag, such as this:
