-
-
Notifications
You must be signed in to change notification settings - Fork 53
/
Copy pathcspt.json
27 lines (27 loc) · 1.73 KB
/
cspt.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
{
"hooks": {
"CSPT": {
"attribute": [
"set:HTMLScriptElement.prototype.src"
],
"function": [
"fetch",
"XMLHttpRequest.prototype.open",
"navigator.sendBeacon"
]
}
},
"config": {
"CSPT": {
"match": [
"exec:if (args instanceof Request) { url = args.url; method = method; } else if (target === 'fetch') { url = args[0]; method = args[1]?.method || 'GET'; } else if (target === 'XMLHttpRequest.prototype.open') { url = args[1]; method = args[0]; } else if (target === 'navigator.sendBeacon') { url = args[0]; method = 'POST'; } else if (target === 'HTMLScriptElement.prototype.src') { url = args; method = 'GET'; } else { return /NOOOOOOOOP/; }; if (typeof url !== 'string') { return /NOOOOOOOOP/; }; url = url.startsWith('http') ? url : `${location.origin}/${url.replace(/^(\\/)+/, '')}`; t_path = new URL(url).pathname.toLowerCase(); check = (p) => { p = p.toLowerCase(); if (p !== '' && p.length > 2 && !(domlogger.globals.CSPTBlacklist.includes(p)) && t_path.includes(p)) { return true; }; return false; }; words = []; words = words.concat(location.pathname.split('/')); words = words.concat(location.hash.slice(1).split('/')); words = words.concat([...(new URLSearchParams(location.hash.slice(1))).values()]); words = words.concat([...(new URLSearchParams(location.search)).values()]); words = [...new Set(words)]; reg = /NOOOOOOOOP/; found = []; for (const w of words) { if (check(w)) { found.push(w.toLowerCase()); } }; if (found.length > 0) { console.info(`[CSPT] ${target} || ${method} || ${url} || ${found.join(', ')}`); return /.*/; }; return reg"
],
"alert": {
"notification": true
}
}
},
"globals": {
"CSPTBlacklist": [ "api" ]
}
}