Skip to content

s-3ntinel/imgjs_polygloter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
craft_gif.py
craft_gif.py
 
 
craft_jpg.py
craft_jpg.py
 
 
craft_png.py
craft_png.py
 
 
img_polygloter.py
img_polygloter.py
 
 

Repository files navigation

Image Polyglot

This program can craft a valid image that is simultaneously a valid and executable javascript file (polyglot). Its main use is to bypass CSP.

Main inspiration came from this article.

https://portswigger.net/research/bypassing-csp-using-polyglot-jpegs

Usage

JPG

./img_polygloter.py jpg --height 123 --width 321 --payload "alert(document.domain);" --output jpg_poly.js

GIF

./img_polygloter.py gif --payload "alert(document.domain);" --output gif_poly.js

TODO

  • gif dimensions, if possible
  • png crafting

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

23 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages