SKILL: CSP Bypass — Advanced Techniques

AI LOAD INSTRUCTION: Covers per-directive bypass techniques, nonce/hash abuse, trusted CDN exploitation, data exfiltration despite CSP, and framework-specific bypasses. Base models often suggest unsafe-inline bypass without checking if the CSP actually uses it, or miss the critical base-uri and object-src gaps.

0. RELATED ROUTING

xss-cross-site-scripting for XSS vectors to deliver after CSP bypass
dangling-markup-injection when CSP blocks scripts but HTML injection exists — exfiltrate without JS
crlf-injection when CRLF can inject CSP header or steal nonce via response splitting
waf-bypass-techniques when both WAF and CSP must be bypassed
clickjacking when CSP lacks frame-ancestors — clickjacking still possible

1. CSP DIRECTIVE REFERENCE MATRIX

Related skills

More from yaklang/hack-skills

Installs

457

Repository

yaklang/hack-skills

GitHub Stars

620

First Seen

Apr 9, 2026

Security Audits

Gen Agent Trust HubPass

SocketWarn

SnykFail

csp-bypass-advanced

SKILL: CSP Bypass — Advanced Techniques

0. RELATED ROUTING

1. CSP DIRECTIVE REFERENCE MATRIX

More from yaklang/hack-skills

hack

xss-cross-site-scripting

sqli-sql-injection

api-sec

ssrf-server-side-request-forgery

api-auth-and-jwt-abuse