神刀安全网

Display real-life CSP reports in development

MITMProxy

Goal

Display real-life CSP reports in development.

Demo

https://asciinema.org/a/5308b70l6nqqi1kykdop1zw2r

Usage

Install mitmproxy:

$ pip install mitmproxy 

Launch your proxy:

$ mitmproxy -p 8082 -s mitm-csp.py 

Results are written to /tmp/csp-reports.json :

$ tail -f /tmp/csp-reports.json 

Browser configuration

Then configure your browser to use a proxy (here 127.0.0.1:8082) and try the web!

curl is quite easy but do not generate CSP reports 😉

$ http_proxy=http://127.0.0.1:8082 curl -v http://www.google.fr > /dev/null 

On OSX, the easiest choice may be using Firefox:

Firefox:

Preferences -> Advanced -> Network -> Connection parameters 

You can find steps to configure other browsers here:

http://library.medicine.yale.edu/services/computing/configure-browser 

Normative references

https://w3c.github.io/reporting/

https://w3c.github.io/webappsec-csp/

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » Display real-life CSP reports in development

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址