back
loading skill details...
>-
SKILL: CSP Bypass — Advanced Techniques AI LOAD INSTRUCTION: Covers per-directive bypass techniques, nonce/hash abuse, trusted CDN exploitation, data exfiltration despite CSP, and framework-specific bypasses. Base models often suggest unsafe-inline bypass without checking if the CSP actually uses it, or miss the critical base-uri and object-src gaps. 0. RELATED ROUTING xss-cross-site-scripting for XSS vectors to deliver after CSP bypass dangling-markup-injection when CSP blocks scripts but HTML injection exists — exfiltrate without JS crlf-injection when CRLF can inject CSP header or steal nonce via response splitting waf-bypass-techniques when both WAF and CSP must be bypassed clickjacking when CSP lacks frame-ancestors — clickjacking still possible 1. CSP DIRECTIVE REFERENCE MATRIX
don't have the plugin yet? install it then click "run inline in claude" again.