Is this skill meant for automated testing?

It provides the logic and workflows for both manual penetration testing and the creation of automated security audit scripts.

Do I need special tools to use this skill?

While the skill provides manual commands, it works best alongside tools like Burp Suite, Google CSP Evaluator, and browser developer tools for full intercept and analysis.

Does it support the latest CSP standards?

Yes, the skill covers techniques relevant to CSP2 and CSP3, including nonce-based bypasses, hashes, and the 'strict-dynamic' directive.

Can this skill help fix CSP issues?

Yes, it provides detailed remediation steps such as moving to nonce-based policies, adding base-uri restrictions, and removing unsafe directives to harden your application.

What is a CSP bypass?

A CSP bypass is a technique used to circumvent the security restrictions of a Content Security Policy to execute unauthorized scripts, usually by exploiting misconfigurations or whitelisted sources.

CSP Bypass & Security Auditing

Name: CSP Bypass & Security Auditing
Author: micsapp

bymicsapp

0•

Seguridad y Pruebas

Analyzes and bypasses Content Security Policy (CSP) implementations to identify vulnerabilities and test XSS mitigation effectiveness.

The CSP Bypass & Security Auditing skill equips Claude with specialized knowledge to evaluate the robustness of Content Security Policy implementations. It guides users through systematic analysis techniques, including detecting unsafe-inline/eval directives, identifying whitelisted JSONP endpoints, and exploiting base-uri or nonce-based weaknesses. Ideal for penetration testers, security researchers, and developers, this skill provides actionable workflows and payloads to validate security posture against modern web-based injection attacks and offers remediation strategies to harden web applications.

Características Principales

01Actionable remediation reports for security hardening

02Identification of unsafe-inline and unsafe-eval misconfigurations

030 GitHub stars

04Detection of exploitable JSONP endpoints on whitelisted domains

05Techniques for base-uri hijacking and nonce-leakage exploitation

06Automated CSP policy extraction and vulnerability analysis

Casos de Uso

01Web application security assessments to evaluate CSP effectiveness

02Bug bounty hunting where CSP prevents standard XSS exploitation

03Auditing web headers for security compliance and misconfigurations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills performing-content-security-policy-bypass

For use in Claude.ai and ChatGPT

Características Principales

01Actionable remediation reports for security hardening

02Identification of unsafe-inline and unsafe-eval misconfigurations

030 GitHub stars

04Detection of exploitable JSONP endpoints on whitelisted domains

05Techniques for base-uri hijacking and nonce-leakage exploitation

06Automated CSP policy extraction and vulnerability analysis

Casos de Uso

01Web application security assessments to evaluate CSP effectiveness

02Bug bounty hunting where CSP prevents standard XSS exploitation

03Auditing web headers for security compliance and misconfigurations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills performing-content-security-policy-bypass

For use in Claude.ai and ChatGPT