Skip to content

Latest commit

 

History

History
14 lines (11 loc) · 847 Bytes

README.md

File metadata and controls

14 lines (11 loc) · 847 Bytes

Fasttrack HTTP security

Automatically generate a basic Content-Security-Policy (CSP), as well as relevant SubResource Integrity (SRI) digests

   mitmdump -v -s interceptor.py # Start mitmdump proxy
   # Open your favorite browser and configure it to use the proxy (should be at localhost:8080, if the browser is running on the same machine as the proxy)
   # Go to mitm.it and follow the instructions to get install the root certificate into the browser, which is needed for HTTPS
   # Start browsing to the target domain(s), fasttrack-http-security will automatically track patterns needed for the basic CSP, as well as registering SRI digests. 
   python3 export-meta.py <domain> [domain2] # Output CSPs and SRIs for the given domains. Alternatively use * as a domain return all CSPs and SRIs (remember to escape *)