-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsop-bypass.js
84 lines (70 loc) · 2.17 KB
/
sop-bypass.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
// Exploit CORS in any browser, bypass SOP using Google Cloud Functions. On demand HTTPS Proxy, masquerade Google IP
const functions = require('firebase-functions');
const cors = require('cors')({ origin: true });
const fetch = require('node-fetch');
const whitelistHeaders = [
'accept-encoding',
'accept-language',
'authorization',
'content-security-policy',
'content-type',
'referrer-policy',
'x-frame-options'
];
const getBaseUrl = (request) => !request.query.url ? request.body.url : request.query.url
const createRequest = ({baseUrl, req, headersFilter, urlDecorator}) => {
const request = {};
if (req.method === "POST" || req.method === "PUT") {
req.get("content-type") === "application/json"
? (request.body = JSON.stringify(req.body))
: (request.body = req.body);
}
request.url = urlDecorator(baseUrl, req.query)
request.method = req.method;
request.headers = headersFilter(req.headers)
return request;
}
const urlDecorator = (baseUrl, requestQuery) => {
let finalUrl = baseUrl
if(!baseUrl.startsWith('http')) finalUrl = "https://" + finalUrl
Object.keys(requestQuery).map(item => {
if (item !== 'url') {
finalUrl += `&${item}=${decodeURI(requestQuery[item])}`;
}
});
return finalUrl;
}
const stripHeaders = (requestHeaders, whiteListHeaders) => {
return Object.keys(requestHeaders)
.filter(key => whiteListHeaders.includes(key))
.reduce((obj, key) => {
obj[key] = requestHeaders[key];
return obj;
}, {})
}
exports.cors = functions.https.onRequest((req, res) => {
const headersFilter = (headers) => stripHeaders(headers, whitelistHeaders)
cors(req, res, async () => {
const baseUrl = getBaseUrl(req)
if (!baseUrl) {
res.status(403).send('Endpoint URL not specified.');
return
}
const forwardRequest = createRequest({
req,
baseUrl,
headersFilter,
urlDecorator
})
return fetch(forwardRequest.url, forwardRequest).then(r => {
r.body.on('data', chunk => {
res.write(chunk);
});
return new Promise(resolve => {
r.body.on('end', () => {
resolve(res.end(null));
});
});
});
});
});