Skip to content
🔫 A dangerous proxy for unrestricted XHR access in browser
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitattributes
.gitignore
README.md
insensitive-object.js
package.json
proxy.js
server.js
yarn.lock

README.md

bandit-proxy

A proxy for web testing. Accompanying willnode/bandit XHR tools.

With this proxy any website that opened in your browser can:

  • Making XHR Bypassing CORS + Cache Control
  • Inject to protected HTTP Request Header (cookie, hostname, dsb.)
  • Fully read HTTP Response returned from XHR

All done without any rate-limitation, without compromising browser security.

Installation

git clone https://github.com/willnode/bandit-proxy
cd bandit-proxy
yarn
node server

Then set the bandit XHR proxy to the address shown (e.g. localhost:7070).

TODO

More options, more fine-grained testing features.

A Securiy Breach

Don't leave this proxy run on casual browsing, please.

You can’t perform that action at this time.