Bypass ScriptBlock using Google Cloud Storage

Homepage:

https://chrome.google.com/webstore/detail/scriptblock/hcdjknjpbnhdoabbngpmfekaecnpajba

Description:

Recently I read Detectify Labs post about Using Google Cloud to Bypass NoScript.

So I try to test this method on ScriptBlock plugin for Chrome.

googleapis.com domain is whitelisted by default.

File: common\config.js

whitelist: ["google.com", "google.ca", "google.co.uk", "google.de", "google.com.au", "googleapis.com", "gstatic.com", "youtube.com", "ytimg.com",
			"live.com", "microsoft.com", "hotmail.com", "apple.com", "yahoo.com", "yahooapis.com", "yimg.com", "paypal.com", "paypalobjects.com"]

Proof of Concept:

Use Google Cloud Storage for storing files which bypass ScriptBlock. For example this one created by Mathias Karlsson.

https://avlidienbrunn.storage.googleapis.com/lol.html

Timeline: