CORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing (CORS) misconfigurations. It takes a text file as input which may contain a list of domain names or URLs.
Currently, the following potential vulnerabilities are detected by sending a certain Origin
request header and checking for the Access-Control-Allow-Origin
response header:
null
origin via a sandboxed iframeNote that these vulnerabilities/misconfigurations are dependend on the context. In most scenarios, they can only be exploited by an attacker if the Access-Control-Allow-Credentials header
is present (see -q
flag).
Also Read – BurpSuite : Secret Finder Extension To Discover APIkeys/Tokens From HTTP Response
Usage
usage: corstest.py [arguments] infile
positional arguments:
infile File with domain or URL list
optional arguments:
-h, –help show this help message and exit
-c name=value Send cookie with all requests
-p processes multiprocessing (default: 32)
-s always force ssl/tls requests
-q quiet, allow-credentials only
-v produce a more verbose output
CORS For Hackers
Websites enable CORS by sending the following HTTP response header:Access-Control-Allow-Origin: https://example.com
This permits the listed origin (domain) to make visitors’ web browsers issue cross-domain requests to the server and read the responses – something the Same Origin Policy would normally prevent.
By default this request will be issued without cookies or other credentials, so it can’t be used to steal sensitive user-specific information like CSRF tokens. The server can enable credential transmission using the following header:Access-Control-Allow-Credentials: true
This creates a trust relationship – an XSS vulnerability on example.com is bad news for this site.
Example
Use of CORStest to detect misconfigurations for the Alexa top 750 sites (with Access-Control-Allow-Credentials
):
Evaluation
Running this CORStest on the Alexa top 1 million sites reveals the following results:
Note that the absolute numbers are quite low, because only 3% of the 1,000,000 tested websites had CORS enabled on their main page and could be analyzed for misconfigurations. This test took about 14 hours on a decent line (DSL). If you have a fast Internet connection, try to increase the number of parallel processes to -p50
or more.
Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…
Simple golang webserver that listens for basic auth or post requests and sends a notification…
Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…
Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…
All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…
Got it! Below is the updated README.md file with instructions for downloading the project on…