CORS

Step->1. Capture the target website and spider or crawl all the website using burp.
Step->2. Use burp search look for Access-Control
Step->3. Try to add Origin Header i.e,Origin:attacker.com or Origin:null or Origin:attacker.target.com or Origin:target.attacker.com
Step->4  If origin is reflected in response means the target is vuln to CORS

step 1-> find domains i.e subfinder -d target.com -o domains.txt
step 2-> check alive ones : cat domains.txt | httpx | tee -a alive.txt
step 3-> send each alive domain into burp i.e, cat alive.txt | parallel -j 10 curl --proxy "<http://127.0.0.1:8080>" -sk 2>/dev/null
step 4-> Repeat hunting method 1

Last updated 1 year ago

Was this helpful?

Step->1. Capture the target website and spider or crawl all the website using burp.
Step->2. Use burp search look for Access-Control
Step->3. Try to add Origin Header i.e,Origin:attacker.com or Origin:null or Origin:attacker.target.com or Origin:target.attacker.com
Step->4  If origin is reflected in response means the target is vuln to CORS

step 1-> find domains i.e subfinder -d target.com -o domains.txt
step 2-> check alive ones : cat domains.txt | httpx | tee -a alive.txt
step 3-> send each alive domain into burp i.e, cat alive.txt | parallel -j 10 curl --proxy "<http://127.0.0.1:8080>" -sk 2>/dev/null
step 4-> Repeat hunting method 1

Misconfigured CORS

Reports

What is CORS (cross-origin resource sharing)?

Misconfigured CORS

Reports