s0md3v/Corsy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added underscore bypass

Browse Source
This commit is contained in:
Somdev Sangwan
2021-01-28 16:23:23 +05:30
committed by GitHub
parent 332da5bdfd
commit 62fcc3974d
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
core/tests.py
View File

@@ -62,6 +62,15 @@ def active_tests(url, root, scheme, header_dict, delay):
return {url : info} return {url : info}
time.sleep(delay) time.sleep(delay)
headers = requester(url, scheme, header_dict, root + '_.example.com')
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
if acao_header and '_.example.com' in acao_header:
info = details['unrecognized underscore']
info['acao header'] = acao_header
info['acac header'] = acac_header
return {url : info}
time.sleep(delay)
headers = requester(url, scheme, header_dict, root + '%60.example.com') headers = requester(url, scheme, header_dict, root + '%60.example.com')
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None) acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
if acao_header and '`.example.com' in acao_header: if acao_header and '`.example.com' in acao_header: