From 437504ad805f81dcb32ce879bc24035b15d27293 Mon Sep 17 00:00:00 2001
From: Somdev Sangwan <s0md3v@gmail.com>
Date: Wed, 9 Dec 2020 14:17:42 +0530
Subject: [PATCH 1/7] fix #30

---
 core/utils.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/core/utils.py b/core/utils.py
index 38094f7..993da3a 100644
--- a/core/utils.py
+++ b/core/utils.py
@@ -1,4 +1,5 @@
 import os
+import re
 import tld
 import json
 import tempfile

From b6dec2138e0459afb68d51be3d71890282ee0b8f Mon Sep 17 00:00:00 2001
From: David McKennirey <david.mckennirey@gmail.com>
Date: Fri, 15 Jan 2021 07:42:47 -0500
Subject: [PATCH 2/7] Add error handling for refused connections. This will
 allow the tool to continue testing if one or more of the target urls refuses
 connections. Previously, this would cause the tool to stop once it encoutered
 a URL that refused a connection.

---
 corsy.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/corsy.py b/corsy.py
index b0a3ace..28d5a3b 100644
--- a/corsy.py
+++ b/corsy.py
@@ -4,6 +4,7 @@
 import sys
 import json
 import argparse
+from requests.exceptions import ConnectionError
 
 from core.tests import active_tests
 from core.utils import host, prompt, format_result, extractHeaders, create_url_list
@@ -63,7 +64,10 @@ def cors(target, header_dict, delay):
     netloc = parsed.netloc
     scheme = parsed.scheme
     url = scheme + '://' + netloc
-    return active_tests(url, root, scheme, header_dict, delay)
+    try:
+        return active_tests(url, root, scheme, header_dict, delay)
+    except ConnectionError as exc:
+        print(f'[WARNING] Unable to connect to {target}: {exc}')
 
 
 if urls:

From 2e3ea35807dcde888df41db6c502ebc1e6804a6a Mon Sep 17 00:00:00 2001
From: Somdev Sangwan <s0md3v@gmail.com>
Date: Thu, 28 Jan 2021 16:15:17 +0530
Subject: [PATCH 3/7] fix support for IP addresses

---
 core/utils.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/utils.py b/core/utils.py
index 993da3a..badef58 100644
--- a/core/utils.py
+++ b/core/utils.py
@@ -1,13 +1,13 @@
 import os
 import re
-import tld
 import json
 import tempfile
 
+from urllib.parse import urlparse
 
 def host(string):
     if string and '*' not in string:
-        return tld.get_fld(string, fix_protocol=True, fail_silently=True)
+        return urlparse(string).netloc
 
 
 def load_json(file):

From 84498ed3d5116c9bf3b4b3a6bba54a0ed0f777dd Mon Sep 17 00:00:00 2001
From: Somdev Sangwan <s0md3v@gmail.com>
Date: Thu, 28 Jan 2021 16:15:36 +0530
Subject: [PATCH 4/7] removed tld dependency

---
 requirements.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 7274b6a..f229360 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,2 +1 @@
-tld
 requests

From 55a779649af90322c293f6767576f7ae50db51ee Mon Sep 17 00:00:00 2001
From: Somdev Sangwan <s0md3v@gmail.com>
Date: Thu, 28 Jan 2021 16:21:42 +0530
Subject: [PATCH 5/7] added underscore bypass

---
 db/details.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/db/details.json b/db/details.json
index e71e179..2b77dd4 100644
--- a/db/details.json
+++ b/db/details.json
@@ -48,6 +48,12 @@
 		"severity" : "low",
 		"exploitation" : "Sniff requests made over the unencrypted channel."
 	},
+	"unrecognized underscore" : {
+		"class" : "unrecognized underscore",
+		"description" : "The origin verification is flawed and can be bypassed using a underscore (_).",
+		"severity" : "high",
+		"exploitation" : "Set the 'Origin' header to target.com_.example.com"
+	},
 	"broken parser" : {
 		"class" : "broken parser",
 		"description" : "The origin verification is flawed and can be bypassed using a backtick (`).",

From 332da5bdfdca7185f72036f2b9e128e573518e96 Mon Sep 17 00:00:00 2001
From: Somdev Sangwan <s0md3v@gmail.com>
Date: Thu, 28 Jan 2021 16:22:33 +0530
Subject: [PATCH 6/7] added underscore bypass, removed donation links

---
 README.md | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 7a03b38..74cb486 100644
--- a/README.md
+++ b/README.md
@@ -60,13 +60,9 @@ Using Corsy is pretty simple
 - Backtick bypass
 - Null origin bypass
 - Unescaped dot bypass
+- Underscore bypass
 - Invalid value
 - Wild card value
 - Origin reflection test
 - Third party allowance test
 - HTTP allowance test
-### Support the developer
-Liked the project? Donate a few bucks to motivate me to keep writing code for free.
-
-- [Paypal](https://www.paypal.me/s0md3v)
-- [Patreon](https://www.patreon.com/s0md3v)

From 62fcc3974d3e6cb9da6328bf03567c787e01b885 Mon Sep 17 00:00:00 2001
From: Somdev Sangwan <s0md3v@gmail.com>
Date: Thu, 28 Jan 2021 16:23:23 +0530
Subject: [PATCH 7/7] added underscore bypass

---
 core/tests.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/core/tests.py b/core/tests.py
index bda5017..e0881e4 100644
--- a/core/tests.py
+++ b/core/tests.py
@@ -62,6 +62,15 @@ def active_tests(url, root, scheme, header_dict, delay):
             return {url : info}
         time.sleep(delay)
 
+        headers = requester(url, scheme, header_dict, root + '_.example.com')
+        acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
+        if acao_header and '_.example.com' in acao_header:
+            info = details['unrecognized underscore']
+            info['acao header'] = acao_header
+            info['acac header'] = acac_header
+            return {url : info}
+        time.sleep(delay)
+
         headers = requester(url, scheme, header_dict, root + '%60.example.com')
         acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
         if acao_header and '`.example.com' in acao_header: