Merge branch 'master' into master
This commit is contained in:
Somdev Sangwan
@@ -63,13 +63,9 @@ Using Corsy is pretty simple
|
||||
- Backtick bypass
|
||||
- Null origin bypass
|
||||
- Unescaped dot bypass
|
||||
- Underscore bypass
|
||||
- Invalid value
|
||||
- Wild card value
|
||||
- Origin reflection test
|
||||
- Third party allowance test
|
||||
- HTTP allowance test
|
||||
### Support the developer
|
||||
Liked the project? Donate a few bucks to motivate me to keep writing code for free.
|
||||
|
||||
- [Paypal](https://www.paypal.me/s0md3v)
|
||||
- [Patreon](https://www.patreon.com/s0md3v)
|
||||
|
||||
@@ -62,6 +62,15 @@ def active_tests(url, root, scheme, header_dict, delay):
|
||||
return {url : info}
|
||||
time.sleep(delay)
|
||||
|
||||
headers = requester(url, scheme, header_dict, root + '_.example.com')
|
||||
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and '_.example.com' in acao_header:
|
||||
info = details['unrecognized underscore']
|
||||
info['acao header'] = acao_header
|
||||
info['acac header'] = acac_header
|
||||
return {url : info}
|
||||
time.sleep(delay)
|
||||
|
||||
headers = requester(url, scheme, header_dict, root + '%60.example.com')
|
||||
acao_header, acac_header = headers['access-control-allow-origin'], headers.get('access-control-allow-credentials', None)
|
||||
if acao_header and '`.example.com' in acao_header:
|
||||
|
||||
@@ -1,13 +1,14 @@
|
||||
import os
|
||||
import tld
|
||||
import re
|
||||
import json
|
||||
import tempfile
|
||||
import re
|
||||
|
||||
from urllib.parse import urlparse
|
||||
|
||||
def host(string):
|
||||
if string and '*' not in string:
|
||||
return tld.get_fld(string, fix_protocol=True, fail_silently=True)
|
||||
return urlparse(string).netloc
|
||||
|
||||
|
||||
def load_json(file):
|
||||
|
||||
5
corsy.py
5
corsy.py
@@ -4,6 +4,7 @@
|
||||
import sys
|
||||
import json
|
||||
import argparse
|
||||
from requests.exceptions import ConnectionError
|
||||
|
||||
from core.tests import active_tests
|
||||
from core.utils import host, prompt, format_result, extractHeaders, create_url_list, create_stdin_list
|
||||
@@ -69,8 +70,10 @@ def cors(target, header_dict, delay):
|
||||
netloc = parsed.netloc
|
||||
scheme = parsed.scheme
|
||||
url = scheme + '://' + netloc + parsed.path
|
||||
try:
|
||||
return active_tests(url, root, scheme, header_dict, delay)
|
||||
|
||||
except ConnectionError as exc:
|
||||
print('%s Unable to connect to %s' % (bad, root))
|
||||
|
||||
if urls:
|
||||
if len(urls) > 1:
|
||||
|
||||
@@ -48,6 +48,12 @@
|
||||
"severity" : "low",
|
||||
"exploitation" : "Sniff requests made over the unencrypted channel."
|
||||
},
|
||||
"unrecognized underscore" : {
|
||||
"class" : "unrecognized underscore",
|
||||
"description" : "The origin verification is flawed and can be bypassed using a underscore (_).",
|
||||
"severity" : "high",
|
||||
"exploitation" : "Set the 'Origin' header to target.com_.example.com"
|
||||
},
|
||||
"broken parser" : {
|
||||
"class" : "broken parser",
|
||||
"description" : "The origin verification is flawed and can be bypassed using a backtick (`).",
|
||||
|
||||
@@ -1,2 +1 @@
|
||||
tld
|
||||
requests
|
||||
|
||||
Reference in New Issue
Block a user