Skip to content

clayball/cors-poc

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 

Repository files navigation

cors-poc

Companion code for TrustedSec's "CORS Findings: Another Way to Comprehend" blog post. See https://www.trustedsec.com/2018/04/cors-findings/ to understand situations where this could be useful.

Usage

  • git clone https://github.com/trustedsec/cors-poc
  • cd cors-poc
  • Edit corstest.html to update [target-site/target-page] and [our-server].
  • python3 -m http.server --cgi Caution: all files in the current directory and sub-directories will be served on HTTP port 8000.
  • Browse to corstest.html from a "victim" browser.

If all goes well, cross-origin responses from the victim browser will be displayed and also stored in captured-post-data.txt.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • HTML 75.2%
  • Python 24.8%