Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/trustedsec/cors-poc
https://github.com/trustedsec/cors-poc
Last synced: about 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/trustedsec/cors-poc
- Owner: trustedsec
- Created: 2018-03-19T18:50:46.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2018-04-02T20:30:37.000Z (almost 7 years ago)
- Last Synced: 2024-03-26T22:56:56.280Z (10 months ago)
- Language: HTML
- Size: 5.86 KB
- Stars: 126
- Watchers: 6
- Forks: 40
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# cors-poc
Companion code for TrustedSec's "CORS Findings: Another Way to Comprehend"
blog post. See https://www.trustedsec.com/2018/04/cors-findings/ to understand situations where this could be useful.
## Usage
* `git clone https://github.com/trustedsec/cors-poc`
* `cd cors-poc`
* Edit **corstest.html** to update [target-site/target-page] and [our-server].
* `python3 -m http.server --cgi` **Caution:** all files in the current directory and sub-directories will be served on
HTTP port 8000.
* Browse to **corstest.html** from a "victim" browser.
If all goes well, cross-origin responses from the victim browser will be displayed and also stored in **captured-post-data.txt**.