CORS*, Additional CORS Checks
This extension can be used to test websites for CORS misconfigurations. It can spot trivial misconfigurations, like arbitrary origin reflection, but also more subtle ones where a regex is not properly configured. An issue is created if a dangerous origin is reflected. If "Access-Control-Allow-Credentials: true" is also set, the issue is rated high, otherwise low. Finally, the user has to decide whether the reflected Origin is intended (e.g. CDN) or whether it is a security issue.
"CORS* - Additional CORS Checks" can be run in either automatic or manual mode.
- In the CORS* tab, the extension can be activated.
- If activated, the extension will test CORS misconfigurations for each proxy request by sending multiple requests with different origins.
- There are options to only endable it for in-scope items and to exclude requests with certain file extensions.
- The "URL for CORS Request" is used to test for arbitrary reflection and as prefix/suffix in testing regex misconfigurations.
- If a potential misconfiguration is discovered, the request is highlighted in red
- If an issue is detected, it is also reported in the Target and Dashboard tabs.
- Requests can be added to CORS* using the extension menu.
- The requests to test for CORS misconfiguration can then be sent using the "Send CORS requests for selected entry" button.
|Last updated||31 January 2022|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.