CORS*, Additional CORS Checks

Description

This extension can be used to test websites for CORS misconfigurations. It can spot trivial misconfigurations, like arbitrary origin reflection, but also more subtle ones where a regex is not properly configured. An issue is created if a dangerous origin is reflected. If "Access-Control-Allow-Credentials: true" is also set, the issue is rated high, otherwise low. Finally, the user has to decide whether the reflected Origin is intended (e.g. CDN) or whether it is a security issue.

Features

"CORS* - Additional CORS Checks" can be run in either automatic or manual mode.

Automatic

• In the CORS* tab, the extension can be activated.
• If activated, the extension will test CORS misconfigurations for each proxy request by sending multiple requests with different origins.
• There are options to only endable it for in-scope items and to exclude requests with certain file extensions.
• The "URL for CORS Request" is used to test for arbitrary reflection and as prefix/suffix in testing regex misconfigurations.
• If a potential misconfiguration is discovered, the request is highlighted in red
• If an issue is detected, it is also reported in the Target and Dashboard tabs.

Manual

• Requests can be added to CORS* using the extension menu.
• The requests to test for CORS misconfiguration can then be sent using the "Send CORS requests for selected entry" button.