Cors_test(批量测试网站是否存在CORS劫持)
Posted p1g3
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Cors_test(批量测试网站是否存在CORS劫持)相关的知识,希望对你有一定的参考价值。
import requests
from threading import Thread
headers = {
‘User-Agent‘:‘Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0‘,
‘Origin‘:‘http://www.baidu.com/‘
}
def test_cors(filename):
with open(filename) as targets:
for target in targets:
if ‘http://‘ or ‘https://‘ not in target:
target = ‘http://‘ + target.strip()
try:
req = requests.get(target,headers=headers,timeout=(5,20),verify=False,allow_redirects=False)
if ‘Access-Control-Allow-Origin‘ and ‘Access-Control-Allow-Credentials‘ in req.headers:
print(‘[+]CORS Found: {} {} {}‘.format(target,req.headers[‘Access-Control-Allow-Origin‘],req.headers[‘Access-Control-Allow-Credentials‘]))
with open(‘success.txt‘,‘a+‘) as f:
f.write("{} {} {} \n".format(target,req.headers[‘Access-Control-Allow-Origin‘],req.headers[‘Access-Control-Allow-Credentials‘]))
continue
else:
print(‘[+]maybe CORS:{} {}‘.format(target,req.headers[‘Access-Control-Allow-Origin‘]))
with open(‘success.txt‘,‘a+‘) as f:
f.write("{} {} \n".format(target,req.headers[‘Access-Control-Allow-Origin‘]))
continue
except (TimeoutError,requests.exceptions.ReadTimeout):
print(‘{} {}‘.format(target,‘timeout‘))
continue
except KeyError:
print(‘{} {}‘.format(target,‘key not found‘))
def main():
filename = input(‘Please input your urls.txt:‘)
thread = Thread(target=test_cors,args=(filename,))
thread.start()
if __name__ == ‘__main__‘:
main()
该脚本用于批量测试是否存在CORS劫持,只有当Access-Control-Allow-Origin为baidu.com时才存在,否则需要在Access-Control-Allow-Origin域下才可劫持。
环境:Python3
使用:python3 cors_test.py
传入:urls.txt(待测试网站)
漏洞存在的会放入当前目录下的success.txt,出现key not found的表示有可能存在CORS劫持。
缺点:无爬虫,无法测试api,只能测试网站是否存在CORS劫持,但无法准确找到信息泄露点。
以上是关于Cors_test(批量测试网站是否存在CORS劫持)的主要内容,如果未能解决你的问题,请参考以下文章
从 HTTP 到 HTTPS 发出 CORS 请求是不是存在任何安全问题?