Under Utilized Tools/Resources #66

I recently had to demonstrate how I could test a CORs policy with a wildcard as the developer of the web application I was pen testing tried to state that the CORs policy was fixed.

I found this post by Nick Gibbon HERE

And a simple CORs test tool on his github HERE

The only thing you have to do is change the JS

dataType: “html”,
url: “http://google.com”,

To the datatype expected in the response and the URL you want to test and load the html in any browser (or refresh the html page if you’ve already loaded it)

Sweet! It’s definitely something I will keep for myself but also as a why a developer can check if their remediation was successful!

Read all the entries in this series!


Leave a Reply