Permissive CORS vulnerabilities are trickier to detect than you might think. However, using this burp extension you can extend Burp's default CORS scan checks, and add extra functionality to burp, allowing you to detect and attempt to exploit trusted domain CORS bypasses. The ideas and detection methods in this tool all stem from the following resources and research.
- Exploiting trust: Weaponizing permissive CORS configurations by Thomas Stacey
- Exploiting CORS misconfigurations for Bitcoins and bounties by James Kettle
- Advanced CORS Exploitation Techniques by Corben Leo
- URL validation bypass cheat sheet by PortSwigger
To use, simply download the latest .jar file from the releases page, install the extention and run an active scan. You can also right-click any request in burp and open the trusted domain scanner in order to check for, and attempt to exploit, trusted domain CORS bypasses.
To build it yourself run the following commands. You can find the build in the build\libs folder:
git clone <repo-URL-here>cd outpost24-cors-checkgradle build