Discover and read the best of Twitter Threads about #CORS

Most recents (3)

#Learn365 - Day 5⃣

CORS Headers. πŸ€”

What are they ? And how they bypass SOP ?

Learn about them in this thread πŸ§΅πŸ‘‡

#infosec #bugbountytips #CORS #http
In last thread, we talked about SOP, while SOP blocks the response, CORS is use to bypass SOP the most sensible way.

CORS is Cross Origin Resource Sharing.

It allows sharing response across different origins possible. Can we call it Bypassing SOP ?

Yes.
Lets say,

Domain A wants to Talk to Domain B for getting some information.

A
Read 7 tweets
#Secret2
Bug Bounty with One-Line Bash ScriptsπŸ’΅πŸ˜Ž

You can mention your favorite script. I will add them to this thread.
#BugBounty #BugBountyTip
#100BugBountySecrets
πŸ§΅πŸ‘‡πŸ»
1/ #Secret2

🎯 Hunt #XSS:
πŸ‘‰πŸ» cat targets.txt | anew | httpx -silent -threads 500 | xargs -I@ dalfox url @
πŸ‘‰πŸ» cat targets.txt | getJS | httpx --match-regex "addEventListener\((?:'|\")message(?:'|\")"

#BugBounty #BugBountyTip
#100BugBountySecrets
πŸ§΅πŸ‘‡πŸ»
2/ #Secret2

🎯 Hunt #SQLi:
πŸ‘‰πŸ»httpx -l targets.txt -silent -threads 1000 | xargs -I@ sh -c 'findomain -t @ -q | httpx -silent | anew | waybackurls | gf sqli >> sqli ; sqlmap -m sqli --batch --random-agent --level 1'

#BugBounty #BugBountyTip
#100BugBountySecrets
πŸ§΅πŸ‘‡πŸ»
Read 13 tweets
Having problems with #CORS (Cross Origin Resource Sharing) almost every time ?
Wondering why you mostly always run into a blocked request ?

Remember that it's all about 3 rules that aren't mutually exclusive.

I'll be writing about them in 10 mins time (don't miss it)

#Thread
What is CORS ?

Simply defined as a access control security restriction that is used to limit cross-domain communication based on the origin of a web site or app.

The key word here is Access Control - which is about authorization of http requests

#Thread \1
Another key word is Origin: the origin is based off a combination of 2 things

1. A Scheme /Protocol( http / https )
2. A Host/Sub+Top Level Domain ( google.com )

Ok ? Cool!

Now you ask

How does this CORS thing actually work ?

#Thread \2
Read 20 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!