This repository provides an HTML file containing a JavaScript script designed to test for Cross-Origin Resource Sharing (CORS) vulnerabilities. The script uses XMLHttpRequest to make a cross-origin request to a target site with an insecure CORS configuration and post the endpoint data to Burp Collaborator.
Note: This HTML file is intended for ethical and educational purposes only. Ensure you have proper authorization before testing on any website. Unauthorized testing may violate terms of service and legal agreements.
-
Clone or download this repository to your local machine.
-
Open the provided HTML file (
cors-test.html) in a text editor of your choice. -
Replace VULNERABLE_ENDPOINT_HERE with the API endpoint of the target site you want to test for CORS vulnerabilities.
-
Replace YOUR_COLLABORATOR_URL with your burp collaborator URL
-
Save the changes to the file.
-
Open the HTML file in the web browser.
-
If vulnerable, the data will be sent to Burp Collaborator with a GET request.
Caution: Use this HTML file responsibly and only on websites where you have explicit permission to test. Unauthorized testing may lead to legal consequences.
This HTML file is provided for educational and testing purposes only. The author is not responsible for any misuse or damage caused by the use of this file. Ensure compliance with applicable laws and ethical guidelines when conducting security testing.