corsair_scan icon indicating copy to clipboard operation
corsair_scan copied to clipboard

Published 20 hours ago verified publisher icon Santandersecurityresearch

Add check for reflected null origins.

Open CoreyD97 opened this issue 3 years ago • 2 comments

  • Corsair_scan version: 0.2.0
  • Python version: 3.7
  • Operating System: Pop!_OS

Description

It'd be useful to add a check for a trusted null origin. There's a bunch of cases a browser might send a null origin, and so adding a check for this would help locate endpoints which have whitelisted the null origin.

The current implementation does include a check for null origins, but only if this is sent when the tool attempts one of the existing origin checks (e.g. Origin: https://scarymonster.com), and not reflected nulls.

CoreyD97 avatar May 24 '21 12:05 CoreyD97

Hi

Thanks for this. So, your use case is to send a NULL origin and check if it is reflected? I would say it would be the same as sending a fake origin and having it reflected, isnt it?

Anyway, this sounds like an interesting idea, let me research about it

javixeneize avatar May 24 '21 12:05 javixeneize

I would say it would be the same as sending a fake origin and having it reflected, isnt it?

For the most part yes, this is common when it is reflected. Though it is possible that a dev create a whitelist of origins and only respond with the CORS header when the origin was valid. This'll help detect those instances.

As with my previous comment, I'll happily create a PR for this soon.

CoreyD97 avatar May 24 '21 14:05 CoreyD97