Cors_test(批量测试网站是否存在CORS劫持)
import requests
from threading import Thread
headers = {
'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0',
'Origin':'http://www.baidu.com/'
}
def test_cors(filename):
with open(filename) as targets:
for target in targets:
if 'http://' or 'https://' not in target:
target = 'http://' + target.strip()
try:
req = requests.get(target,headers=headers,timeout=(5,20),verify=False,allow_redirects=False)
if 'Access-Control-Allow-Origin' and 'Access-Control-Allow-Credentials' in req.headers:
print('[+]CORS Found: {} {} {}'.format(target,req.headers['Access-Control-Allow-Origin'],req.headers['Access-Control-Allow-Credentials']))
with open('success.txt','a+') as f:
f.write("{} {} {} \n".format(target,req.headers['Access-Control-Allow-Origin'],req.headers['Access-Control-Allow-Credentials']))
continue
else:
print('[+]maybe CORS:{} {}'.format(target,req.headers['Access-Control-Allow-Origin']))
with open('success.txt','a+') as f:
f.write("{} {} \n".format(target,req.headers['Access-Control-Allow-Origin']))
continue
except (TimeoutError,requests.exceptions.ReadTimeout):
print('{} {}'.format(target,'timeout'))
continue
except KeyError:
print('{} {}'.format(target,'key not found'))
def main():
filename = input('Please input your urls.txt:')
thread = Thread(target=test_cors,args=(filename,))
thread.start()
if __name__ == '__main__':
main()
该脚本用于批量测试是否存在CORS劫持,只有当Access-Control-Allow-Origin为baidu.com时才存在,否则需要在Access-Control-Allow-Origin域下才可劫持。
SRE实战 互联网时代守护先锋,助力企业售后服务体系运筹帷幄!一键直达领取阿里云限量特价优惠。
环境:Python3
使用:python3 cors_test.py
传入:urls.txt(待测试网站)
漏洞存在的会放入当前目录下的success.txt,出现key not found的表示有可能存在CORS劫持。
缺点:无爬虫,无法测试api,只能测试网站是否存在CORS劫持,但无法准确找到信息泄露点。
更多精彩
