of-CORS: identifying and exploiting CORS misconfigurations
How Does it Work??
of-CORS is a Python3 web application built on top of Django and Django Rest Framework. Once set up and configured of-CORS will automatically register browser service workers in the browsers of any victims that visit the application. These service workers send HTTP requests to a list of pre-configured internal domains with the intention of discovering CORS misconfigurations on internal networks. The results of these requests (whether successful or otherwise) are then submitted via API back to the of-CORS instance.
The collected results can subsequently be viewed in a minimalist dashboard available on the of-CORS application.
of-CORS would do all the following:
- Enumerate likely internal subdomains for target organizations
- Utilize a service worker to make requests long after the victim is redirected off the typosquatting domain
- Accept results from the victim’s browser and provide some level of result queryability in a UI
- Make some level of attempt to hide itself
- Is likely to be visited by employees of target organizations