Cross-Origin Resource Sharing Scanning using CORS-Clover
Cross-Origin Resource Sharing(CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins(domain, scheme, or port) than its own from which a browser should permit loading of resources such as images, GIF’s animations, font-styles are relevant to CDN’s (Content Delivery Network). In a simple language CORS is the way cross-domain interactions happen.
In simple words an example of CORS in actual implementation, suppose an website is making a cross-domain request, what the server will do is it will add an ‘Origin’ header for the external resource. The application’s response will then include the ‘Allow-Access-Control-Origin’ which explains which origins are authorized for fetching the response of the request that was sent. Another Header which will be added also is known as ‘Allow-Access-Credentials’ which specifies whether or not the request is allowed to ask the browser to include credentials in the cross-domain request, such as session cookies, authorization headers, or TLS client certificates. After both parties are good with the negotiation the domain will have access to the response.
We will use a tool CORS-Clover which can be used for enumerating domains for CORS Security misconfigurations
What is CORS-Clover?
CORS Clover is a tool which can be used for enumerating endpoints for CORS (Cross-Origin Resource Sharing) security misconfigurations, it’s written in python 3 and is currently in BETA Version
CORS-Clover uses python request for sending request to the website (endpoint), after the requests response is received by the script it parses the HTTP headers and shows you the important headers like ‘Allow-Control-Allow-Origin’ , ‘Allow-Control-Allow-Methods’ , ‘Access-Control-Allow-Credentials ‘ which are required as necessary to understand the CORS vulnerability and further you can do your testing with the end-point. Well CORS-Clover dumps the results in ‘output.json’
How to Setup CORS-Clover
Requirements for the tool –
- Python 3.8.6 or higher
- requests ( Python module )
- JQ JSON Processor
For setting up CORS-Clover you require the following steps
If you don’t have ` jq ` installed download the executable from –
– git clone https://github.com/DexterLex98/CORS-Clover.git
– cd CORS-Clover
– pip3 install -r requirements.txt
– python3 clover.py –h
– python3 clover.py –url <target_host_endpoint> –output <Y/N>