Account Takeover Methodology
Application Level DoS
Authentication Bypass
Broken-Link Hijacking
Broken Auth And Session Management
Finding CVEs
Web Page Source Code Review
EXIF Geo Data Not Stripped
File Upload Bypass
Find Origin IP
GraphQL
HTTP Desync Attack
Host-Header Attack
HTML-Injection
IDOR
JWT ATTACK
OAuth
SSTI
Sign Up Functionality
Tabnabbing
Weak Password Policy
CORS

Misconfigured CORS

Here are few methods and steps you can do to check for misconfigure cors.
  • Hunting method 1(Single target):
1
Step->1. Capture the target website and spider or crawl all the website using burp.
2
Step->2. Use burp search look for Access-Control
3
Step->3. Try to add Origin Header i.e,Origin:attacker.com or Origin:null or Origin:attacker.target.com or Origin:target.attacker.com
4
Step->4 If origin is reflected in response means the target is vuln to CORS
Copied!

Automate Way :

1
step1-> find domains i.e, subfinder -d domain.com -o target.txt
2
step2-> grep alive: cat target.txt | httpx | tee -a alive.txt
3
step3-> grep all urls using waybackurls by @tomnomnom and gau tool i.e,cat alive.txt | gau | tee -a urls.txt
4
step4-> run any of these tools on each url
5
step5-> configure the manually
Copied!

Another Method

Tools You Will Need for this method.

Steps

1
1) Find Domains with the help of subfinder,assetfinder,findomain i.e , subfinder -d target.com | tee -a hosts1 , findomain -t target.com | tee -a hosts1 , assetfinder --subs-only target.com |tee -a hosts1 .
2
2) Then cat hosts1 | sort -u | tee -a hosts2 and then cat hosts2 | httpx | tee -a hosts .
3
3) Navigate through terminal where hosts file is located echo "/" > paths
4
4) Then type meg -v
5
5) After the completion of process type gf cors.
6
6) All the urls with Access-Control-Allow will be displayed.
Copied!

Authors