Skills
.Work. You
Rest

cors-misconfig

Official

Detect CORS misconfigurations

Software Engineering#vulnerability#penetration testing#web security#cors#misconfiguration#data exfiltration
Authorsecurityfortech
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps identify and exploit Cross-Origin Resource Sharing (CORS) misconfigurations, which can lead to sensitive data leakage and security vulnerabilities.

Core Features & Use Cases

  • Detect Origin Reflection: Identifies servers that improperly echo the Origin header.
  • Identify Wildcard Issues: Detects overly permissive Access-Control-Allow-Origin: * combined with credentialed requests.
  • Exploit Null Origin: Tests for acceptance of null origins, often exploitable via sandboxed iframes.
  • Use Case: A pentester can use this skill to find and demonstrate how an attacker could read sensitive API responses from a victim's browser due to a misconfigured CORS policy.

Quick Start

Test the target URL for CORS misconfigurations by sending a request with an attacker-controlled origin.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: cors-misconfig
Download link: https://github.com/securityfortech/hacking-skills/archive/main.zip#cors-misconfig

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.