s0md3v · blaiddx64 · Oct 16, 2024 · Oct 16, 2024 · Oct 16, 2024 · Oct 16, 2024
diff --git a/README.md b/README.md
@@ -56,6 +56,9 @@ Using Corsy is pretty simple
 ##### Skip printing tips
 `-q` can be used to skip printing of `description`, `severity`, `exploitation` fields in the output.
 
+##### Skip wildcard test
+Since wild card origin can't be used to exploitation `--skip-wildcard` can be used to skip printing of wildcard origin output. 
+
 ### Tests implemented
 - Pre-domain bypass
 - Post-domain bypass

diff --git a/core/tests.py b/core/tests.py
@@ -6,10 +6,10 @@
 
 details = load_json(sys.path[0] + '/db/details.json')
 
-def passive_tests(url, headers):
+def passive_tests(url, headers, skip_wildcard = False):
     root = host(url)
     acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
-    if acao_header == '*':
+    if acao_header == '*' and not skip_wildcard:
         info = details['wildcard value']
         info['acao header'] = acao_header
         info['acac header'] = acac_header
@@ -22,7 +22,7 @@ def passive_tests(url, headers):
             return {url : info}
 
 
-def active_tests(url, root, scheme, header_dict, delay):
+def active_tests(url, root, scheme, header_dict, delay, skip_wildcard = False):
     origin = scheme + '://' + root
     headers = requester(url, scheme, header_dict, origin)
     acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
@@ -108,4 +108,4 @@ def active_tests(url, root, scheme, header_dict, delay):
         info['acac header'] = acac_header
         return {url : info}
     else:
-        return passive_tests(url, headers)
+        return passive_tests(url, headers, skip_wildcard)
diff --git a/corsy.py b/corsy.py
@@ -31,6 +31,7 @@
 parser.add_argument('-d', help='request delay', dest='delay', type=float, default=0)
 parser.add_argument('-q', help='don\'t print help tips', dest='quiet', action='store_true')
 parser.add_argument('--headers', help='add headers', dest='header_dict', nargs='?', const=True)
+parser.add_argument('--skip-wildcard', help='skip wildcard origin check', dest='skip_wildcard', action='store_true')
 args = parser.parse_args()
 
 delay = args.delay
@@ -40,6 +41,7 @@
 inp_file = args.inp_file
 json_file = args.json_file
 header_dict = args.header_dict
+skip_wildcard = args.skip_wildcard
 
 if type(header_dict) == bool:
     header_dict = extractHeaders(prompt())
@@ -63,15 +65,15 @@
     urls = create_stdin_list(target, sys.stdin)
 
 
-def cors(target, header_dict, delay):
+def cors(target, header_dict, delay, skip_wildcard = False):
     url = target
     root = host(url)
     parsed = urlparse(url)
     netloc = parsed.netloc
     scheme = parsed.scheme
     url = scheme + '://' + netloc + parsed.path
     try:
-        return active_tests(url, root, scheme, header_dict, delay)
+        return active_tests(url, root, scheme, header_dict, delay, skip_wildcard)
     except ConnectionError as exc:
         print('%s Unable to connect to %s' % (bad, root))
 
@@ -80,7 +82,7 @@ def cors(target, header_dict, delay):
         print(' %s Estimated scan time: %i secs' % (run, round(len(urls) * 1.75)))
     results = []
     threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threads)
-    futures = (threadpool.submit(cors, url, header_dict, delay) for url in urls)
+    futures = (threadpool.submit(cors, url, header_dict, delay, skip_wildcard) for url in urls)
     for each in concurrent.futures.as_completed(futures):
         result = each.result()
         results.append(result)