Fork me on GitHub

CORS proxy browser by koto

Various security oriented Cross Origin Remote Sharing utilites.
CORS proxy browser
Uses embedded CORS & Flash backends to demonstrate how it's possible to read cross-origin pages on permissive domains. Nice UI, storing history, preferences, cookie support. Can also be used without UI as a iframed component (other tools use this).
Remote controller
Embeds the proxy browser and communicates with it (HTML5 postMessage) to fetch URLs and process HTTP responses. When modified, could be used in a XSS attack to make CSRF with victim credentials or internal network discovery.
MalaRIA connector
Uses the browser component and connects to MalaRIA server so that attacker can browse with victim's browser just by using MalaRIA HTTP proxy


Krzysztof Kotowicz (


Krzysztof Kotowicz (


You can download this project in either zip or tar formats.

You can also clone the project with Git by running:

$ git clone git://