Various security oriented Cross Origin Remote Sharing utilites.
- CORS proxy browser
- Uses embedded CORS & Flash backends to demonstrate how it's possible to read cross-origin
pages on permissive domains. Nice UI, storing history, preferences, cookie support. Can also be used without UI as a iframed component (other tools use this).
- Remote controller
- Embeds the proxy browser and communicates with it (HTML5 postMessage) to fetch URLs and process HTTP responses.
When modified, could be used in a XSS attack to make CSRF with victim credentials or internal network discovery.
- MalaRIA connector
- Uses the browser component and connects to MalaRIA server so that attacker can browse with victim's browser just by using MalaRIA HTTP proxy
Authors
Krzysztof Kotowicz (kkotowicz@gmail.com)
Contact
Krzysztof Kotowicz (kkotowicz@gmail.com)
@kkotowicz
blog.kotowicz.net
Download
You can download this project in either
zip or
tar formats.
You can also clone the project with Git
by running:
$ git clone git://github.com/koto/cors-proxy-browser
