back
loading skill details...
>-
SKILL: CORS Misconfiguration — Credentialed Origins, Reflection, and Trust Boundary Errors AI LOAD INSTRUCTION: Use this skill when browsers can access authenticated APIs cross-origin. Focus on reflected origins, credentialed requests, wildcard trust, parser mistakes, and origin allowlist bypasses. For JSONP hijacking deep dives, same-origin policy internals, honeypot de-anonymization, and CORS vs JSONP comparison, load the companion SCENARIOS.md. Extended Scenarios Also load SCENARIOS.md when you need: JSONP hijacking complete attack scenario — watering hole + <script> cross-origin data theft Honeypot de-anonymization via JSONP — use social platform JSONP endpoints to identify anonymous visitors Same-origin policy deep dive — protocol/hostname/port definition, document.domain subdomain relaxation and its security risks CORS vs JSONP technical comparison — methods, error handling, credential behavior, migration path CORS exploitation payloads — reflected origin with credentials: include, null origin via sandboxed iframe Dual-site attack lab pattern — localhost:8981 (target) + localhost:8982 (attacker) testing setup 1. WHEN TO LOAD THIS SKILL Load when:
don't have the plugin yet? install it then click "run inline in claude" again.