Description

Inspect if application check that the value of the “Origin” HTTP header is consistent with the value of the remote IP address/Host of the sender of the incoming HTTP request. Configurable parameters are:

  • origin_header_value

Note : This plugin is useful to test “Cross Origin Resource Sharing (CORS)” application behaviors. CORS : http://developer.mozilla.org/en-US/docs/HTTP_access_control http://www.w3.org/TR/cors

Plugin type

Audit

Options

Name Type Default Value Description Help
origin_header_value string http://w3af.sourceforge.net/ Origin HTTP header value Define value used to specify the ‘Origin’ HTTP header for HTTP request sent to test application behavior

Source

For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
github-logoPlugin source code
Unittest source code

Dependencies

This plugin has no dependencies.