Stack Exchange network consists of 183 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.
Visit Stack Exchange
Stack Internal
Knowledge at work
Bring the best of human thought and AI automation together at your work.
Explore Stack InternalI believe this should be exploitable in a typical MiTM scenario, espespecially if you don't use HSTS headers (also no need to downgrade as itsit's in HTTP anyways) -- a typical DNS spoofing attack can make a victim's IP of the same local network as localhost:8888 navigation leading to believe itsit's you and responding with the CORS response. -- I really don't see why you need a site with this kind of CORS response header
I believe this should be exploitable in a typical MiTM scenario, esp if you don't use HSTS headers (also no need to downgrade as its in HTTP anyways) -- a typical DNS spoofing attack can make a victim's IP of the same local network as localhost:8888 navigation leading to believe its you and responding with the CORS response. -- I really don't see why you need a site with this kind of CORS response header
I believe this should be exploitable in a typical MiTM scenario, especially if you don't use HSTS headers (also no need to downgrade as it's in HTTP anyways) -- a typical DNS spoofing attack can make a victim's IP of the same local network as localhost:8888 navigation leading to believe it's you and responding with the CORS response. -- I really don't see why you need a site with this kind of CORS response header
I believe this should be exploitable in a typical MiTM scenario, esp if you don't use HSTS headers (also no need to downgrade as its in HTTP anyways) -- a typical DNS spoofing attack can make a victim's IP of the same local network as localhost:8888 navigation leading to believe its you and responding with the CORS response. -- I really don't see why you need a site with this kind of CORS response header
