Hello Friends,

I’m Rem01x And I’m Currently Preparing For The eWPTX Exam So I Will Be Walking Through All PortSwigger Labs And Make Sure To Make Writeups For All Of Them.

Let’s Start Now.

Assume that we have this website.

Now, Let’s login to our account

Now, let’s check the burp for requests

Please notice the CORS Header in the response

Now, Let’s add the Origin Header

Please notice that when adding the Origin Header it doesn’t reflect back to us.

Now, let’s try to set the Origin Header value to null and send the request.

As observed the Allow Origin Header contains the Null value which mean that the developer is trusting the Null Origin