Quick tester for CORS misconfigurations

cors_poc_test.html

<html>
<script src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
<h1>CORS Test PoC</h1>
<label for="target_url">Endpoint to test: </label><input type="url" id="target_url" size=100 placeholder="Target URL"><br/>
<input type="checkbox" id="with_creds_checkbox" value="with_creds"><label for="with_creds_checkbox">With Credentials?</label><br/>
<input type="submit" id="submit_btn" value="Make Request">
<hr>
<p>If the site is vulnerable to an overly permissive CORS policy, the response of the above request will appear in the box below</p>

<div id="test_data" style="border:1px solid darkred; color: red">
    Waiting to test...
</div>

<script>
    $(document).ready(function () {
        $("#submit_btn").click(function () {
            if ($("#with_creds_checkbox").is(":checked")) {
                $.ajaxSetup({
                    xhrFields: {
                        withCredentials: true
                    }
                });
            }
            else {
                $.ajaxSetup({
                    xhrFields: {
                        withCredentials: false
                    }
                });
            }
            targetUrl = $("#target_url").val();
            $.ajax({
                type: "GET",
                url: targetUrl,
                success: function (data) {
                    var test_data = data;
                    $("#test_data").text(JSON.stringify(test_data));
                },
                error: function (data, textStatus, xhr) {
                    console.log("error", data.status);
                    $("#test_data").text("Error retrieving data. Check console for more info. Response text: "+JSON.stringify(data.responseText));
                }
            });

        });
    });
</script>
</html>