gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-12 07:40:34 -08:00
Code Issues Packages Projects Releases Wiki Activity

Markdown Linting - CSV, CVE, DBS, LFI, GWT, GraphQL

Browse Source
This commit is contained in:
Swissky
2025-03-26 16:22:53 +01:00
parent e6eb436eb1
commit e03cdfff14
12 changed files with 255 additions and 310 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
DNS Rebinding/README.md
View File

@@ -8,18 +8,16 @@
* [Methodology](#methodology)
* [Protection Bypasses](#protection-bypasses)
* [0.0.0.0](#0000)
* [CNAME](#CNAME)
* [CNAME](#cname)
* [localhost](#localhost)
* [References](#references)
## Tools
- [nccgroup/singularity](https://github.com/nccgroup/singularity) - A DNS rebinding attack framework.
- [rebind.it](http://rebind.it/) - Singularity of Origin Web Client.
- [taviso/rbndr](https://github.com/taviso/rbndr) - Simple DNS Rebinding Service
- [taviso/rebinder](https://lock.cmpxchg8b.com/rebinder.html) - rbndr Tool Helper
* [nccgroup/singularity](https://github.com/nccgroup/singularity) - A DNS rebinding attack framework.
* [rebind.it](http://rebind.it/) - Singularity of Origin Web Client.
* [taviso/rbndr](https://github.com/taviso/rbndr) - Simple DNS Rebinding Service
* [taviso/rebinder](https://lock.cmpxchg8b.com/rebinder.html) - rbndr Tool Helper
## Methodology
@@ -50,16 +48,14 @@ The browser treats subsequent responses as coming from the same origin (`malicio
Malicious JavaScript running in the victim's browser can now make requests to internal IP addresses or local services (e.g., 192.168.1.1 or 127.0.0.1), bypassing same-origin policy restrictions.
**Example:**
1. Register a domain.
2. [Setup Singularity of Origin](https://github.com/nccgroup/singularity/wiki/Setup-and-Installation).
3. Edit the [autoattack HTML page](https://github.com/nccgroup/singularity/blob/master/html/autoattack.html) for your needs.
4. Browse to "http://rebinder.your.domain:8080/autoattack.html".
4. Browse to `http://rebinder.your.domain:8080/autoattack.html`.
5. Wait for the attack to finish (it can take few seconds/minutes).
## Protection Bypasses
> Most DNS protections are implemented in the form of blocking DNS responses containing unwanted IP addresses at the perimeter, when DNS responses enter the internal network. The most common form of protection is to block private IP addresses as defined in RFC 1918 (i.e. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). Some tools allow to additionally block localhost (127.0.0.0/8), local (internal) networks, or 0.0.0.0/0 network ranges.
@@ -95,7 +91,6 @@ $ dig www.example.com +noall +answer
localhost.example.com. 381 IN CNAME localhost.
```
## References
- [How Do DNS Rebinding Attacks Work? - nccgroup - Apr 9, 2019](https://github.com/nccgroup/singularity/wiki/How-Do-DNS-Rebinding-Attacks-Work%3F)
* [How Do DNS Rebinding Attacks Work? - nccgroup - Apr 9, 2019](https://github.com/nccgroup/singularity/wiki/How-Do-DNS-Rebinding-Attacks-Work%3F)