gwen001
commented
9 months ago Issue correctly handled, tool is waiting for human validation.
Closed gwen001 closed 9 months ago
gwen001
commented
9 months ago Issue correctly handled, tool is waiting for human validation.
gwen001
commented
9 months ago Tool has been accepted by the team: https://offsec.tools/tool/whonow
Thank you for your contribution!
[tags]dns,exploits[/tags] [short_descr]A malicious DNS server for executing DNS Rebinding attacks on the fly.[/short_descr] [link] https://github.com/brannondorsey/whonow [/link] [long_descr] Whonow lets you specify DNS responses and rebind rules dynamically using domain requests themselves.
What's great about dynamic DNS Rebinding rules is that you don't have to spin up your own malicious DNS server to start exploiting the browser's Same-origin policy. Instead, everyone can share the same public whonow server running on port 53 of rebind.network.
The beauty of whonow is that you can define the behavior of DNS responses via subdomains in the domain name itself. Using only a few simple keywords: A, (n)times, forever, and repeat, you can define complex and powerful DNS behavior. [/long_descr] [image] https://raw.githubusercontent.com/gwen001/offsectools_www/main/tmp/0e5b71f93ad0c31a057f624ef84f3d0f.png [/image]