Closed minanagehsalalma closed 4 years ago
@makuga01 thanks... Yeah two full weeks of holidays ... lucky you :)
I donโt have much suggestions but you can take a look on the other similar tools that i liked. https://github.com/brannondorsey/dns-rebind-toolkit https://github.com/Crypt0s/FakeDns https://github.com/linkedin/jaqen https://github.com/brannondorsey/whonow https://github.com/rstenvi/intrasploit https://github.com/rstenvi/DNSrebinder https://github.com/nccgroup/singularity https://github.com/h43z/dns-rebinding-tool/ https://github.com/FSecureLABS/dref
The video is now added to README.md
The video is now added to README.md
@makuga01 Great updates and video mate ...
But i don't understand why you put the subdomain url after the vunrable app url
Why not just use the subdomain url directly?
Because the app represented an application vulnerable to ssrf and the PHP server on localhost:80 represented internal network of the hosted application It wouldn't be ssrf if I could reach internal endpoint directly :D
It wouldn't be ssrf if I could reach internal endpoint directly :D
Haha ... i would use it for csrf mostly ;) With the help of ajax of course ::;)
Wouldn't work for csrf since it's on other domain than the app you would try to exploit - The cookies won't be sent with the request
The cookies won't be sent with the request
@makuga01 Nah mate it will be sent as the request goes to the target server with the cookies already with it ... how else you think cookies work ?
https://security.stackexchange.com/questions/207548/exact-difference-csrf-vs-dns-rebinding-attacks
The thing is that dnsFookup only creates a subdomain of gel0.space
https://security.stackexchange.com/questions/207548/exact-difference-csrf-vs-dns-rebinding-attacks
- If what you are saying would work, the world would be in flames now sweat_smile
I know that already... the world is already in flames ... the end of the world is happening maaate.
Also there a thing called don't click on untrusted links and always put the important devices to be accessed by a certain devices only.
- (in this case probably no cookies would be sent if you wouldn't set them yourself)
@makuga01 Just check my second ticket :::)
Please tell me! What I'm refusing to believe exactly? I would be more than happy to know๐๐๐
Please tell me! What I'm refusing to believe exactly? I would be more than happy to know
@makuga01 That csrf using dns rebinding is totally possible.
Yeah sure thing by the way you forgot the Emojis in your quotation....
Anyways how does the article/screenshot you sent applies to dns rebinding
Anyways how does the article/screenshot you sent applies to dns rebinding
@makuga01 I will let you answer this...
same site policy applies to ( get request - post request - both )...
@makuga01 look again.
Sure thing, I'm working on a new update right now - it will come out with a video!
Do you have any other suggestions? My school is closed for next 2 weeks so I have a plenty of time to hack/develop/make videos :d
Sorry for the delayed response btw