Open ghost opened 3 years ago
gdncc
commented
3 years ago Hello,
I've just tested with the latest version of Singularity, compiled with Go version "1.16.3", since we made a code change yesterday. It works for me. Maybe you pasted extraneous spaces?
if the server returns "Temporary secret: 8cf4dbe7a4c056d0ae1b02f22026ae16287f88f4", you must copy and paste "8cf4dbe7a4c056d0ae1b02f22026ae16287f88f4" in your web browser.
naahmoraaes
commented
3 years ago WebSocket connection to 'ws://ipaddress:3129/soows' failed:
it shows as if there was a problem in the code below:
if (headers.get('www-authenticate') !== null) {
let ws = new WebSocket(ws://${wsurl}/soows);
naahmoraaes
commented
3 years ago Uncaught (in promise) TypeError: headers.get is not a function at webSocketHook (payload.js:184) at payload.js:258
gdncc
commented
3 years ago I've successfully tried "Hook and Control" against a service listening on localhost, with the latest version of the code and with the following configuration:
It looks like DNS rebinding did not work in the log you provided above, but there is too little information to confirm.
Did you try the the "Simple Fetch Get" payload first before trying "Hook and Control"? Did it work? Can you provide more details on your environment, client and Singularity setup and target service?
naahmoraaes
commented
3 years ago I found my error. Thanks
Hook and Control (hook-and-control.js): Hijack target browsers and use them to access inaccessible resources from your own browser or other HTTP clients. You can retrieve the list of hooked browsers on the "soohooked" sub-domain of the Singularity manager host on port 3129 by default e.g. http://soohooked.rebinder.your.domain:3129/. To authenticate, submit the secret value dumped to the console by the Singularity server at startup.