Can we a get a real action vid of it ?

[minanagehsalalma]

No description provided.

[makuga01]

Sure thing, I'm working on a new update right now - it will come out with a video!

Do you have any other suggestions? My school is closed for next 2 weeks so I have a plenty of time to hack/develop/make videos :d

Sorry for the delayed response btw

[minanagehsalalma]

@makuga01 thanks...
Yeah two full weeks of holidays ... lucky you :)

I don’t have much suggestions but you can take a look on the other similar tools that i liked.
https://github.com/brannondorsey/dns-rebind-toolkit
https://github.com/Crypt0s/FakeDns
https://github.com/linkedin/jaqen
https://github.com/brannondorsey/whonow
https://github.com/rstenvi/intrasploit
https://github.com/rstenvi/DNSrebinder
https://github.com/nccgroup/singularity
https://github.com/h43z/dns-rebinding-tool/
https://github.com/FSecureLABS/dref

[makuga01]

The video is now added to README.md

[minanagehsalalma]

The video is now added to README.md

@makuga01 Great updates and video mate ...

But i don't understand why you put the subdomain url after the vunrable app url

Why not just use the subdomain url directly?

[makuga01]

Because the app represented an application vulnerable to ssrf
and the PHP server on localhost:80 represented internal network of the hosted application
It wouldn't be ssrf if I could reach internal endpoint directly :D

[minanagehsalalma]

It wouldn't be ssrf if I could reach internal endpoint directly :D

Haha ... i would use it for csrf mostly ;)
With the help of ajax of course ::;)

[makuga01]

Wouldn't work for csrf since it's on other domain than the app you would try to exploit - The cookies won't be sent with the request

[minanagehsalalma]

The cookies won't be sent with the request

@makuga01 Nah mate it will be sent as the request goes to the target server with the cookies already with it ... how else you think cookies work ?

[makuga01]

https://security.stackexchange.com/questions/207548/exact-difference-csrf-vs-dns-rebinding-attacks

• If what you are saying would work, the world would be in flames now 😅

The thing is that dnsFookup only creates a subdomain of gel0.space

• cookies for this domain(gel0.space) would be sent along with the request to something.gel0.space
• It doesn't matter if something.gel0.space points to 127.0.0.1, 69.69.69.69 or (CNAME)google.com the cookies would be still the same (in this case probably no cookies would be sent if you wouldn't set them yourself)

[minanagehsalalma]

https://security.stackexchange.com/questions/207548/exact-difference-csrf-vs-dns-rebinding-attacks

• If what you are saying would work, the world would be in flames now sweat_smile

I know that already... the world is already in flames ... the end of the world is happening maaate.

Also there a thing called don't click on untrusted links and always put the important devices to be accessed by a certain devices only.

• (in this case probably no cookies would be sent if you wouldn't set them yourself)

@makuga01 Just check my second ticket :::)

[minanagehsalalma]

@makuga01 see !!

Why you are refusing to believe it ?

https://www.veracode.com/security/csrf

[makuga01]

Please tell me! What I'm refusing to believe exactly? I would be more than happy to know😀😀😀

[minanagehsalalma]

Please tell me! What I'm refusing to believe exactly? I would be more than happy to know

@makuga01 That csrf using dns rebinding is totally possible.

[makuga01]

Yeah sure thing by the way you forgot the Emojis in your quotation....

Anyways how does the article/screenshot you sent applies to dns rebinding

[minanagehsalalma]

Anyways how does the article/screenshot you sent applies to dns rebinding

@makuga01 I will let you answer this...

same site policy applies to ( get request - post request - both )...

[minanagehsalalma]

@makuga01 look again.

https://security.stackexchange.com/a/8269/199981