-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can we a get a real action vid of it ? #1
Comments
Sure thing, I'm working on a new update right now - it will come out with a video! Do you have any other suggestions? My school is closed for next 2 weeks so I have a plenty of time to hack/develop/make videos :d Sorry for the delayed response btw |
@makuga01 thanks... I don’t have much suggestions but you can take a look on the other similar tools that i liked. |
The video is now added to README.md |
@makuga01 Great updates and video mate ... But i don't understand why you put the subdomain url after the vunrable app url Why not just use the subdomain url directly? |
Because the app represented an application vulnerable to ssrf |
Haha ... i would use it for csrf mostly ;) |
Wouldn't work for csrf since it's on other domain than the app you would try to exploit - The cookies won't be sent with the request |
@makuga01 Nah mate it will be sent as the request goes to the target server with the cookies already with it ... how else you think cookies work ? |
https://security.stackexchange.com/questions/207548/exact-difference-csrf-vs-dns-rebinding-attacks
The thing is that dnsFookup only creates a subdomain of gel0.space
|
I know that already... the world is already in flames ... the end of the world is happening maaate. Also there a thing called don't click on untrusted links and always put the important devices to be accessed by a certain devices only.
@makuga01 Just check my second ticket :::) |
@makuga01 see !! Why you are refusing to believe it ? |
Please tell me! What I'm refusing to believe exactly? I would be more than happy to know😀😀😀 |
@makuga01 That csrf using dns rebinding is totally possible. |
Yeah sure thing by the way you forgot the Emojis in your quotation.... Anyways how does the article/screenshot you sent applies to dns rebinding |
@makuga01 I will let you answer this... same site policy applies to ( get request - post request - both )... |
No description provided.
The text was updated successfully, but these errors were encountered: