Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
The configuration file
Payload configuration is currently defined in the
dref-config.yml file located in the project's root directory.
The default configuration file looks like this:
general: domain: attacker.com address: 184.108.40.206 targets: - target: "demo" script: "web-discover"
targets section of the configuration is a list of YAML "target" objects. These are the payloads that are configured to be delivered by dref.
target key serves a couple of purposes internally, but it is mainly the subdomain that delivers the payload.
script key is the payload script that will be delivered when a user visits the
target subdomain. These are defined in
In plain English the configuration above says:
When a user visits
Changing the configuration file
At this point, the Docker environment has to be restarted to reflect changes made to the
$ docker-compose down $ docker-compose up -d
Payload configuration keys
||String||Target subdomain that will deliver the initial payload. Must be a valid subdomain string.|
||String||Payload delivered by the
||Boolean||Whether or not dref should cause the browser to "hang" by making it request a file that will not be delivered in full. This can be useful to trick an automated driver like Selenium into believing the page has not fully loaded, ensuring payloads will have time to run.|
||Boolean||Whether or not dref should use the "dual A record" method for DNS rebinding, allowing for near-instant DNS rebinding attacks. This attack is inconsistent between browsers/OSs and, at the moment, works half of the time on affected browsers/OSs (improving this is on the agenda).|
||Object||Valid YAML sub-object containing arguments to be passed to the script. These arguments will be accessible to the
Rebinding on other ports
By default dref allows you to rebind on the standard web ports 80, 8000, 8080 and 8888. This is controlled by the docker-compose port mapping for the
api container in
To support DNS rebinding on an additional port, simply add a mapping from that port on the host to port 80 in the
api container by editing
docker-compose.yml. For example to support DNS rebinding on port 4000, the configuration would look like:
api: image: node:9.11.1-alpine networks: - dref ports: - 0.0.0.0:4000:80