Skip to content
/ rebinding Public

A Dockerized environment to execute SSRF via DNS rebinding!

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

KarimPwnz/rebinding

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
rbndr
rbndr
 
 
vuln
vuln
 
 
.gitignore
.gitignore
 
 
Dockerfile.node
Dockerfile.node
 
 
Dockerfile.rbndr
Dockerfile.rbndr
 
 
Dockerfile.web
Dockerfile.web
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

DNS Rebinding Testing Environment

A Dockerized environment to execute SSRF via DNS rebinding; it contains the following:

  • A container running rbndr; this is to allow DNS race conditions
  • A container running a localhost site using Python's http.server; this is to receive SSRF hits
  • A container running NodeJS with the default resolver set to rbndr (on localhost); this is to test the race condition against NodeJS code/libraries

(All of the containers have the same IP—which allows sending HTTP requests to the site container, or DNS queries to the rbndr container.)

So how do I use it?

  1. Create the containers:
docker-compose up
  1. Go into the node container:
docker exec -it rebinding_node_1 sh

  1. The node container will have the vuln directory attached to /home/node/vuln; ALSO MAKE SURE YOU INSTALL THE NPM DEPENDENCIES OUTSIDE OF THE CONTAINER (npm install)

  2. Do yo testing!

sh /home/node/vuln/infinite.sh /home/node/vuln/C0oki3s-ssrf/index.js

  1. See yo results!

    yo results

You can destroy the containers by running:

docker-compose down

Or you can just stop them:

docker-compose stop

And then start them again:

docker-compose start

About

A Dockerized environment to execute SSRF via DNS rebinding!

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages