singularity icon indicating copy to clipboard operation
singularity copied to clipboard
verified publisher icon nccgroup

Attack has been blocked by CORS policy

Open peace27-96 opened this issue 4 years ago • 5 comments

Hi @gdncc and congratulations on the tool you made. I am trying to perform the attack on my home router and I cannot understand why it is giving me this error.

Screenshot from 2021-09-25 18-00-32

I tried another router on a different line and the attack was successful.

Could you help me understand why it doesn't work on this router? or what caused the error.

Sorry for my English.

peace27-96 avatar Sep 25 '21 16:09 peace27-96

From the screenshot, it looks like the DNS rebinding did not succeed. Did you try to manually verify that the target system is vulnerable to DNS rebinding as explained here https://github.com/nccgroup/singularity/wiki/Testing-for-Vulnerable-Services ?

sanktjodel avatar Sep 29 '21 02:09 sanktjodel

Thanks for the answer, you are right, the system is not vulnerable. I however, found another problem. I did some tests on a vulnerable system (my router 192.168.1.1), with ubuntu 20.04 LTS and with firefox the dns rebinding is successful (first image) while with chrome it does not work (second image).

Screenshot from 2021-10-07 15-54-34

Screenshot from 2021-10-07 15-58-38

With windows 10 it doesn't work neither on firefox nor on chrome. I have tried other vulnerable systems like a simple web server in localhost but the result is the same. Dns rebinding attack only works with ubuntu + firefox. I don't understand why this behavior, the attacked system is the same!

peace27-96 avatar Oct 07 '21 14:10 peace27-96

Thank you for the update. We believe this is the cause of a recent new feature in the Chrome browser described at https://developer.chrome.com/blog/private-network-access-update/. For now it looks like rebinding to a private IP address in Chrome does no longer work. We may explore this in the future.

sanktjodel avatar Oct 12 '21 01:10 sanktjodel

Thank you very much for the answers and congratulations on the tool again.

peace27-96 avatar Oct 17 '21 14:10 peace27-96

Thank you for the update. We believe this is the cause of a recent new feature in the Chrome browser described at https://developer.chrome.com/blog/private-network-access-update/. For now it looks like rebinding to a private IP address in Chrome does no longer work. We may explore this in the future.

@sanktjodel i think you may want to take a look on these two then https://github.com/nccgroup/singularity/issues/36 https://github.com/nccgroup/singularity/issues/35

also adding an option for auto grabbing the public IP for using in the manager in case of chrome detected would be useful , till you happen to figure a fix.

Thanks ;)

minanagehsalalma avatar Nov 24 '21 01:11 minanagehsalalma

Thanks , we await updates on the possible resolution, currently only Chrome is blocking it but in some cases it works

web3res avatar Jan 18 '23 08:01 web3res

We have documented this issue in our new blog post at https://research.nccgroup.com/2023/04/27/state-of-dns-rebinding-in-2023/ explaining Local Network Access, a new draft W3C specification, implemented in Chrome. The blog post includes two ways to bypass these restrictions with restricted scope.

We have also documented the error here: https://github.com/nccgroup/singularity/wiki/Common-Issues

Thanks for bringing up the matter. Closing this issue.

sanktjodel avatar May 03 '23 22:05 sanktjodel