Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attack has been blocked by CORS policy #44

Closed
peace27-96 opened this issue Sep 25, 2021 · 7 comments
Closed

Attack has been blocked by CORS policy #44

peace27-96 opened this issue Sep 25, 2021 · 7 comments

Comments

@peace27-96
Copy link

Hi @gdncc and congratulations on the tool you made. I am trying to perform the attack on my home router and I cannot understand why it is giving me this error.

Screenshot from 2021-09-25 18-00-32

I tried another router on a different line and the attack was successful.

Could you help me understand why it doesn't work on this router? or what caused the error.

Sorry for my English.
@sanktjodel
Copy link
Collaborator

From the screenshot, it looks like the DNS rebinding did not succeed. Did you try to manually verify that the target system is vulnerable to DNS rebinding as explained here https://github.com/nccgroup/singularity/wiki/Testing-for-Vulnerable-Services ?

@peace27-96
Copy link
Author

Thanks for the answer, you are right, the system is not vulnerable.
I however, found another problem.
I did some tests on a vulnerable system (my router 192.168.1.1), with ubuntu 20.04 LTS and with firefox the dns rebinding is successful (first image) while with chrome it does not work (second image).

Screenshot from 2021-10-07 15-54-34

Screenshot from 2021-10-07 15-58-38

With windows 10 it doesn't work neither on firefox nor on chrome.
I have tried other vulnerable systems like a simple web server in localhost but the result is the same. Dns rebinding attack only works with ubuntu + firefox.
I don't understand why this behavior, the attacked system is the same!

@sanktjodel
Copy link
Collaborator

Thank you for the update. We believe this is the cause of a recent new feature in the Chrome browser described at https://developer.chrome.com/blog/private-network-access-update/. For now it looks like rebinding to a private IP address in Chrome does no longer work. We may explore this in the future.

@peace27-96
Copy link
Author

Thank you very much for the answers and congratulations on the tool again.

@minanagehsalalma
Copy link

Thank you for the update. We believe this is the cause of a recent new feature in the Chrome browser described at https://developer.chrome.com/blog/private-network-access-update/. For now it looks like rebinding to a private IP address in Chrome does no longer work. We may explore this in the future.

@sanktjodel i think you may want to take a look on these two then
#36
#35

also adding an option for auto grabbing the public IP for using in the manager in case of chrome detected would be useful , till you happen to figure a fix.

Thanks ;)

@web3res
Copy link

web3res commented Jan 18, 2023

Thanks , we await updates on the possible resolution, currently only Chrome is blocking it but in some cases it works

@sanktjodel
Copy link
Collaborator

We have documented this issue in our new blog post at https://research.nccgroup.com/2023/04/27/state-of-dns-rebinding-in-2023/ explaining Local Network Access, a new draft W3C specification, implemented in Chrome. The blog post includes two ways to bypass these restrictions with restricted scope.

We have also documented the error here: https://github.com/nccgroup/singularity/wiki/Common-Issues

Thanks for bringing up the matter. Closing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@minanagehsalalma @peace27-96 @sanktjodel @web3res