https://github.com/elceef/pyrebind
Tiny DNS rebinding service
https://github.com/elceef/pyrebind
Last synced: 12 months ago
JSON representation
Tiny DNS rebinding service
- Host: GitHub
- URL: https://github.com/elceef/pyrebind
- Owner: elceef
- Created: 2018-01-28T17:35:12.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2019-03-09T19:46:54.000Z (over 7 years ago)
- Last Synced: 2025-04-08T12:02:15.323Z (about 1 year ago)
- Language: Python
- Size: 1.95 KB
- Stars: 6
- Watchers: 2
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
pyrebind
========
pyrebind is a very simple DNS server written in Python for testing software against DNS rebinding vulnerabilities. The server responds to queries by randomly selecting one of the IP addresses specified in the requested domain name and returning it as the answer with the lowest possible TTL=1.
https://en.wikipedia.org/wiki/DNS_rebinding
For example, to switch between `127.0.0.1` and `10.10.10.10` you would need to encode them like this:
```
127-0-0-1.10-10-10-10.any.domain
```
Here is how it looks in action:
```
$ host 127-0-0-1.10-10-10-10.any.domain
127-0-0-1.10-10-10-10.any.domain has address 127.0.0.1
$ host 127-0-0-1.10-10-10-10.any.domain
127-0-0-1.10-10-10-10.any.domain has address 127.0.0.1
$ host 127-0-0-1.10-10-10-10.any.domain
127-0-0-1.10-10-10-10.any.domain has address 127.0.0.1
$ host 127-0-0-1.10-10-10-10.any.domain
127-0-0-1.10-10-10-10.any.domain has address 10.10.10.10
$ host 127-0-0-1.10-10-10-10.any.domain
127-0-0-1.10-10-10-10.any.domain has address 10.10.10.10
$ host 127-0-0-1.10-10-10-10.any.domain
127-0-0-1.10-10-10-10.any.domain has address 127.0.0.1
$ host 127-0-0-1.10-10-10-10.any.domain
127-0-0-1.10-10-10-10.any.domain has address 127.0.0.1
$ host 127-0-0-1.10-10-10-10.any.domain
127-0-0-1.10-10-10-10.any.domain has address 10.10.10.10
$ host 127-0-0-1.10-10-10-10.any.domain
127-0-0-1.10-10-10-10.any.domain has address 10.10.10.10
```
Constraints
-----------
This implementation aims to be as simple as possible and therefore it supports only standard `IN A` queries - other are simply ignored. Also keep in mind it requires high privileges to bind port 53/udp and lacks proper error handling. With that said, it is highly recommended to not use it for anything important.