NCC Group raises awareness of age old bug with new prevention kit

A new open source tool designed to make DNS rebinding attacks easier has been released.

The kit, dubbed ‘singularity of origin’, was launched last week by a team from NCC Group.

It simplifies the process of performing a DNS rebinding attack, where an attacker is able to takeover a victim's browser and break the single origin policy. This effectively allows an attacker to mask as the victim's IP address and potentially abuse their privileges to access sensitive information.

The tool was created with pentesters in mind, and to increase awareness for developers and security teams on how to prevent DNS rebinding, the tool’s creators said.

NCC Group’s Gerald Doussot and Roger Meyer, who wrote the tool, told The Daily Swig: “Many developers think it's safe to write software that has debug services listening only locally, but we've had several engagements where we were able to remotely compromise applications using DNS rebinding.

“As these attacks aren't well known and can be difficult to implement using existing tools, we built Singularity to spread awareness of this vulnerability and to help security professionals as well as developers assess and secure their applications.”

Singularity contains a custom DNS server and several sample attack payloads, that could lead to remote code execution.

The authors continued: “Existing tools for launching DNS attacks rely on complex setup procedures or out-of-date libraries and are mostly abandoned. Our tool is easy to setup, comes with good documentation and payloads for vulnerable programs.

“This gives penetration testers the ability to automate the grunt work of exploiting DNS rebinding attacks; thus allowing them to focus on other/less common vulnerabilities and to increase the depth and breadth of security testing within the time constraints of a project.”

Some companies have stepped up in the fight against DNS attacks as of late – take, for example, the new private DNS mode available on Android 9 Pie.

But the authors warned that even security measures such as filtering solutions were open to be exploited using the tool.

They told The Daily Swig: “Specifically, IPS/DNS filtering solutions are often recommended to address DNS rebinding attacks but we found a way to bypass at least one filtering solution available for us to test using Singularity.

“We hope that Singularity and its supporting documentation increase awareness among developers and security teams on how to prevent DNS rebinding vulnerabilities.”


RELATED Web caching may be the backdoor in your site