With DNS rebinding, you can still only send HTTP requests\* to the target. With ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tprynn on Nov 1, 2020 | parent | context | favorite | on: NAT Slipstreaming

With DNS rebinding, you can still only send HTTP requests* to the target. With this attack, you have a direct, raw TCP/UDP socket.

(*) I'm simplifying, what I mean is that DNS rebinding still limits you to only what you can do in the browser, which is effectively HTTP. Most non-HTTP services will generally just close your socket once they see you send an HTTP request.

cjbprime on Nov 1, 2020 [–]

Thanks. So the most likely scenario where it's worth the extra effort here would be to contact a non-HTTP TCP service on the victim's machine.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact