State of DNS Rebinding - Attack & Prevention Techniques and the Singularity of Origin

Conference:  Defcon 27



Singularity is a tool for automating web application security testing and exploitation
  • Singularity can be used to scan for vulnerable hosts and services
  • Singularity provides a sample attack HTML file automation file that is fully customizable
  • Singularity uses a WebSocket connection to hook victim browsers and perform service detection and auto exploitation
  • Singularity encountered challenges with cookies and HTTP authentication, but found workarounds
Singularity was used to hook a victim browser running a Jenkins instance and allow the attacker to browse the victim's credentials endpoint. Singularity was also used to scan for vulnerable hosts and services and automate web application security testing and exploitation.


Do you want to know how you can exploit DNS rebinding 10x faster, bypass prevention mechanisms, interactively browse the victim's internal network, and automate the whole process during your next red team exercise? This talk will teach you how and give you an easy-to-use tool to do it. First, we will cover in detail the subtleties that make DNS rebinding attacks more effective in practice, including techniques and operational conditions that make it faster and more reliable. We'll also explain how to bypass commonly recommended security controls, dispelling attack and defense misconceptions that have been disseminated in blogs and social media posts. This talk will include a number of demos using Singularity, our open source DNS rebinding attack framework that includes all the parts you need to get started pwning today, including: